On Sun, 24 Sep 2000 15:17:04 +0000, Dale Mentzer wrote:
> http://www.samspade.org/ssw/
> A 1.75-megabyte download, it uses the standard Windows
> installation program.
Just in case you don't use Windows, a certified Windoze hater, or
won't download anything that big <g>... Both Spamcop spam processing
and ORBs (also MAPS RSS and RBL) open-relay reporting could be done
*entirely* by email. An easy, fast, and painless process.
Spamcop:
* Forward the whole spam including complete header lines
to [EMAIL PROTECTED] (that's spamcop at spamcop.net ;-)
In case of Arachne, this would be copying the entire *.cnm
or *.mes file and pasting it to either the mail composer or
your template-generated *.tbs (to be sent) file.
For example:
-----
To: [EMAIL PROTECTED]
Subject: (ignored)
Message Body:
Return-Path: <spam-webmaster@nowhere> <-- full headers
Received: .....
Received: ....
.....
From: Spam Webmaster <spam-webmaster@nowhere>
To: whoever
Subject: Just another $$$ money making scam, guaranteed!
X-Mailer: Mass mailer 2.0a
<-- blank line
FIRE YOUR BOSS! <-- full message body
Blah blah blah....
....
Order now! Visit:
http://27578567/getrich.asp?E3BF <-- spamvertised website
....
This message was sent in compliance of the new email
bill section 301. Under Bill S1618 TITLE III passed
by the 105th US Congress, this message cannot be
considered as SPAM as long as we include the way to
be removed, blah blah blah... emails to you may be
stopped at no cost by replying
to [EMAIL PROTECTED] <-- spamvertised email address
------
* You'll be replied with two unique URLs, members and
non-members (for paid and free services, respectively).
* You could either go online and click any of these URLs,
or request it by email with any of the following www4mail
servers:
* [EMAIL PROTECTED] (www4mail at
ftp.uni-stuttgart.de)
* [EMAIL PROTECTED] (~at wm.ictp.trieste.it)
* [EMAIL PROTECTED] (~at unganisha.idrc.ca)
* [EMAIL PROTECTED] (~at collaborium.org)
* [EMAIL PROTECTED] (~at web.bellanet.org)
To safe bandwidth, send the request email as follows:
-----
To: www4mail@... (choose any of the above)
Subject: (ignored)
Message body:
xformreply=text
http://spamcop.net/..... (the unique URL sent to you)
-----
Or just the URL at message body (without xformreply) if
you prefer HTML format.
* Depends on your Spamcop membership, you'll get three or
two more web pages to go. With www4mail, just fill-out
and send the form snippets _within_a_hour_ until you get
the page with "Spam report sent to...".
* Always click or set "verbose" to "on", this way you'll
know when the spammer did some "trick" to confuse Spamcop.
(i.e. spams older than 3 days won't be processed)
* Spamcop will do open relay tests for you, and report to
ORBs as needed, but sometimes it fooled and simply discard
the IP as fake. In this case, report directly to ORBs
(see below).
Note: Some spammer using their own domain for the spamvertised
web page and "unsubscribe" email address. In this case, Spamcop
might wrongly send your spam report back to the spammer, revealing
your email address to them. Just be careful when choosing the
"send report to" options. But if you already did, usually there
are two possibilities:
* The spammer will move your address to his/her "active"
address list and/or sell out your email address. Either
way, you'll receive even more spams.
* The spammer views you as a dangerous threat, and moving
your address to his/her "extremist" database. You'll
never receive any spams from his/her "company" again.
ORBs (and MAPS RSS):
Examine the "received" headers, there's a possibility that
the one that did the final exchange with your ISP's mail
server (smtp.yourdomain) is an open relay. Take note of
the calling server's (NOT your ISP's) IP number, then:
* If you have plenty flat-rate online time to burn, test
first manually with telnet that the relay is really an
open relay. See http://www.orbs.org/envelopes.html for
details.
* Report the open relay by email.
See http://www.orbs.org/email.html for details.
MAPS RBL:
If all of the above already done, but there's no positive
response from the involved ISPs, you could report the spam
to MAPS RBL for full domain/IP block blacklist. Read the
following for details:
http://mail-abuse.org/rbl/
http://mail-abuse.org/rbl/reporting.html
Generally ISPs are quite swift when nuking spammer. Even for a bulky
and slow abuse service like MSN Hotmail (last time there were three
spam reports required to bring down a spammer "unsubscribe" address).
Most likely that's because each spam reported through Spamcop will
raise the ISP's score, the higher the worse. However, bribed or
spammer-operated "ISPs" might filled-out false Spamcop response.
You'll see "ISP has already taken action..." but the spamvertised
web site and/or email address remains untouched. That's where you'll
need to file a MAPS RBL report. Be careful, though. A successful
MAPS RBL blacklist will block emails from the whole domain/IP block,
effectively causing colateral damages at the ISP misused by spammer
(the lawsuit against MAPS was trigerred by this kind of blocking).
Happy hunting! ;-)
--Eko
http://www.survpc.net/ - Older PC and DOS Internet
http://survpc.virtualave.net/ (noframe)
To unsubscribe from SURVPC send a message to [EMAIL PROTECTED] with
unsubscribe SURVPC in the body of the message.
Also, trim this footer from any quoted replies.
More info can be found at;
http://www.softcon.com/archives/SURVPC.html
