Many of my emails in response to those of you who have sent me pictures for
the new Rec.Aviation website have been "bouncing back".

When it became obvious that it was NOT "everyone else's" problem, I
contacted Mediacom to inquire about the service. Here is their reply --
anyone care to translate? (What the heck is MAPS and RBL, and why is
MEDIACOM the one that is "blacklisted"?):

Dear Jay,
We have found out that Domains that use the same e-mails servers as
Mediacom, but do not use the same precautions as Mediacom, have been
identified as spammers. Because of this, all other Domains that use MAPS
and RBL to check the validity of our mailserver, have us Blacklisted.

Mediacom has been assured that our mail server will be removed from these
blacklist no later then the first of the week, however it may take up to
another 10 days for all these different domains to update their list and
allow mail to be received into their domain from mchsi.com.

It is advised for all customers to have an updated anti-virus program, and
check their system for Trojans (applet progams sending/receiving
data/e-mail; unsuspecting to user), and possibly a firewall to detect this
traffic.

Also, alot of mailservers are halting all mail to see if it is spam, a
virus, or a suspicious file; thus the delivery or rejection notice could
take up to 3 days for Domains protecting their service.

Randy Jackson

Internet Support Representative
Mediacom Online
(877) 387-8087
--
Jay Honeck
Iowa City, IA
Pathfinder N56993
www.AlexisParkInn.com
"Your Aviation Destination"

In a previous article, "Jay Honeck" > said:
>When it became obvious that it was NOT "everyone else's" problem, I
>contacted Mediacom to inquire about the service. Here is their reply --
>anyone care to translate? (What the heck is MAPS and RBL, and why is
>MEDIACOM the one that is "blacklisted"?):

MAPS and RBL are "Mail Abuse Prevention System" and "Realtime Blackhole
List" respecitively. They are both systems that some ISPs use to refuse
email from sites that host spammers. Unfortunately, both sites (and every
other spam blackhole list that I've encountered) are run by megalomaniacs
who think that they are the only true spam solution. Because of this,
they are quick to list whole IP (internet address) ranges as spam sites on
very flimsy evidence, and are very slow to remove those lists if they made
a mistake (which they will never admit was a mistake). Think of them as
the Donald Rumsfelds of spam prevention.

These two lists listed a whole IP range that includes your Mediacom mail
server, probably based on one or two spam reports for spam coming from
other customers of whoever Mediacom got their IP address range from.
Eventually they will unlist the Mediacom range, but they will spin it like
they are making great progress in the war on spam and they are doing you a
great favour.

--
Paul Tomblin > http://xcski.com/blogs/pt/
UNIX was half a billion (500000000) seconds old on
Tue Nov 5 00:53:20 1985 GMT (measuring since the time(2) epoch).
-- Andy Tannenbaum

You've fallen in with Spammers.. the horror... Next thing.. you will be
sitting around hangars talking about.. GASP!! Airplanes...

Dave

Jay Honeck wrote:

> Many of my emails in response to those of you who have sent me pictures for
> the new Rec.Aviation website have been "bouncing back".
>
> When it became obvious that it was NOT "everyone else's" problem, I
> contacted Mediacom to inquire about the service. Here is their reply --
> anyone care to translate? (What the heck is MAPS and RBL, and why is
> MEDIACOM the one that is "blacklisted"?):
>
> Dear Jay,
> We have found out that Domains that use the same e-mails servers as
> Mediacom, but do not use the same precautions as Mediacom, have been
> identified as spammers. Because of this, all other Domains that use MAPS
> and RBL to check the validity of our mailserver, have us Blacklisted.
>
> Mediacom has been assured that our mail server will be removed from these
> blacklist no later then the first of the week, however it may take up to
> another 10 days for all these different domains to update their list and
> allow mail to be received into their domain from mchsi.com.
>
> It is advised for all customers to have an updated anti-virus program, and
> check their system for Trojans (applet progams sending/receiving
> data/e-mail; unsuspecting to user), and possibly a firewall to detect this
> traffic.
>
> Also, alot of mailservers are halting all mail to see if it is spam, a
> virus, or a suspicious file; thus the delivery or rejection notice could
> take up to 3 days for Domains protecting their service.
>
> Randy Jackson
>
> Internet Support Representative
> Mediacom Online
> (877) 387-8087

MAPS=Mail Abuse Prevention System
RBL=Real-time Blackhole List

Both of these are "blacklists" that many mailservers use to try to prevent
spamming. What happens is some mailservers (probably some at mediacom were
like this) aren't correctly setup. If the server is an "open relay" server,
then it allows outside mailers to use the server to bounce spam off of.
Meaning that I could use Mediacom's servers to send out millions of spam
messages even though I'm not a mediacom subscriber.

What the blacklists are for are to identify these "open relay" servers. My
email server now watches for messages from any blacklisted server and
rejects them.

The fix is for Mediacom to correctly setup their mailserver to prevent this
and the resubmit the server for testing by the blacklist organization. Once
they re-test Mediacom's servers, they will remove them from the blacklist.

From the message, it sounds like Mediacom has reconfigured their server and
are waiting on the blacklists to drop their name. I'm not sure what the
comments regarding Antivirus software and firewalls are all about. Sounds
like a little CYA diversion.

Hope that helps. :)

Jeff


"Jay Honeck" > wrote in message
news:151Ab.236241$Dw6.824310@attbi_s02...
> Many of my emails in response to those of you who have sent me pictures
for
> the new Rec.Aviation website have been "bouncing back".
>
> When it became obvious that it was NOT "everyone else's" problem, I
> contacted Mediacom to inquire about the service. Here is their reply --
> anyone care to translate? (What the heck is MAPS and RBL, and why is
> MEDIACOM the one that is "blacklisted"?):
>
> Dear Jay,
> We have found out that Domains that use the same e-mails servers as
> Mediacom, but do not use the same precautions as Mediacom, have been
> identified as spammers. Because of this, all other Domains that use MAPS
> and RBL to check the validity of our mailserver, have us Blacklisted.
>
> Mediacom has been assured that our mail server will be removed from these
> blacklist no later then the first of the week, however it may take up to
> another 10 days for all these different domains to update their list and
> allow mail to be received into their domain from mchsi.com.
>
> It is advised for all customers to have an updated anti-virus program, and
> check their system for Trojans (applet progams sending/receiving
> data/e-mail; unsuspecting to user), and possibly a firewall to detect this
> traffic.
>
> Also, alot of mailservers are halting all mail to see if it is spam, a
> virus, or a suspicious file; thus the delivery or rejection notice could
> take up to 3 days for Domains protecting their service.
>
> Randy Jackson
>
> Internet Support Representative
> Mediacom Online
> (877) 387-8087
> --
> Jay Honeck
> Iowa City, IA
> Pathfinder N56993
> www.AlexisParkInn.com
> "Your Aviation Destination"
>
>

"Paul Tomblin" > wrote in message
...
> Think of them as
> the Donald Rumsfelds of spam prevention.

Good line. Ashcroft may have been better, but still, got me laughing this
morning...

Michael

Kind of like having the Post Office read your mail before you get it,
just to make sure it's really something you need to see! I'll filter my
own spam, thank you very much!

Jay Honeck wrote:
> Many of my emails in response to those of you who have sent me pictures for
> the new Rec.Aviation website have been "bouncing back".
>
> When it became obvious that it was NOT "everyone else's" problem, I
> contacted Mediacom to inquire about the service. Here is their reply --
> anyone care to translate? (What the heck is MAPS and RBL, and why is
> MEDIACOM the one that is "blacklisted"?):
>
> Dear Jay,
> We have found out that Domains that use the same e-mails servers as
> Mediacom, but do not use the same precautions as Mediacom, have been
> identified as spammers. Because of this, all other Domains that use MAPS
> and RBL to check the validity of our mailserver, have us Blacklisted.
>
> Mediacom has been assured that our mail server will be removed from these
> blacklist no later then the first of the week, however it may take up to
> another 10 days for all these different domains to update their list and
> allow mail to be received into their domain from mchsi.com.
>
> It is advised for all customers to have an updated anti-virus program, and
> check their system for Trojans (applet progams sending/receiving
> data/e-mail; unsuspecting to user), and possibly a firewall to detect this
> traffic.
>
> Also, alot of mailservers are halting all mail to see if it is spam, a
> virus, or a suspicious file; thus the delivery or rejection notice could
> take up to 3 days for Domains protecting their service.
>
> Randy Jackson
>
> Internet Support Representative
> Mediacom Online
> (877) 387-8087

>>
Because of this,
they are quick to list whole IP (internet address) ranges as spam sites on
very flimsy evidence, and are very slow to remove those lists if they made
a mistake (which they will never admit was a mistake).
<<

This has the advantage of putting pressure on the ISPs to be a bit more careful
to whom they give accounts. Skin off the customer's back is skin off the
provider's back, and it's the providers that are guilty as well as the spammers
themselves. Many providers have no spam policy, or a 'wink wink' policy.
Others farm it out to all comers. Still others are open relays (they let
others bounce off their servers because they don't keep the door locked - this
was ok in the early days of the internet, but not since the two lawyers started
their spam campaign)

Jose

--
(for Email, make the obvious changes in my address)

Jeff Franks wrote:

> MAPS=Mail Abuse Prevention System
> RBL=Real-time Blackhole List
>
> Both of these are "blacklists" that many mailservers use to try to prevent
> spamming.

Up to here, you're right.

RBL (or "DNSRBL" or some variation) has come to be the generic label for the
technology used by MAPS and many other "providers". These providers
provide databases of "problem" IP addresses.

How "problem" is defined varies from list to list. Some list open relays.
Others list those that have sent spam in the past. Others list IPs
allocated to DSL or cable users. And so on.

An ISP - or, in many cases now, individual users - can choose one or more of
these lists to use in filtering their email. They can choose to block mail
from listed addresses outright for one list, or to block mail from
addresses listed on some number of lists, or whatever. Antispam software
is becoming quite flexible.

RBLs kind of act like a "consumer reports" of email transmission. Users
choose which of these lists to trust, and how far. However, there are
plenty of other tools beyond just RBLs. A lot of antispam software
provides some combination of tools, with RBLs being just one.

Most of these tools also provide for whitelists, which means that people can
deliberately "permit" your email, even if it would otherwise be rejected.
However, these can be easily abused themselves as anyone can forge email to
appear to be from anyone else's address.

> What happens is some mailservers (probably some at mediacom
> were
> like this) aren't correctly setup. If the server is an "open relay"
> server, then it allows outside mailers to use the server to bounce spam
> off of. Meaning that I could use Mediacom's servers to send out millions
> of spam messages even though I'm not a mediacom subscriber.


This isn't quite correct. Your description of "open relay" is correct, but
MAPS lists more than just this. In fact, I'm not sure that MAPS lists open
relays at all anymore; there are other lists which do this.

MAPS is just one of many list providers. However, they're one of the most
responsive to listed ISPs. Your ISP should contact them, and - together -
they can resolve the problem. Actually, it sounds like this is in progress
already.

I am saddened that you've been adversely impacted by the tools being used to
fight spammers. I remember a much simpler time, when "open relay" was
considered the polite way to configure a mail server.

Remember that spammers exist because someone is buying. That tells us the
best way to kill them off: get people to stop buying from spammers. Until
then, though, or until some other solution kills them off, I'm afraid that
we must all live with the mess those ... people ... have made of email.

- Andrew

"Martin Hotze" > wrote in message
...
> Heck, do you put all your unanswered questions on r.a.p?
> What about Google? Just put on or more of the terms in the search field.

Heck, if Jay didn't ask these (occasional) OT questions and others wouldn't
reply, there'd be a lot of good questions and answers missing.

There's no such thing as a bad (or stupid) question, just bad answers. This
is a good forum to exchange ideas and learn...

> Heck, do you put all your unanswered questions on r.a.p?
> What about Google? Just put on or more of the terms in the search field.

Well, Martin, this problem is primarily impacting those who have chosen to
send me pictures of their aircraft, for inclusion on our Rec.Aviation photo
page, http://www.alexisparkinn.com/rec_aviation.htm . (I haven't seen YOUR
airplane yet -- what's up with that?) Since I have not been able to contact
them directly, due to this ISP insanity, I posted it here.

Thus, it seemed appropriate to announce the problem here. While I was at
it, I got a few questions answered.

(As an aside, I am SO sick of technology not working, I'm about ready to
chuck it all in the lake. EVERYTHING, from corporate phone mail, to "tech
support", to cell phones, to email, to search engines DO NOT WORK reliably
or properly, period. Now I can't send email, because some 19-year-old
computer goober set a parameter wrong at my ISP! What next?)
--
Jay Honeck
Iowa City, IA
Pathfinder N56993
www.AlexisParkInn.com
"Your Aviation Destination"

("Jay Honeck" wrote)
<snip>
> (As an aside, I am SO sick of technology not working, I'm about ready to
> chuck it all in the lake. EVERYTHING, from corporate phone mail, to "tech
> support", to cell phones, to email, to search engines DO NOT WORK reliably
> or properly, period. Now I can't send email, because some 19-year-old
> computer goober set a parameter wrong at my ISP! What next?)

I had to pull Jack Allison out of my ISP's spam filter site (Postini). His
e-mail was languishing in there for almost a week. It was pure accident that
I noticed his Intel (work) address one night, while I was deleting entire
blocks of "crud" from the quarantined message center.

("Nobody says crud anymore" - funny line from a recent cop show on TV).

We get about 300 spams per week. Those e-mails now get caught by our ISP's
spam-filter net. Like I told Jack, sometimes the tuna nets inadvertently
catch a dolphin or two.

I wonder how many other e-mails have been sent our way, only to be
"block-deleted" (by me!!) at our ISP's server?

Come to think of it Jay, you had to *Ping Montblack* a couple of months ago,
because our ISP filter blocked your address when you were trying to contact
us.

--
Montblack
http://lumma.de/mt/archives/bart.gif

On Fri, 05 Dec 2003 16:39:13 +0000, Teacherjh wrote:


> was ok in the early days of the internet, but not since the two lawyers started
> their spam campaign)

Those 2 lawyers are Canter and Siegal. They started the Usenet spam, not
email spam. That was Sandford Wallace. He went to work for Earthlink, I
don't know if he's still there.

In any event, those services do prevent spam, and I think that yes some
accidentally get blocked but it's easy to get them unblocked as well,
certainly I've never known it to take 10 days.

On Fri, 05 Dec 2003 16:14:01 +0000, rip wrote:

> Kind of like having the Post Office read your mail before you get it,
> just to make sure it's really something you need to see! I'll filter my
> own spam, thank you very much!

Do you like filtering 300 - 400 spams a day out of your maybe 100 legit emails a day
list? I don't.

I do filter my own email using software here that places email spam
into spam mailboxs, and in the last 50,000 spams only misidentified 1 email
as spam when it wasn't. That is only a 6 month time frame for me. Yes, I
keep spams until I hit 5,000 and delete them, I use it for my filter
training.

Many people have absolutely no clue as to how bad spam really truely is,
it's a HUGE drain on resources and I support any efforts to get rid of the
clogs.

Martin Hotze > writes:

> (Paul Tomblin) wrote:
>
> > Think of them as
> > the Donald Rumsfelds of spam prevention.
>
> very bad comparison ... very bad.

I have to agree with Martin. You've really insulted the spammers with
that comment.

"Jay Honeck" > writes:

> What next?

- Robotic aircraft flying around US airspace---it's YOUR
responsibility to see and avoid.

- Robotic aircraft flying around foreign airspace launching missles at
the hand of a 19-year old kid back in Florida. Who cares if he
makes a mistakes, they're all gooks anyway, right?

-Nanotechnology gone awry. Oops, shoulda tested that one a little
more thoroughly...it goes berserker inside people with <too much/not
enough> <hormones/white cells/red cells/whatever>

etc.

In article et>,
"Matthew P. Cummings" > wrote:

> Many people have absolutely no clue as to how bad spam really truely is,

and way too many of them are supposed to be running email servers.

:-(

--
Bob Noel

In a previous article, "Matthew P. Cummings" > said:
>Many people have absolutely no clue as to how bad spam really truely is,

I get 2,000 spams a day (and rising rapidly), not counting the Microsoft
executables that are deleted before the spam filter sees them.


--
Paul Tomblin > http://xcski.com/blogs/pt/
Disclaimer: "These opinions are my own, though for a small fee they can be
yours too."

>>
Those 2 lawyers are Canter and Siegal. They started the Usenet spam, not
email spam. That was Sandford Wallace.
<<

The cat was out of the bag. Spam works. It was only a matter of time. The
lawyers get the blame.

Jose

--
(for Email, make the obvious changes in my address)

> (As an aside, I am SO sick of technology not working, I'm about ready to
> chuck it all in the lake.

That in itself would solve half of r.a.p. newsserver storage requirements ;)

In a previous article, "Jay Honeck" > said:
>> > (As an aside, I am SO sick of technology not working, I'm about ready to
>> > chuck it all in the lake.
>> That in itself would solve half of r.a.p. newsserver storage requirements
>;)
>
>Luckily, storage capacity growth continues to outstrip demand! :-)

One could say, so does your posting. :-)


--
Paul Tomblin > http://xcski.com/blogs/pt/
"Oh my G'Quan, they killed Koshi!" - Citizen G'kyle, Babylon Park

> > (As an aside, I am SO sick of technology not working, I'm about ready to
> > chuck it all in the lake.
>
> That in itself would solve half of r.a.p. newsserver storage requirements
;)

Luckily, storage capacity growth continues to outstrip demand! :-)
--
Jay Honeck
Iowa City, IA
Pathfinder N56993
www.AlexisParkInn.com
"Your Aviation Destination"

"Andrew Gideon" > wrote in message
online.com...
> Remember that spammers exist because someone is buying. That tells us the
> best way to kill them off: get people to stop buying from spammers.

Unfortunately, since there's practically no scaling cost associated with
sending bulk email, you'd have to eliminate EVERY single spam response to
get rid of it. When their response rate goes down, they just send more
email.

The social solution is a key element, to be sure. But there's always some
sucker out there willing to respond to spam. Stiff laws against the kind of
tactics spammers use are needed, they need to be enforced, and they need to
be passed everywhere, or at least enough places that ISPs can block email
from places known to harbor spammers while still allowing 99% of the users
to receive all of their email from all of their associates.

It's not advertising per se that's the problem. It's the fact that the bulk
of the advertising is being sent by people who don't care whether you are
likely to reply or not, who know that they would get in trouble if they were
found out, and who take steps to cover their tracks. Their anonymity
prevents them from acting responsibly in the (currently) wide-open Internet.

Of course, one day, we'll have an Internet where there's no such thing as
unauthenticated transmissions, and at that point, it will be much easier to
tackle problems like this. Until that day, I agree with you that people
need to stop replying to spam, while I disagree that doing so is the "best
way" to fight spam. Even more, we need to be aggressive about not
permitting the general behavior of spammers in the first place.

Pete

This looks way off-topic for rec.aviation.piloting. It seems more appropriate
for another heirarchy all together or at least rec.a.misc.

Out of curiosity why do you think it is topical for this group?


R. Hubbell



On Fri, 05 Dec 2003 15:01:17 GMT "Jay Honeck" > wrote:

> Many of my emails in response to those of you who have sent me pictures for
> the new Rec.Aviation website have been "bouncing back".
>
> When it became obvious that it was NOT "everyone else's" problem, I
> contacted Mediacom to inquire about the service. Here is their reply --
> anyone care to translate? (What the heck is MAPS and RBL, and why is
> MEDIACOM the one that is "blacklisted"?):
>
> Dear Jay,
> We have found out that Domains that use the same e-mails servers as
> Mediacom, but do not use the same precautions as Mediacom, have been
> identified as spammers. Because of this, all other Domains that use MAPS
> and RBL to check the validity of our mailserver, have us Blacklisted.
>
> Mediacom has been assured that our mail server will be removed from these
> blacklist no later then the first of the week, however it may take up to
> another 10 days for all these different domains to update their list and
> allow mail to be received into their domain from mchsi.com.
>
> It is advised for all customers to have an updated anti-virus program, and
> check their system for Trojans (applet progams sending/receiving
> data/e-mail; unsuspecting to user), and possibly a firewall to detect this
> traffic.
>
> Also, alot of mailservers are halting all mail to see if it is spam, a
> virus, or a suspicious file; thus the delivery or rejection notice could
> take up to 3 days for Domains protecting their service.
>
> Randy Jackson
>
> Internet Support Representative
> Mediacom Online
> (877) 387-8087
> --
> Jay Honeck
> Iowa City, IA
> Pathfinder N56993
> www.AlexisParkInn.com
> "Your Aviation Destination"
>
>

On Fri, 05 Dec 2003 21:19:51 GMT, Jay Honeck wrote:

>> Heck, do you put all your unanswered questions on r.a.p?
>> What about Google? Just put on or more of the terms in the search field.
>
>Well, Martin, this problem is primarily impacting those who have chosen to
>send me pictures of their aircraft, for inclusion on our Rec.Aviation photo


I saw your announcment on r.a.owning

>page, http://www.alexisparkinn.com/rec_aviation.htm . (I haven't seen YOUR
>airplane yet -- what's up with that?)

well, I run a small ISP, I can't afford a plane.

> Since I have not been able to contact
>them directly, due to this ISP insanity, I posted it here.
>

might be better to do it n r.a.owning - as you announced it there?

>Thus, it seemed appropriate to announce the problem here. While I was at
>it, I got a few questions answered.
>
>(As an aside, I am SO sick of technology not working, I'm about ready to
>chuck it all in the lake. EVERYTHING, from corporate phone mail, to "tech
>support", to cell phones, to email, to search engines DO NOT WORK reliably

most of the time it is: PEBKAC.

>or properly, period. Now I can't send email, because some 19-year-old
>computer goober set a parameter wrong at my ISP! What next?)

you can't get online on your hangar to download the latest anti-crash
service pack from M$-flight-security for your flight to a brunch to meet
some folks talking to you about religion. *hehe*


#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

On Fri, 5 Dec 2003 18:31:16 -0600, Montblack wrote:

>
>I wonder how many other e-mails have been sent our way, only to be
>"block-deleted" (by me!!) at our ISP's server?


set a whitelist.

#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

On Fri, 5 Dec 2003 22:26:51 -0500, John Harlow wrote:

>
>> (As an aside, I am SO sick of technology not working, I'm about ready to
>> chuck it all in the lake.
>
>That in itself would solve half of r.a.p. newsserver storage requirements ;)
>

*ROTFL*

good one.

#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

Paul Tomblin wrote:
>
> I get 2,000 spams a day (and rising rapidly), not counting the Microsoft
> executables that are deleted before the spam filter sees them.

Wow! I'm only getting about 1% of that.

George Patterson
Some people think they hear a call to the priesthood when what they really
hear is a tiny voice whispering "It's indoor work with no heavy lifting".

"Michael 182" > wrote in message
news:DG1Ab.308083$9E1.1549075@attbi_s52...
>
> "Paul Tomblin" > wrote in message
> ...
> > Think of them as
> > the Donald Rumsfelds of spam prevention.
>
> Good line. Ashcroft may have been better, but still, got me
laughing this
> morning...
>

Don't think they have to be that extreem to ensure that no sam's get
fired as passing messages.:-)
--
---
Cheers,
Jonathan Lowe.
/
don't bother me with insignificiant nonsence such as spelling,
I don't care if it spelt properly
/
Sometimes I fly and sometimes I just dream about it.
:-)



> Michael
>
>

In a previous article, "G.R. Patterson III" > said:
>Paul Tomblin wrote:
>>
>> I get 2,000 spams a day (and rising rapidly), not counting the Microsoft
>> executables that are deleted before the spam filter sees them.
>
>Wow! I'm only getting about 1% of that.

Several reasons for that:
1. I've got several domains registered in my name and email address
2. I've got my email address on a bunch of web sites
3. My email is quoted in several Usenet group's FAQs
4. I've had the same email address since 1996, and the email I had before
that is still forwarded to this one.
5. I've also got several "functional" email addresses (news@, webmaster@,
postmaster@) that are forwarded to this one.
6. I post to Usenet far more than I should. I checked recently and Google
had about 10,000 posts from me just at this email address. (do the math -
10,000 posts since 1996, that means about 1500 posts a year, or 4 a day)
7. I've posted to mailing lists that are archived on the web, further
increasing my visibility and vulnerability.

BTW: I get a ton of spam sent to an address that has ONLY been used to
register a domain, not anything else. Unfortunately it's a requirement to
give a real address for registering a domain, so I can't just drop the
whole thing.

I also put a non-existant email address in a comment field on the
http://xcski.com/ web site. It has never been a valid address, nor has it
ever been mentioned on Usenet or in email, and I see spam bouncing off of
it every day. If I knew how, I'd set up something to automatically
blacklist any sender using that address.

--
Paul Tomblin > http://xcski.com/blogs/pt/
I stayed up all night playing poker with tarot cards. I got a full
house and four people died. -- Steven Wright

On Sat, 6 Dec 2003 17:44:56 +0000 (UTC), Paul Tomblin wrote:

>I also put a non-existant email address in a comment field on the
>http://xcski.com/ web site. It has never been a valid address, nor has it
>ever been mentioned on Usenet or in email, and I see spam bouncing off of
>it every day. If I knew how, I'd set up something to automatically
>blacklist any sender using that address.


do a search on "honeypot", this might bring you in the right direction.

#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

("Martin Hotze" wrote)
> >I wonder how many other e-mails have been sent our way, only to be
> >"block-deleted" (by me!!) at our ISP's server?
>
>
> set a whitelist.

Did that - for all of the addresses and (unique) domains that I could think
of.

I still need to "manually" recover a few new *good address* that show up in
the spam-filter - from time to time. Only then can those people go into my
whitelist.

--
Montblack
http://lumma.de/mt/archives/bart.gif

On Fri, 05 Dec 2003 18:14:06 -0800, Bob Fry wrote:

> I have to agree with Martin. You've really insulted the spammers with
> that comment.

I would have to disagree with you here. A spammer is the lowest form of
life known, if it can even be called life.

They deserve to be lined up and shot without mercy. A sad thought here,
but you know if Hitler had instead picked on spammers he might have had
the worlds support and we'd be living in the Third Reiche...

I know this much, if SATAN fixed the spam problem I'd vote for him in any
office he run for, I'd campaign for him...

On 05 Dec 2003 18:21:56 -0800, Bob Fry > wrote:

> "Jay Honeck" > writes:
>
> > What next?
>
> - Robotic aircraft flying around US airspace---it's YOUR
> responsibility to see and avoid.
>
> - Robotic aircraft flying around foreign airspace launching missles at
> the hand of a 19-year old kid back in Florida. Who cares if he
> makes a mistakes, they're all gooks anyway, right?
>
> -Nanotechnology gone awry. Oops, shoulda tested that one a little
> more thoroughly...it goes berserker inside people with <too much/not
> enough> <hormones/white cells/red cells/whatever>
>
> etc.

OK. What wil it take to enact a law that makes a unmanned drone's
controlling agency automatically liable for any midair "incident" or
collateral damage ?

>>
A spammer is the lowest form of
life known, if it can even be called life.
<<

No.

The lowest form of life is the slime that foists popup ads on the web, scripts
and active-x controls that don't say what they do, and animated advertising,
especially of the Flash type. I can select a bunch of spam and delete it
pretty quickly. However, nasty (or pointless) scripts, Flash animations, and
popups are much harder to deal with. Yes, I can use popup controls (I do), and
turn scripts and animations off, but there is also good stuff that comes this
way. So, it's like having to quit Email to escape spam. Further, they take
time to load and they have to be loaded even if they are ignored.

The web abuses are far worse than Email ones.

Jose

--
(for Email, make the obvious changes in my address)

"Teacherjh" > wrote in message
...
> The web abuses are far worse than Email ones.

You are forgetting that nearly a third of spam sent today is sent from PC's
taken over by computer viruses or worms. That is, computers that never
agreed to send spam in the first place. Spammers aren't just sending email
you don't want. They are utilizing a variety of underhanded and illegal
tactics to do so.

At least with the web stuff, you can use a browser that blocks them 100%.
And it's all legal and above-board. There's no law against being ugly and
irritating.

Pete

>>
You are forgetting that nearly a third of spam sent today is sent from PC's
taken over by computer viruses or worms.
<<

That's not the same kind of spam (that is, it's not the penis elargement stuff
that comes this way). That is a side effect of criminal behavior, both on the
part of the virus writer and the software (and OS) developer who leaves the
kind of gaping security holes that make it so easy. These criminals are not
out to sell you anything, they are just vandals.

>>
At least with the web stuff, you can use a browser that blocks them 100%.
<<

Blocking it 100% precludes the use of legitimate and worthwhile animation,
popups, flash, and active-x. Anyway, for Email you can block it 100% too. You
don't get any Email at all. Same as blocking animation on the web. You don't
get any at all. But that's not the goal.

Jose

--
(for Email, make the obvious changes in my address)

"Teacherjh" > wrote in message
...
> That's not the same kind of spam (that is, it's not the penis elargement
stuff
> that comes this way).

The same kind of spam as what? If the spammers could get their email sent
out 100% on someone else's computer, they would. Even when they aren't
hijacking someone else's computer, they are violating accepted Internet
practices, and often are violating their own ISP's terms of service (though
this is more rare, since they've moved off-shore to countries that don't
give a damn).

> That is a side effect of criminal behavior, both on the
> part of the virus writer and the software (and OS) developer who leaves
the
> kind of gaping security holes that make it so easy.

"Criminal"? "Gaping"? What do you know about gaping? Security holes
exist. They will ALWAYS exist. Just as your house and your car are never
going to be 100% secure, nor will operating systems and other computer
software. Not stuff we can afford anyway. Would you call your home builder
or car manufacturer criminals simply because they didn't manage to provide
you with a 100% secure product?

> These criminals are not out to sell you anything, they are just vandals.

Wrong again. They ARE selling you something. Spam doesn't make them any
money if no one replies. Just as often, of course, the products are scams.
But they are real life scams, not some virtual spray paint on the wall.

> Blocking it 100% precludes the use of legitimate and worthwhile animation,
> popups, flash, and active-x.

There's no such thing, not unannounced and unsolicited.

> Anyway, for Email you can block it 100% too. You
> don't get any Email at all.

I can browse the web with 100% blocking and get 100% of what I want out of
is. I cannot use my email without getting at least some spam.

> Same as blocking animation on the web. You don't
> get any at all. But that's not the goal.

What goal? The question is who's worse. Spammers are, pure and simple.

Pete

On 07 Dec 2003 02:49:40 GMT, Teacherjh wrote:

>
>The web abuses are far worse than Email ones.

one way to gain better control over your machine is using a hosts file, for
example: http://accs-net.com/hosts/

this will block many advertising hosts at the IP level

martin
--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

There's no law against being ugly and irritating.

Otherwise I would be in jail.

"Jay Honeck" > wrote in
news:151Ab.236241$Dw6.824310@attbi_s02:

> When it became obvious that it was NOT "everyone else's" problem, I
> contacted Mediacom to inquire about the service. Here is their reply
> -- anyone care to translate? (What the heck is MAPS and RBL, and why
> is MEDIACOM the one that is "blacklisted"?):
> ...identified as spammers. Because of this, all other Domains that
> use MAPS and RBL to check the validity of our mailserver, have us
> Blacklisted.

Real pain, isn't it. One of our office LAN's goes out through SBC DSL
lines and has the same problem. The IP is dynamic... every week or so
someone down the road runs a backhoe through the cable, or a truck snags
the telephone lines. When it all gets hooked back up we get a new IP
address.

Dynamic IP's should never be blocked... only the next tier fixed IP (and
that with a degree of intelligence). But many of the poorer quality
black list services don't check. So... if someone has ever dialed in or
gotten the IP we are currently using and has sent spam over it, AND if
someone receiving that spam complained to the blacklisters... bingo.
That IP address is listed as a no-no.

In general we will never know it (we get no bounce mail or anything) -
until enough customers call about why we ever sent them that report we
promised or whatever. Then it's track down who their ISP is, and TRY to
find out what blacklisting service they are using, then TRY to get SBC
(who does NOT consider us a major account <G>) to send a note to the
blacklister...

Royal pain, and a cure as bad or worse than the disease.

-----------------------------------------------
James M. Knox
TriSoft ph 512-385-0316
1109-A Shady Lane fax 512-366-4331
Austin, Tx 78721
-----------------------------------------------

On Sun, 07 Dec 2003 15:31:45 -0600, James M. Knox wrote:

>Dynamic IP's should never be blocked...

other way round. see DUL

> only the next tier fixed IP (and
>that with a degree of intelligence). But many of the poorer quality
>black list services don't check. So... if someone has ever dialed in or
>gotten the IP we are currently using and has sent spam over it, AND if
>someone receiving that spam complained to the blacklisters... bingo.
>That IP address is listed as a no-no.


So you are relaying mail via a dynamic IP? You deserve to be blacklisted
(i.e.: that dynamic IPs are blacklisted).

>In general we will never know it (we get no bounce mail or anything) -
>until enough customers call about why we ever sent them that report we
>promised or whatever.

do what has to be done: relay through your ISPs MTA or get a static IP with
a correct PTR.

>Then it's track down who their ISP is, and TRY to
>find out what blacklisting service they are using, then TRY to get SBC
>(who does NOT consider us a major account <G>) to send a note to the
>blacklister...
>
>Royal pain, and a cure as bad or worse than the disease.

IBTD

#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

Martin Hotze > wrote in
:

> So you are relaying mail via a dynamic IP? You deserve to be
> blacklisted (i.e.: that dynamic IPs are blacklisted).

Nope... I'm not doing anything wrong, unless you count *inheriting* an IP
address that has been used by someone who was. Think of it like moving to
a new town and getting a telephone. The phone number the phone company
assigns you just happened previously to belong to the local taxi cab
company. {:<(

I can (temporarily) fix the problem by disconnecting my DSL modem and
reconnecting it. This gives me a new IP address. The trouble is that it
will also sometimes give you a new address by itself (line testing, line
interruption, etc.). Usually the first indication I have of this (having
gotten a "bad" address) is calls from frustrated customers wondering where
that mail I was supposed to sent them is.

-----------------------------------------------
James M. Knox
TriSoft ph 512-385-0316
1109-A Shady Lane fax 512-366-4331
Austin, Tx 78721
-----------------------------------------------

>>In general we will never know it (we get no bounce mail or anything) -

If you're not getting a "bounce" there's something wrong with how you're
sending the email. Well...actually, that's less true today. I'll explain
why.

Once upon a time, the blocking tools ran at the server level. That is, the
mail server to which your mail server was trying to send the message would
reject it. The failed message would still be on your server, and it would
be your server's responsibility to send the "bounce".

However, users have - justifiably - become concerned about "false
positives". So the model has been changing. Instead of servers rejecting
email, the mail is now delivered but into a special folder. The user can
ignore this folder, scan it occasionally, delete it, or anything in
between.

Unfortunately, though, this means that the mail was accepted by the
destination server. This has a number of problems, but one of them is the
lack of an error message.

It's tempting for some to blame the users for this, in that they're the
proximate cause. However, the blame truly lies with the spammers. W/o
them, the problem simply wouldn't exist.

[...]
>>Royal pain, and a cure as bad or worse than the disease.

It is a pain, but most people disagree with your assessment. They'd rather
not be buried in spam. If you need to do some extra work as a result,
those people don't care.

It's just aother aspect of the cost-shifting nature of spam. The spammers
spam, and you pay the cost. That's part of why so many consider it
"theft".

- Andrew

In a previous article, "James M. Knox" > said:
>Martin Hotze > wrote in
:
>> So you are relaying mail via a dynamic IP? You deserve to be
>> blacklisted (i.e.: that dynamic IPs are blacklisted).
>
>Nope... I'm not doing anything wrong, unless you count *inheriting* an IP
>address that has been used by someone who was. Think of it like moving to

Many ISPs are blocking all mail from ALL dynamic IPs. It doesn't matter
how many times you unplug your DSL modem and get a new IP, you're still
going to be on a dynamic IP, and therefore still be unable to send email
to AOL, RoadRunner, Juno, NetZero, Hotmail, etc. I've got a list of a few
hundred domains where I have to forward email through my ISP's mail
server, which I hate to do because they are slow and unreliable, unlike my
own postfix server.


--
Paul Tomblin > http://xcski.com/blogs/pt/
I've never understood why women douse themselves with things that are alleged
to smell of roses/tulips/freesias. What exactly are they trying to attract?
Bees? -- Tanuki

In article >, Jeff Franks wrote:
> Both of these are "blacklists" that many mailservers use to try to prevent
> spamming.

I don't like blacklists for flat rejecting mail. I prefer to use a spam
scoring system - the one I use is called SpamAssassin, and I have it
installed on the mail server for everyone who uses my system to get
email. SpamAssassin assigns scores for each spam indicator - it uses a
combination of its own rules, a Baysean filter, the DCC and the Spamhaus RBL.
Matching a single rule - for example, if your IP address is in the SBL,
won't mean you get put in the spamtrap. For the rules-based filter, you
must match a few rules. SpamAssassin is very effective - much better
than using an RBL alone.

Here's a few stats for my personal email address for how many spam
emails I get per day:

Sat Nov 29 01:00:43 UTC 2003
101
Sun Nov 30 01:00:51 UTC 2003
102
Mon Dec 1 01:00:35 UTC 2003
114
Tue Dec 2 01:00:45 UTC 2003
115
Wed Dec 3 01:00:11 UTC 2003
131
Thu Dec 4 01:00:09 UTC 2003
117
Fri Dec 5 01:00:09 UTC 2003
98
Sat Dec 6 01:00:10 UTC 2003
94
Sun Dec 7 01:01:14 UTC 2003
105
Mon Dec 8 01:00:13 UTC 2003
103

I get perhaps 3 or 4 actual emails from real people per day (excluding
mailing lists). The scale of spam makes me wonder if email is really
worth it any more, since I get two orders of magnitude more spam than
ham. I have to waste time configuring SA, my server has to waste CPU
cycles and disk space.

Then there's worms/viruses. My mail server is configured to point-blank
reject *all* Windows executables. During the recent Swen scourge, at one
point Exim was rejecting several copies of the worm per minute. The
mailserver literally had to reject gigabytes of Swen. Swen must have
brought some smaller ISPs to their knees - I was just processing mail
for a handful of users - just imagine the traffic for a couple of
thousand users!

Unfortunately, the MAPS RBL is not a solution - it's like a blunderbuss
- it's fairly indiscriminate and inaccurate: many false positives and
fairly ineffective blocking. I won't even use the MAPS RBL as a rule for
SpamAssassin.

--
Dylan Smith, Castletown, Isle of Man
Flying: http://www.dylansmith.net
Frontier Elite Universe: http://www.alioth.net
"Maintain thine airspeed, lest the ground come up and smite thee"

In a previous article, said:
>On Mon, 8 Dec 2003 15:02:33 +0000 (UTC), Paul Tomblin wrote:
>>I've got a list of a few
>>hundred domains where I have to forward email through my ISP's mail
>>server, which I hate to do because they are slow and unreliable, unlike my
>>own postfix server.
>
>So a static IP would solve the problem (given that the ISP has some clue
>and has not also listed that range also in the dial up list)?

Yes, if they have a separate IP range for their static customers. If they
just give you an IP in the middle of their dynamic IP range, forget it.


--
Paul Tomblin > http://xcski.com/blogs/pt/
http://www.pointlesswasteoftime.com/film/50reasons.html
"Apparently they made the beasts [Uruk Hai] by crossing Orcs, Goblins and
the French."

On Mon, 8 Dec 2003 15:02:33 +0000 (UTC), Paul Tomblin wrote:

>I've got a list of a few
>hundred domains where I have to forward email through my ISP's mail
>server, which I hate to do because they are slow and unreliable, unlike my
>own postfix server.

So a static IP would solve the problem (given that the ISP has some clue
and has not also listed that range also in the dial up list)?

#m
--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

On Mon, 08 Dec 2003 16:59:30 -0000, Dylan Smith wrote:

>The scale of spam makes me wonder if email is really
>worth it any more, since I get two orders of magnitude more spam than
>ham.


For those wondering about the name 'SPAM':
http://www.detritus.org/spam/skit.html

and to come to an end on this thread: Jay, is your question somehow
answered? *hehe*

#m

--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

On Mon, 8 Dec 2003 19:11:19 +0000 (UTC), Paul Tomblin wrote:

>>So a static IP would solve the problem (given that the ISP has some clue
>>and has not also listed that range also in the dial up list)?
>
>Yes, if they have a separate IP range for their static customers. If they
>just give you an IP in the middle of their dynamic IP range, forget it.

I wrote: "given that the ISP has some clue"

:-)

#m
--
http://www.declareyourself.com/fyr_candidates.php
http://www.subterrane.com/bush.shtml

"G.R. Patterson III" > wrote in message
...
>
>
> Paul Tomblin wrote:
> >
> > I get 2,000 spams a day (and rising rapidly), not counting the Microsoft
> > executables that are deleted before the spam filter sees them.
>
> Wow! I'm only getting about 1% of that.

Is it possible that Comcast is stopping the other 99%? Turning off the
Hotmail filter for a couple of hours is instructive. (despite having had my
HM address in the clear for years, I get maybe 5-10 messages a day leak
through the filter, and no complaints from anyone that I didn't reply to
their mail).

-- David Brooks

Andrew Gideon > wrote in
online.com:

> If you're not getting a "bounce" there's something wrong with how
> you're sending the email. Well...actually, that's less true today.
> I'll explain why.

That would have been true four or five years ago. Not now. These days
VERY FEW of recipient ISP's or major companies bounce blacklisted
e:mail. It serves essentially no value except to double the load on the
internet. Spammers virtually never have their own "reply to" or "from"
address, so any bounce will go to either an invalid address or (these
days) more likely to someone whose address was harvested at random.

Spam that is not blacklisted but has an invalid recipient address is
still universally bounced. We get a few hundred per day of "Your mail
could not be delivered..." messages - all for mail we never sent.

I have also observed that most users have little idea what filtering
(blacklist or otherwise) is automatically imposed by their ISP. Often
even the bulk of the people at the ISP may not know. Thus we have the
situation where mail is sent... and simply never arrives. Tracking down
the point where it disappears can sometimes be a significant hassle.

>>>Royal pain, and a cure as bad or worse than the disease.
>
> It is a pain, but most people disagree with your assessment.

Tell that to my customers who are losing money when documentation
packages or other important materials are not arriving... because their
ISP is dropping selections of their e:mail without telling either them
or the sender.

I have absolutely no problem with ISP's providing anti-spam software.
But I would say there are two absolutely mandatory requirements:
1) They **must** tell their customers that they are doing it.
2) The customers should be able to "opt out" if necessary to insure the
proper receipt of necessary e:mail.

[BTW, another interesting problem with one ISP that took us a LONG time
to get fixed. That ISP had, among other unpublished anti-spam features,
software that would designate as spam anything where a number of users
received the same e:mail from the same sender within a short period of
time. Unfortunately, the number seemed to be about SIX!

Guess what would happen when certain aviation e:newsletters would send
out their weekly update! Yup... dropped!!! With no indication to the
end user, and not even tech support knew they were doing it.]


-----------------------------------------------
James M. Knox
TriSoft ph 512-385-0316
1109-A Shady Lane fax 512-366-4331
Austin, Tx 78721
-----------------------------------------------

("James M. Knox" wrote)
<snip>
> I have absolutely no problem with ISP's providing anti-spam software.
> But I would say there are two absolutely mandatory requirements:
> 1) They **must** tell their customers that they are doing it.
> 2) The customers should be able to "opt out" if necessary to insure the
> proper receipt of necessary e:mail.


Our ISP (VISI - Minnesota) started using Postini last spring.

http://www.postini.com/

All of our quarantined (spam) messages can be viewed on my ISP's server. I
usually just block delete 400 at a time - after a quickie glance to see if I
recognize anyone. If I do nothing all week, the spam automatically falls off
the back end, to make room for "fresh spam".

Messages with a virus are highlighted - I've seen about 10 of those in the
past 8 months.

I can select different levels of protection - very easy options to use
..."beginner level intuitive".

I can rescue addresses trapped in our spam filter with a click. It's
actually about 3 clicks (and a Paste) which is something I'd streamline if I
was Postini.

Overall, we're quite pleased with the job they're doing. They're not 100%
infallible ...but post-Postini, the situation is 100% better than it was.

--
Montblack
http://lumma.de/mt/archives/bart.gif

"Montblack" > wrote in
:

> Our ISP (VISI - Minnesota) started using Postini last spring.
> http://www.postini.com/
>
> All of our quarantined (spam) messages can be viewed on my ISP's
> server. I usually just block delete 400 at a time - after a quickie
> glance to see if I recognize anyone.

Postini does a pretty good job, although I like Britemail a bit better
(virtually zero false positive rate, at the cost of letting a few more
spams through).

I monitor what our system here classes as spam, and it varies a bit from
week to week. Right now I am showing just over 17,000 from last night.
Just a few months ago it would have been more like 3000. Needless to say,
I don't check for false positives, which is why I'd rather let a few spam
get through than not.

-----------------------------------------------
James M. Knox
TriSoft ph 512-385-0316
1109-A Shady Lane fax 512-366-4331
Austin, Tx 78721
-----------------------------------------------