<<I really like RBL systems - rejects at the SMTP session.>>
That's an option only for sysadmins, not ordinary users on
ISPs, so pie in sky to me.
<<I only get uptight about the spams that get through my
defences - and those, it takes just a minute or two to pull
a mostly canned response from a template file in the return
email which is forwarded to each of the appropriate
addresses for the message (abuse@ and ARIN/RIPE/APNIC
contacts for IP blocks).>>
It takes a hell of a lot more time than a minute or two,
like an hour per spam.
<<If you really are spending hours dealing with spam each
day, is would seem like the trivial amount that spamcop
might be charging would be well worth it.>>
I have no source of income to pay for it. (I'm already going
deeper into debt each month because my disability income
isn't enough to even pay the rent in a studio apartment.)
Also I get only a tiny amount of legitimate e-mail, whereas
spamcop charges based on how much total e-mail they process
for me, which 99% is spam, and there's no limit how much
more spam they can claim they're doing for me and charge.
How would you feel if the local police charged you on the
basis of how many criminals they stopped before they could
kill you, so the best policy for the police is to stop the
same criminal thousands of times per day and charge you more
each time?
Although it's possible for some mailer to spoof the IP
number within an address block, listening on an ethernet
for >IP numbers that don't really belong to it, it's not
possible
<<It is _trivial_ to set up an rDNS entry to make a host
appear to belong to someone elses' domain, in which case the
vast majority of people are going to send an abusive
complaint to "abuse(_at_)domain(_dot_)com", because they see the domain
right there in the headers.>>
That's why I use traceroute to find out which regular ISP
handles connections to the spam IP number, like Sprint or
the like, and send my complaint there instead of to whatever
domain is listed on the actual IP number, also because even
if the domain is legitimate it's probably owned by the
spammer so the administrative contact there will sell
complainers addresses to more spammers rather than take any
action to stop himself from spamming. For example, the most
recent spam I received today came from
public.guangzhou.cngb.com [203.93.58.3]), and for all I know
the cngb.com domain was either forged or belongs to the
spammer company, but the IP number is routed via:
11 sl-internap-47-0-0.sprintlink.net (160.81.36.26) 35.795 ms 23.042 ms
23.212 ms
12 border16s.ge2-0-bbnet1.sea.pnap.net (206.253.192.140) 23.930 ms 46.947
ms 36.128 ms
13 usei-2-gw.h2-0-0.border13s.pnap.net (206.191.144.166) 215.042 ms
186.570 ms 195.687 ms
14 206.191.144.154 (206.191.144.154) 739.883 ms 764.379 ms 770.690 ms
15 203.93.3.253 (203.93.3.253) 1149.664 ms 1116.608 ms 1079.595 ms
16 203.93.7.52 (203.93.7.52) 1110.708 ms 971.443 ms 892.602 ms
17 210.12.51.6 (210.12.51.6) 903.726 ms 906.680 ms 872.867 ms
18 210.14.227.5 (210.14.227.5) 889.887 ms 933.171 ms 933.477 ms
19 210.14.227.4 (210.14.227.4) 935.398 ms 934.330 ms 960.068 ms
20 192.168.1.10 (192.168.1.10) 967.852 ms 1161.408 ms 1203.296 ms
21 public.guangzhou.cngb.com (203.93.58.3) 1195.746 ms 1219.334 ms
1351.489 ms
so it looks like all those IP numbers that don't have any
reverse DNS lookup are deliberately making it hard to report
their spammers, so I'd like pnap.net to pull the plug on
206.191.144.154, so if I were to complain manually I'd do
whois on pnap.net and complain to their admin contact and
let them figure out why all those IP numbers don't have
reverse DNS and who is responsible for them. But the point
is that while cngb.com is probably either forged or owned by
the spammer, pnap.net is probably non-forged and not owned
by spammer, right? By the way, can you guess why I hate Sprint?
<<Most of them don't speak English>>
That's why having their disk fill up with spam that hasn't
yet been delivered is the best thing to do to them, and I
wish it were possible. Presumably whoever sold them their
computer they are attempting to administer speaks their own
language, and if it's configured to relay spam they should
get their money back or get help in their own language how
to stop their mail queue filling up the whole disk with
spam.
<<if they do have an open relay, stick it to 'em, because
they need incentives to close the relay.>>
Yes, I'm glad you agree with me.
<<It doen't take an hour to look into the headers of a
message.>>
It takes five minutes to do that and collect the relevant IP
numbers, five minutes before that to manually edit the mail
batch with emacs to save the message all by itself to a
single file (because BSD mailx strips off the Received
headers even when I follow the documentation to specify that
they're to be saved), five minutes to copy&paste the IP
numbers into whois commands for arin or whatever then get
redirected to some other server for the actual info, five
minutes to run traceroute and collect all that info and
decide what to do with it, five or ten minutes to paste
together all the relevant info into the text of a complaint
so the sysadmins know WHY they got the complaint (because
they own the address block, or they provide TCP/IP
connection to that address block, or because their user's
address is used for REMOVEME to collect good addresses to
sell to spammers, etc., five minutes to paste the result
across the phone line back to Unix and send it, and all
those bunches of five minutes add up to an hour if the
message was relayed through two hosts before it got to me
and I don't know which one is forged and which is relaying
and which is actual spam source, plus ten minutes to update
procmail recipe to auto-complain any future e-mail from same
address block to same complaint addresses, plus ten minutes
to deal with auto-acks of complaints and update procmail
recipes to reject all new e-mail from those auto-ack
addresses so I don't get a hundred autoacks per day.
Perhaps you should get yourself a Linux box and set it up.
Who's going to pay for that? My only source of income is
disability, which doesn't even pay the rent.
<<the spammers are doing theft of services>>
Yes, and procmail seems to be totally useless to fight
against it, despite people leading me down the garden path
to believe it might help.
<<Spend a few hours reading up on procmail and a few
appropriate RFCs. It might help.>>
Fuck you! I already spent many many hours doing that and all
I can find out now is that my time was wasted because
procmail can't help me.
New spam bleeped my screen just now:
From: dippel(_at_)ifh(_dot_)de
Subject: Need Extra Cash? We say YES to home loans!
20924
so at 20:57 I'm going to spamcop-complain...
ISP (abuse(_at_)gridnet(_dot_)com) score:6099
Click on the below link to be exclude from further communication.<br>
<a href=3D"mailto:reply21(_at_)uole(_dot_)com?subject=3DExclude-Mort">Click
Here<=
[X] Source of email abuse(_at_)gridnet(_dot_)com
[X] 200.198.146.34 - ORBS ORBS Automated Tester
[X] reply21(_at_)uole(_dot_)com - Email host
abuse(_at_)uol(_dot_)com(_dot_)ar
done at 21:01, four minutes of my time spent filing a
complaint about an ISP that has been spamming me repeatedly
and apparently ignored all previous complaints.
Damn, that made me miss the first minute of StarTrek Voyager,
so I don't know the plot.
__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail