["Followup-To:" header set to comp.os.linux.security.]
On Fri, 01 Dec 2006 13:33:23 -0600, Jem Berkes wrote:
> The project I'm writing about (www.wpbl.info) is totally non commercial. It
> has now been operating for 3 years, already with the help of some of you!
>
> WPBL is a real time list of IP addresses that are currently sending us spam
> (a lot like the CBL project). The list is dynamic and hosts around the
> world ranging from small servers to very major ISPs want to query our
> database. The challenge is serving this list with limited resources

Are you sure you want to get into this business? How will
your list improve upon those many lists already available
through the spam-check function at www.dnsstuff.com?

--
To email me, substitute nowhere->spamcop, invalid->net.

>> The project I'm writing about (www.wpbl.info) is totally non
>> commercial. It has now been operating for 3 years, already with the
>> help of some of you!
>>
>> WPBL is a real time list of IP addresses that are currently sending
>> us spam (a lot like the CBL project). The list is dynamic and hosts
>> around the world ranging from small servers to very major ISPs want
>> to query our database. The challenge is serving this list with
>> limited resources
>
> Are you sure you want to get into this business? How will
> your list improve upon those many lists already available
> through the spam-check function at www.dnsstuff.com?

First of all, it isn't a business.

Second, WPBL has been on the dnsstuff.com list for years now.

If you don't need to use it, don't.

>Are you sure you want to get into this business? How will
>your list improve upon those many lists already available
>through the spam-check function at www.dnsstuff.com?

There are several reasons why it's good to have new block
lists on the net.

Redundancy is good. Diversity is good too.

It's an alternate view. A small list might notice a bad
guy before the big lists get hit. Or maybe if the spammer
is trying to fly under the radar, they will get noticed by
one of the small lists when they don't hit any of the spamtraps
run by the big lists because the spammer is good at listwashing.

--
These are my opinions, not necessarily my employer's. I hate spam.

On comp.mail.misc, in
, "Jem Berkes"
wrote:

Another blacklisting of IPs project.

> The project I'm writing about (www.wpbl.info) is totally non
> commercial. It has now been operating for 3 years, already with
> the help of some of you!
>
> WPBL is a real time list of IP addresses that are currently
> sending us spam (a lot like the CBL project). The list is
> dynamic and hosts around the world ranging from small servers
> to very major ISPs want to query our database. The challenge is
> serving this list with limited resources

So some spammer finds a way to use someone's server/computer and
they get blocklisted and suddenly they and maybe their clients
won't be able to send mail to anyone.

Or the IP addresses on the spam may be _forged_.

This is a lazy, crude, and unfair approach to fighting spam.

It assumes that everyone who is sending or relaying spam is doing
it willfully.

Even if you notified the server/computer that the spam was coming
from or being relayed through, (and I saw no mention of this in
your article) and they fixed the problem in a jiff, there is no
guarantee that everyone would update their blocklist in a timely
fashion, if ever. And that IP-domain would have its reputation
tarnished.

The ISPs facilitate spam. There's no doubt about that. And you
can't beat them at their own game. They control the nameservers
in most ways and the gateways and routers and mailservers, either
directly or by setting policy.

The only solution is for the individual to say no to spam and
use a version of Challenge-Response system.

http://home.earthlink.net/~alanconnor/cr.html

But most people don't really want to get rid of spam. They just
_say_ they do. They think they are going to get lucky. They read
spam and enough of them go to the websites in the spam and enough
of them buy stuff to make it profitable.

And spammers are good customers for the ISPs. They buy a lot
of accounts. And the companies they are spamming for buy a lot
of accounts.

I repeat: You either take care of the problem yourself or you
won't ever get rid of spam.

No solution like this will work. No traditional spam filter
will work. The ISPs aren't going to fix it.

I don't get any spam. And no stinking troll can send mail to me.

Anyone who whines about having to take a couple of simple steps
once in a lifetime to contact me is a punk that I don't want to
know.

Alan

--
http://home.earthlink.net/~alanconnor

Thanks for your kookfart, Beavis.

--

Info about "Alan Connor"

Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
http://tinyurl.com/23r3f

A couple of years ago he was kidnapped and raped by Xena,
the Warrior Princess: http://tinyurl.com/2gjcy

Beavis believes that the MSBlast virus of yesteryear was explicitly
targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
Beavis's life in a UFO cult: http://tinyurl.com/24jqm
Beavis knows all about network security: http://tinyurl.com/5qqb6
And he's also a search engine expert: http://tinyurl.com/9pjnt


<1164724734.389844@nnrp2.phx1.gblx.net>
"But if you must know, Alans' name is Bruce Burhans, and he lives in
Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
**Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

Bruce has some serious mental problems and spends a lot of time as an
in-patient at the big mental hospital in Bellingham, when he's not
hospitalized, he posts to usenet. In every group he posts to he comes off as
some sort of expert in the subject at hand, and when anyone disagrees (and
they will, he sees to that) he starts in on his trollery.

Again, Bruce is a true Professional Usenet Troll. It is his entertainment
and it's what he lives for."


http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
http://www.pearlgates.net/nanae/kooks/ac/
http://linuxmafia.com/faq/Mail/challenge-response.html
http://www.spamcop.net/fom-serve/cache/329.html#CR
http://www.gatago.com/authors_pgs/13650.html
http://blog.bananasplit.info/?p=84
http://tinyurl.com/ifrt
http://tinyurl.com/3h6a5
http://tinyurl.com/ys6z4

Also in the headers for alan to read.

On comp.mail.misc, in ,
"Alan Connor" wrote:

> On comp.mail.misc, in
>, "Jem Berkes"
>wrote:
>
> Another blacklisting of IPs project.
>
>> The project I'm writing about (www.wpbl.info) is totally non
>> commercial. It has now been operating for 3 years, already
>> with the help of some of you!

One of the biggest faults of projects like this is that the
spammers can access the blocklist as easily as anyone else.

Oh. That one is blocklisted so I'll use another one. Let's
see, I have millions to choose from....

Alan

--
http://home.earthlink.net/~alanconnor/cr.html

Thanks for your kookfart, Beavis.

--

Info about "Alan Connor"

Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
http://tinyurl.com/23r3f

A couple of years ago he was kidnapped and raped by Xena,
the Warrior Princess: http://tinyurl.com/2gjcy

Beavis believes that the MSBlast virus of yesteryear was explicitly
targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
Beavis's life in a UFO cult: http://tinyurl.com/24jqm
Beavis knows all about network security: http://tinyurl.com/5qqb6
And he's also a search engine expert: http://tinyurl.com/9pjnt


<1164724734.389844@nnrp2.phx1.gblx.net>
"But if you must know, Alans' name is Bruce Burhans, and he lives in
Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
**Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

Bruce has some serious mental problems and spends a lot of time as an
in-patient at the big mental hospital in Bellingham, when he's not
hospitalized, he posts to usenet. In every group he posts to he comes off as
some sort of expert in the subject at hand, and when anyone disagrees (and
they will, he sees to that) he starts in on his trollery.

Again, Bruce is a true Professional Usenet Troll. It is his entertainment
and it's what he lives for."


http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
http://www.pearlgates.net/nanae/kooks/ac/
http://linuxmafia.com/faq/Mail/challenge-response.html
http://www.spamcop.net/fom-serve/cache/329.html#CR
http://www.gatago.com/authors_pgs/13650.html
http://blog.bananasplit.info/?p=84
http://tinyurl.com/ifrt
http://tinyurl.com/3h6a5
http://tinyurl.com/ys6z4

Also in the headers for alan to read.

> So some spammer finds a way to use someone's server/computer and
> they get blocklisted and suddenly they and maybe their clients
> won't be able to send mail to anyone.

If individual IP addresses are blocked, the collateral is very minimal.
If a PC is compromised (virus, zombie, etc.) it is a source of internet
wide abuse and there are many admins who would legitimately block it.

The one situation I am unhappy about is when some bad apples relay mail
through the ISP's server and it looks like the ISP's mail server is a
spam source. I try very hard to fix that problem, but it's a downside.

> Or the IP addresses on the spam may be _forged_.

No, not on modern TCP stacks (which thwart sequence attacks). SMTP
requires a two way conversation so if the data is flowing back to the
other IP, it is not forged. If the IP was fake then the two way
conversation is impossible. When you receive a TCP connection from an IP
address, that is the real IP address you are talking with ... and those
are the IPs we use. The crap in the headers is often added to confuse,
though the real IP address is in there too if you look in the right spot.

> It assumes that everyone who is sending or relaying spam is doing
> it willfully.

If your PC is compromised by a virus, relaying spam, or severely
misconfigured and flooding networks, your host is responsible for abuse
and your host will be seen unfavourably by others. What is unfair about
this? A community frowns upon a member (host) acting irresponsibly.

> Even if you notified the server/computer that the spam was coming
> from or being relayed through, (and I saw no mention of this in
> your article) and they fixed the problem in a jiff, there is no
> guarantee that everyone would update their blocklist in a timely
> fashion, if ever. And that IP-domain would have its reputation
> tarnished.

Alan, I don't think you're a bad guy by any means. But I am not running
after the hundreds of thousands of hosts who spam me daily, asking them
politely to fix their problems. They may be malicious, they may be not, I
really DO NOT CARE. Most of the IP addresses that spam me are bots,
zombies, running custom spamming/flooding software. They operate in
distributed networks, remote controlled, on stolen resources.

I am just listing the IP addresses which send me and my members spam,
nothing more, nothing less.

I am not telling anyone to block those IPs. I'm not claiming these are
bad people. I am not making a statement about their business practices or
motivations, or religion. All I am saying is: THIS IP SENT ME SPAM.

--
Jem Berkes
www.sysdesign.ca

On comp.mail.misc, in
, "Jem Berkes"
wrote:

>> So some spammer finds a way to use someone's server/computer
>> and they get blocklisted and suddenly they and maybe their
>> clients won't be able to send mail to anyone.
>
> If individual IP addresses are blocked, the collateral is very
> minimal. If a PC is compromised (virus, zombie, etc.) it is
> a source of internet wide abuse and there are many admins who
> would legitimately block it.

The owner of the computer should be notified first and given
a chance to fix the problem.

> The one situation I am unhappy about is when some bad apples
> relay mail through the ISP's server and it looks like the ISP's
> mail server is a spam source. I try very hard to fix that
> problem, but it's a downside.

Indeed.

>
>> Or the IP addresses on the spam may be _forged_.
>
> No, not on modern TCP stacks (which thwart sequence
> attacks). SMTP requires a two way conversation so if the data
> is flowing back to the other IP, it is not forged.

> If the IP was fake then the two way conversation is
> impossible. When you receive a TCP connection from an IP
> address, that is the real IP address you are talking with ...
> and those are the IPs we use. The crap in the headers is often
> added to confuse, though the real IP address is in there too if
> you look in the right spot.

There could be a proxy between the two, re-writing the
IP to make it look as if it came from the proxy. It would
only be forwarding in two directions.

>> It assumes that everyone who is sending or relaying spam is
>> doing it willfully.
>
> If your PC is compromised by a virus, relaying spam, or
> severely misconfigured and flooding networks, your host is
> responsible for abuse and your host will be seen unfavourably
> by others. What is unfair about this? A community frowns upon a
> member (host) acting irresponsibly.

Sure. But again, that person should be notified before
blocklisting.

>> Even if you notified the server/computer that the spam was
>> coming from or being relayed through, (and I saw no mention
>> of this in your article) and they fixed the problem in a
>> jiff, there is no guarantee that everyone would update their
>> blocklist in a timely fashion, if ever. And that IP-domain
>> would have its reputation tarnished.
>
> Alan, I don't think you're a bad guy by any means.

Thanks for that, Jem.

> But I am not running after the hundreds of thousands of
> hosts who spam me daily, asking them politely to fix their
> problems.

That many?!

Holy _____!!

> They may be malicious, they may be not, I really
> DO NOT CARE. Most of the IP addresses that spam me are bots,
> zombies, running custom spamming/flooding software. They
> operate in distributed networks, remote controlled, on stolen
> resources.

That's my understanding. I don't bother trying track them down
myself, actually. If it's spam it gets dumped.

I've done the basic host and whois checks on a couple of spams
and sent complaints to the domains and received no responses.

> I am just listing the IP addresses which send me and my members
> spam, nothing more, nothing less.

So it would be a very good idea for _everyone_ to check the
blocklists for their own IP on a regular basis?

> I am not telling anyone to block those IPs. I'm not claiming
> these are bad people. I am not making a statement about their
> business practices or motivations, or religion. All I am saying
> is: THIS IP SENT ME SPAM.

Okay. Thanks for the clarification.

At least you are trying.

I'll do it my way. I am actually even harder in this regard
than you are. Though I don't block by IP/FQDN.

http://home.earthlink.net/~alanconnor/cr.html

---------------------------------------------------------

Now you could do me a big favor and explain how it is that
spam can arrive in my box without my address in any of the
addressing headers. I have been _told_ that there isn't a
long list of addresses in the Bcc header.


Alan

Thanks for your kookfart, Beavis.

--

Info about "Alan Connor"

Alan "The Usenet Beavis" Connor is a good friend of Bigfoot:
http://tinyurl.com/23r3f

A couple of years ago he was kidnapped and raped by Xena,
the Warrior Princess: http://tinyurl.com/2gjcy

Beavis believes that the MSBlast virus of yesteryear was explicitly
targeting him, for some inexplicable reason: http://tinyurl.com/ifrt

Beavis belongs to a UFO cult: http://tinyurl.com/2hhdx
Beavis's life in a UFO cult: http://tinyurl.com/24jqm
Beavis knows all about network security: http://tinyurl.com/5qqb6
And he's also a search engine expert: http://tinyurl.com/9pjnt


<1164724734.389844@nnrp2.phx1.gblx.net>
"But if you must know, Alans' name is Bruce Burhans, and he lives in
Bellingham WA. To his hippie friends he calls himself "Tom Littlefoot"
**Google Tom Littlefoot, Bruce Burhans and "Wildwood"**.

Bruce has some serious mental problems and spends a lot of time as an
in-patient at the big mental hospital in Bellingham, when he's not
hospitalized, he posts to usenet. In every group he posts to he comes off as
some sort of expert in the subject at hand, and when anyone disagrees (and
they will, he sees to that) he starts in on his trollery.

Again, Bruce is a true Professional Usenet Troll. It is his entertainment
and it's what he lives for."


http://www.pearlgates.net/nanae/kooks/ac/fga.shtml
http://groups.google.com/groups/prof...-MEqh3HQ&hl=en
http://www.pearlgates.net/nanae/kooks/ac/
http://linuxmafia.com/faq/Mail/challenge-response.html
http://www.spamcop.net/fom-serve/cache/329.html#CR
http://www.gatago.com/authors_pgs/13650.html
http://blog.bananasplit.info/?p=84
http://tinyurl.com/ifrt
http://tinyurl.com/3h6a5
http://tinyurl.com/ys6z4

Also in the headers for alan to read.

Usenet Beavis writes:

> Another Beavis-slapping project.

Yup.

> So I get desperate because nobody's paying attention to me, and I
> go back to Usenet to post my kookfarts.

Indeed, that's what appears to be happening here.

Where have you been for the last two weeks, Beavis? We missed you.

> I'm just a stupid Beavis, and an unfair waste of perfectly good oxygen.

I wouldn't go that far.

> You can assume that everything I say is wrong.

That's a safe bet.

> Even if you did not know that I'm Usenet's laughing stock, and I never
> have even the slightest clue as to what I'm babbling about, it should
> become clear before long.

Right.

> The Beavis posts kookfarts. There's no doubt about that. And you
> can't beat me with sheer quantity.

It's not the quantity, Beavis, it's the quality.

> One of the way to keeps smacking my bitch up, and make me go cuckoo
> is to post a link to the Beavis FAQ
>
> http://www.pearlgates.net/nanae/kooks/ac/

Taken care of.

> But most people already know that I'm a first-class kookbag.

Yes, they do.

> I repeat: You must always point your fingers at me, and laugh.

Good advice.

> I don't have any brains. And everyone laughs at me.

Right.

> Anyone who tries to have an intelligent conversation with me
> always lives to regret it.

Hi, Beavis.

> Beavis
>
> --
> http://tinyurl.com/23r3f


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFcZk9x9p3GYHlUOIRAsgpAJ9XWS9FedDVNFy+biv+wI d6jN7QXgCfR14m
p1Czf0n9vyuhYkGFN73+lzY=
=Ydrd
-----END PGP SIGNATURE-----

Usenet Beavis writes:

> On comp.mail.misc, in ,
> "Usenet Beavis" wrote:

Beavis, you'll go blind if you keep doing this.

> One of the biggest reasons why I'm Usenet's laughing stock is
> because I was dropped on my head, as a child.

You poor thing.

> Oh, and please continue smacking me upside the head, all the time.
> It really works.

I know.

> Beavis
>
> --
> http://tinyurl.com/23r3f


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFcZlXx9p3GYHlUOIRAmD8AJ9Undcs2EsN/pe1THnyhUsQ0JgvbQCeL8pG
TMUVUB2C0qNq6n9e56NurI0=
=UQSs
-----END PGP SIGNATURE-----

Usenet Beavis writes:

> Please ignore everything I post on this topic. I'm just a Beavis, and
> I'm only pretending that I know what I'm talking about.

Yes, you do.

>> If the IP was fake then the two way conversation is
>> impossible. When you receive a TCP connection from an IP
>> address, that is the real IP address you are talking with ...
>> and those are the IPs we use. The crap in the headers is often
>> added to confuse, though the real IP address is in there too if
>> you look in the right spot.
>
> There could be a proxy between the two, re-writing the
> IP to make it look as if it came from the proxy. Not that I really
> understand what a proxy is. Mentioning something about a proxy makes
> me look smart, which I'm not.

Right.

>> If your PC is compromised by a virus, relaying spam, or
>> severely misconfigured and flooding networks, your host is
>> responsible for abuse and your host will be seen unfavourably
>> by others. What is unfair about this? A community frowns upon a
>> member (host) acting irresponsibly.
>
> Sure. But again, that person should be notified before
> blocklisting. That's what Bigfoot told me is the right thing to do.

Speaking of ol' Sasquatch, what has he been up to, lately?

>> Alan, I don't think you're a bad guy by any means.
>
> Thanks for that, Jem. I'm not a bad guy, I'm just stupid.

It's not your fault, Beavis. Blame the society.

>> They may be malicious, they may be not, I really
>> DO NOT CARE. Most of the IP addresses that spam me are bots,
>> zombies, running custom spamming/flooding software. They
>> operate in distributed networks, remote controlled, on stolen
>> resources.
>
> That's my understanding. Of course, keep in mind that whatever
> my understanding is, on any technical subject, the correct
> answer always lies 180 degrees to the opposite.

That's a very good rule of thumb to follow.

> I've done the basic host and whois checks on a couple of spams
> and sent complaints to the domains and received no responses.

That's because you don't know what you were doing. You still can't figure
out Earthlink's wildcard DNS entry.

> So it would be a very good idea for _everyone_ to smack me
> upside the head on a regular basis?

Yup.

> Okay. Thanks for the clarification.
>
> At least you are trying to help a Beavis.

It's a thankless task. No way I'd do it.

> I'll do it my way. Because I'm a kookbag, that's why.
>
> http://www.pearlgates.net/nanae/kooks/ac/

We know.

> Now you could do me a big favor and explain how it is that
> spam can arrive in my box without my address in any of the
> addressing headers. I have been _told_ that there isn't a
> long list of addresses in the Bcc header.

Beavis, the E-mail expert.

> Beavis



-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQBFcZlkx9p3GYHlUOIRAo4TAJoD0KNhYPHNCP1DMkREyP YxcjNhqACfZUFP
K+yBeZAvN71Gnz4QrAtwevg=
=BwXQ
-----END PGP SIGNATURE-----

On Sat, 2 Dec 2006, Jem Berkes wrote:

JB>
JB> The one situation I am unhappy about is when some bad apples relay mail
JB> through the ISP's server and it looks like the ISP's mail server is a
JB> spam source. I try very hard to fix that problem, but it's a downside.
JB>

I used to use a mail forwarder. This works by, for instance, mail to
sardines@purse-seine.net being forwarded to my mail box at big mail
provider such as hotmail.

So the mail forwarder is forwarding everything, just as their customers
have requested. Including spam. Just as their customers have requested.
So what happens? The mail forwarders ip addresses are blacklisted as
sources of spam by the inept, big mailbox providers.

Please make sure you know what you are doing otherwise you become part of
the problem rather than the solution.

--
Alan

( If replying by mail, please note that all "sardines" are canned.
There is also a password autoresponder but, unless this a very
old message, a "tuna" will swim right through. )

> I used to use a mail forwarder. This works by, for instance, mail to
> sardines@purse-seine.net being forwarded to my mail box at big mail
> provider such as hotmail.
>
> So the mail forwarder is forwarding everything, just as their
> customers have requested. Including spam. Just as their customers
> have requested. So what happens? The mail forwarders ip addresses are
> blacklisted as sources of spam by the inept, big mailbox providers.
>
> Please make sure you know what you are doing otherwise you become part
> of the problem rather than the solution.

I understand what you are saying. One of the services that taught me this
lesson was the bigfoot.com forwarder. Now I'm always on the lookout for an
IP address that appears to be the 'source' of many sightings.

--
Jem Berkes
www.sysdesign.ca

On Sat, 02 Dec 2006 08:52:07 GMT, Alan Connor
wrote:

>On comp.mail.misc, in
>, "Jem Berkes"
>wrote:
>
>>> So some spammer finds a way to use someone's server/computer
>>> and they get blocklisted and suddenly they and maybe their
>>> clients won't be able to send mail to anyone.
>>
>> If individual IP addresses are blocked, the collateral is very
>> minimal. If a PC is compromised (virus, zombie, etc.) it is
>> a source of internet wide abuse and there are many admins who
>> would legitimately block it.
>
>The owner of the computer should be notified first and given
>a chance to fix the problem.

How would you do that?

>> The one situation I am unhappy about is when some bad apples
>> relay mail through the ISP's server and it looks like the ISP's
>> mail server is a spam source. I try very hard to fix that
>> problem, but it's a downside.
>
>Indeed.
>
>>
>>> Or the IP addresses on the spam may be _forged_.
>>
>> No, not on modern TCP stacks (which thwart sequence
>> attacks). SMTP requires a two way conversation so if the data
>> is flowing back to the other IP, it is not forged.
>
>> If the IP was fake then the two way conversation is
>> impossible. When you receive a TCP connection from an IP
>> address, that is the real IP address you are talking with ...
>> and those are the IPs we use. The crap in the headers is often
>> added to confuse, though the real IP address is in there too if
>> you look in the right spot.
>
>There could be a proxy between the two, re-writing the
>IP to make it look as if it came from the proxy. It would
>only be forwarding in two directions.

Only two directions? Heh. Hey, Beavis, the packets *would* be coming
from the proxy, "re-writing" makes no sense in this context.

>>> It assumes that everyone who is sending or relaying spam is
>>> doing it willfully.
>>
>> If your PC is compromised by a virus, relaying spam, or
>> severely misconfigured and flooding networks, your host is
>> responsible for abuse and your host will be seen unfavourably
>> by others. What is unfair about this? A community frowns upon a
>> member (host) acting irresponsibly.
>
>Sure. But again, that person should be notified before
>blocklisting.

Again, how would you do that? Use the Microsoft Messenger that so many
spammers like to use? There's no way for a third party to notify the
owner of a spam zombie, and there's no reason to coutinue to accept spam
from one of the millions of spam zombies prior to notifying them of their
problem even if there was a way to notify them.

>>> Even if you notified the server/computer that the spam was
>>> coming from or being relayed through, (and I saw no mention
>>> of this in your article) and they fixed the problem in a
>>> jiff, there is no guarantee that everyone would update their
>>> blocklist in a timely fashion, if ever. And that IP-domain
>>> would have its reputation tarnished.
>>
>> Alan, I don't think you're a bad guy by any means.

Alan is a crazy dingbat. He's also a "bad guy" in the sense that he's
an abusive asshole.

>Thanks for that, Jem.
>
>> But I am not running after the hundreds of thousands of
>> hosts who spam me daily, asking them politely to fix their
>> problems.
>
>That many?!
>
>Holy _____!!

Beavis, there are hundreds of thousands of new spam zombies entering
service every day.

>> They may be malicious, they may be not, I really
>> DO NOT CARE. Most of the IP addresses that spam me are bots,
>> zombies, running custom spamming/flooding software. They
>> operate in distributed networks, remote controlled, on stolen
>> resources.
>
>That's my understanding. I don't bother trying track them down
>myself, actually. If it's spam it gets dumped.
>
>I've done the basic host and whois checks on a couple of spams
>and sent complaints to the domains and received no responses.

Based on the 'net competence you've demonstrated, you probably sent
your reports to the spammers themselves.

>> I am just listing the IP addresses which send me and my members
>> spam, nothing more, nothing less.
>
>So it would be a very good idea for _everyone_ to check the
>blocklists for their own IP on a regular basis?

Yeah, you chould check your IP address. It's on many blocklists.

>> I am not telling anyone to block those IPs. I'm not claiming
>> these are bad people. I am not making a statement about their
>> business practices or motivations, or religion. All I am saying
>> is: THIS IP SENT ME SPAM.
>
>Okay. Thanks for the clarification.
>
>At least you are trying.
>
>I'll do it my way. I am actually even harder in this regard
>than you are. Though I don't block by IP/FQDN.
>
>http://home.earthlink.net/~alanconnor/cr.html
>
>---------------------------------------------------------
>
>Now you could do me a big favor and explain how it is that
>spam can arrive in my box without my address in any of the
>addressing headers. I have been _told_ that there isn't a
>long list of addresses in the Bcc header.

Ah, what a great ending to a Beavis post. After blabbing a bunch of
bull**** he admits that he doesn't even understand how email works.
That's just perfect. :-)

--
Steve Baker

On Sat, 02 Dec 2006 11:22:30 -0600, Jem Berkes wrote:

>> I used to use a mail forwarder. This works by, for instance, mail to
>> sardines@purse-seine.net being forwarded to my mail box at big mail
>> provider such as hotmail.
>>
>> So the mail forwarder is forwarding everything, just as their
>> customers have requested. Including spam. Just as their customers
>> have requested. So what happens? The mail forwarders ip addresses are
>> blacklisted as sources of spam by the inept, big mailbox providers.
>>
>> Please make sure you know what you are doing otherwise you become part
>> of the problem rather than the solution.
>
>I understand what you are saying. One of the services that taught me this
>lesson was the bigfoot.com forwarder. Now I'm always on the lookout for an
>IP address that appears to be the 'source' of many sightings.

As I understand it the bigfoot.com forwarder would also be a source of
non-spam and thus would likely not end up in the blacklist.

--
Peter Peters, senior netwerkbeheerder
Dienst Informatietechnologie, Bibliotheek en Educatie (ITBE)
Universiteit Twente, Postbus 217, 7500 AE Enschede
telefoon: 053 - 489 2301, fax: 053 - 489 2383, http://www.utwente.nl/itbe

>>I understand what you are saying. One of the services that taught me
>>this lesson was the bigfoot.com forwarder. Now I'm always on the
>>lookout for an IP address that appears to be the 'source' of many
>>sightings.
>
> As I understand it the bigfoot.com forwarder would also be a source of
> non-spam and thus would likely not end up in the blacklist.

That's right (ideally) except the address was so old, late 1990s, it became
a source of pure spam.

--
Jem Berkes
www.sysdesign.ca

["Followup-To:" header set to comp.os.linux.security.]
On 2006-12-03, Steve Baker wrote:

> On Sat, 02 Dec 2006 08:52:07 GMT, Alan Connor
> wrote:
>>
>>Now you could do me a big favor and explain how it is that
>>spam can arrive in my box without my address in any of the
>>addressing headers. I have been _told_ that there isn't a
>>long list of addresses in the Bcc header.

> Ah, what a great ending to a Beavis post. After blabbing a bunch of
> bull**** he admits that he doesn't even understand how email works.
> That's just perfect. :-)

Now, isn't Alan the guy who's been promoting the undefeatable and
perfectly effective challenge/response method fighting spam? Is this an
admission that C/R doesn't work even for him?

--

John (john@os2.dhs.org)