From owner-list-managers-outgoing Tue Apr 1 01:21:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA11265 for list-managers-outgoing; Tue, 1 Apr 1997 01:08:53 -0800 (PST) Received: from cheviot.ncl.ac.uk (cheviot.ncl.ac.uk [128.240.233.51]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA11236 for ; Tue, 1 Apr 1997 01:08:29 -0800 (PST) Received: from [128.240.3.209] by cheviot.ncl.ac.uk id (8.7.6/ for ncl.ac.uk) with ESMTP; Tue, 1 Apr 1997 10:08:44 +0100 (BST) X-Sender: nmf3@pow.ncl.ac.uk Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Apr 1997 10:08:27 +0100 To: list-managers-digest@greatcircle.com From: Morna Findlay Subject: Malicious mass subscriptions Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Can I ask if any list managers on this list have been plagued by indivuduals who maliciously join innocent users to their lists? What's the best way to avoid this - making users confirm their subscriptions? cheers M From owner-list-managers-outgoing Tue Apr 1 08:06:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA04697 for list-managers-outgoing; Tue, 1 Apr 1997 07:56:52 -0800 (PST) Received: from wildride.schoneal.com (wildride.schoneal.com [206.81.38.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA04688 for ; Tue, 1 Apr 1997 07:56:45 -0800 (PST) Received: (from meo@localhost) by wildride.schoneal.com (8.6.11/8.6.11) id JAA32398; Tue, 1 Apr 1997 09:59:22 -0600 Message-Id: <199704011559.JAA32398@wildride.schoneal.com> Subject: News to check out soonest! To: nobody@wildride.schoneal.com (nobody) Date: Tue, 1 Apr 1997 09:59:22 -0600 (CST) From: meo@schoneal.com (Miles O'Neal) Reply-To: meo@schoneal.com (Miles O'Neal) Organization: Schober O'Neal, Inc / Net Ads X-WWW-URL: http://www.schoneal.com/~meo/ X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk A 3rd sense is now available to World Wide Web and other Internet users - scent! Read all about the Odor Transport Protocol and the products available for it now, at http://www.rru.com/webodor/ . A company has seceded from the USA, declaring itself to be the first CyberNation: http://www.rru.com/Secede/ . Finally, some friends and I are close to releasing software that will deal effectively with spammers. It monitors a number of commonly targeted lists and individual email addresses for spam. When the spam detector goes off, the software analyzes the headers, integrating with "whois", "finger" and other information, tracks down the spammer, and forges email to various heads of state from the spammer, threatening to kill them. More news as it breaks. -Miles meo@rru.com From owner-list-managers-outgoing Tue Apr 1 10:22:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA20326 for list-managers-outgoing; Tue, 1 Apr 1997 09:51:29 -0800 (PST) Received: from kitsune.swcp.com (swcp.com [198.59.115.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA20306 for ; Tue, 1 Apr 1997 09:51:20 -0800 (PST) Received: (from lazlo@localhost) by kitsune.swcp.com (8.8.5/1.2.3) id KAA08203 for list-managers@greatcircle.com; Tue, 1 Apr 1997 10:51:50 -0700 (MST) Message-Id: <199704011751.KAA08203@kitsune.swcp.com> Subject: Malicious mass subscriptions To: list-managers@greatcircle.com (lm) Date: Tue, 1 Apr 1997 10:51:50 -0700 (MST) From: "Lazlo Nibble" X-Mailer: ELM [version 2.4 PL25 PGP3 *ALPHA*] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > Can I ask if any list managers on this list have been plagued by > indivuduals who maliciously join innocent users to their lists? > > What's the best way to avoid this - making users confirm their subscriptions? That's the best way to protect your lists, yes. -- ::: Lazlo (lazlo@swcp.com; http://www.swcp.com/lazlo) ::: Internet Music Wantlists: http://www.swcp.com/lazlo/Wantlists From owner-list-managers-outgoing Tue Apr 1 10:56:39 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA22469 for list-managers-outgoing; Tue, 1 Apr 1997 10:07:09 -0800 (PST) Received: from [198.102.244.97] (pb520-ppp.greatcircle.com [198.102.244.97]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA10755; Tue, 1 Apr 1997 08:53:59 -0800 (PST) X-Sender: brent@honor.greatcircle.com Message-Id: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 1 Apr 1997 08:54:19 -0800 To: Morna Findlay , list-managers-digest@greatcircle.com From: Brent Chapman Subject: Re: Malicious mass subscriptions Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 10:08 AM +0100 4/1/97, Morna Findlay wrote: >Can I ask if any list managers on this list have been plagued by >indivuduals who maliciously join innocent users to their lists? > >What's the best way to avoid this - making users confirm their subscriptions? That helps; we use the "+confirm" subscription policy feature in the current version of Majordomo to do that. The latest thing we're seeing, though, is forged "info" and "intro" requests (i.e., "tell me about this list"), which are not confirmed. They're only good for a single message to the victim, but that's still a lot of email... We've had some success using a front-end filter for Majordomo that blocks incoming requess containing certain known-problem domains in the "Received:" lines. Unfortunately, the code I'm using for this is something I slapped together in a hurry, and has a bunch of deficiencies, so I'm not willing to release it. Future versions of Majordomo should have something like this built in, though. -Brent -- Brent Chapman Internet/intranet training and consulting, Brent@GreatCircle.COM specializing in network design and security. Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/ From owner-list-managers-outgoing Wed Apr 2 00:07:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA09327 for list-managers-outgoing; Wed, 2 Apr 1997 00:05:44 -0800 (PST) Received: from cheviot.ncl.ac.uk (cheviot.ncl.ac.uk [128.240.233.51]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id AAA09303; Wed, 2 Apr 1997 00:05:13 -0800 (PST) Received: from [128.240.3.209] by cheviot.ncl.ac.uk id (8.7.6/ for ncl.ac.uk) with ESMTP; Wed, 2 Apr 1997 09:05:47 +0100 (BST) X-Sender: nmf3@pow.ncl.ac.uk Message-Id: In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 2 Apr 1997 09:05:46 +0100 To: Brent Chapman , list-managers-digest@GreatCircle.COM From: Morna Findlay Subject: Re: Malicious mass subscriptions Sender: list-managers-owner@GreatCircle.COM Precedence: bulk >Brent wrote > >We've had some success using a front-end filter for Majordomo that blocks >incoming requess containing certain known-problem domains in the >"Received:" lines. Unfortunately, the code I'm using for this is something >I slapped together in a hurry, and has a bunch of deficiencies, so I'm not >willing to release it. Future versions of Majordomo should have something >like this built in, though. Interesting. We;ve been thinking about blobking - or threaten to block - mail from certain domains from which we get a lot of problems. That of corse would affect the valid users from those domains. Has anyone done this? I;d be *really* interested to know what other list-managers think are the implications, cheers M From owner-list-managers-outgoing Wed Apr 2 09:30:00 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA28429 for list-managers-outgoing; Wed, 2 Apr 1997 09:19:42 -0800 (PST) Received: from orange.metron.com (orange.katz.com [204.182.31.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA28380 for ; Wed, 2 Apr 1997 09:19:25 -0800 (PST) Received: (from lou@localhost) by orange.metron.com (8.8.4/8.8.4) id JAA11878 for list-managers@GreatCircle.COM; Wed, 2 Apr 1997 09:17:20 -0800 (PST) From: Lou Katz Message-Id: <199704021717.JAA11878@orange.metron.com> Subject: Blocking domains To: list-managers@GreatCircle.COM Date: Wed, 2 Apr 1997 09:17:20 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk In response to most spams, I immediately block the entire Class C set of netnumbers from which the spam originated. Since I can, I block ALL packets, which I just throw away, causing the offending site to timeout, rather than gettting a service refused response. This blocks DNS lookup, Finger, SMTP, etc. I believe that raising the pain threshold for sites that harbor spammers by making their services somewhat less useful for their legit customers (if any) is a useful and legitimate response. I also think that if each of us send a single, lengthy message to the sites involved for each spam received, the return traffic should also increase the pain on the source and its providers. Lou From owner-list-managers-outgoing Wed Apr 2 09:53:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA02753 for list-managers-outgoing; Wed, 2 Apr 1997 09:51:11 -0800 (PST) Received: from magpie.com (magpie.com [206.138.212.31]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA02746 for ; Wed, 2 Apr 1997 09:51:03 -0800 (PST) Received: from ripley (ripley.magpie.com [192.0.1.2]) by magpie.com (8.8.5/8.7.3) with SMTP id MAA16964 for ; Wed, 2 Apr 1997 12:51:18 -0500 Message-Id: <3.0.32.19970402124624.00a97ec0@192.0.1.6> X-Sender: manes@192.0.1.6 X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Wed, 02 Apr 1997 12:46:27 -0500 To: List-Managers@GreatCircle.COM From: Steve Manes Subject: SMTP Firewalls Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 01:00 AM 4/2/97 -0800, you wrote: >Interesting. We;ve been thinking about blobking - or threaten to block - >mail from certain domains from which we get a lot of problems. > >That of corse would affect the valid users from those domains. > >Has anyone done this? I;d be *really* interested to know what other >list-managers think are the implications, Yes. I run an SMTP firewall which permanently blocks mail from 45 domains, including Cyberpromo, PromoNet, ShoppingPlanet and a bunch more. However, the worst of the lot has been Earthlink and after weeks of no response from Earthlink's administrators about the growing number of spammers using their system to abuse others, I tossed Earthlink in my firewall as well. Any Earthlink user who attempts to subscribe to a Magpie mailing list received notice of this blackout. I know it's cost Earthlink at least two Magpie list subscribers, who moved to local ISPs in order to maintain posting access to the lists (a firewalled domain can still receive mail from the list, it just can't post). Worldnet.att.net will shortly join Earthlink in my /etc/hosts.deny file unless it cleans up its act quickly. Worldlink claims that spammers are using its machines as a relay and that they're attempting to plug up this security hole. -----------------------[ http://www.magpie.com ]-----------=o&>o--------- Steve Manes | Int'l Bass Players | for info, email manes@magpie.com | NYC Motorcyclists | server@magpie.com with 94 Harley-Davidson FLHR | Triumph MC Owners | the message text, "lists" 95 Triumph Super III | Motorcycle Safety | 97 Triumph T595 | | N'Yawk, N'Yawk From owner-list-managers-outgoing Wed Apr 2 10:37:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA07101 for list-managers-outgoing; Wed, 2 Apr 1997 10:28:40 -0800 (PST) Received: from eagle.inetnebr.com (eagle.inetnebr.com [199.184.119.14]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA07070 for ; Wed, 2 Apr 1997 10:28:29 -0800 (PST) Received: from carrot.tssi.com (root@gateway.tssi.com [198.147.197.29]) by eagle.inetnebr.com (8.8.5/8.8.5) with ESMTP id MAA12147 for ; Wed, 2 Apr 1997 12:28:56 -0600 (CST) Received: from celery.tssi.com (carrot.tssi.com) by carrot.tssi.com (8.6.12/8.6.9) with ESMTP id MAA14880 for ; Wed, 2 Apr 1997 12:28:53 -0600 Received: (from celery.tssi.com) by celery.tssi.com (8.7.5/8.7.3) id MAA12189 for list-managers@GreatCircle.com; Wed, 2 Apr 1997 12:28:52 -0600 From: Mike Nolan Message-Id: <199704021828.MAA12189@celery.tssi.com> Subject: Re: Blocking domains To: list-managers@GreatCircle.com (List Managers) Date: Wed, 2 Apr 1997 12:28:52 -0600 (CST) Reply-To: nolan@tssi.com X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Lou Katz wrote: > In response to most spams, I immediately block the entire Class C > set of netnumbers from which the spam originated. Since I can, > I block ALL packets, which I just throw away, causing the offending > site to timeout, rather than gettting a service refused response. > This blocks DNS lookup, Finger, SMTP, etc. I believe that > raising the pain threshold for sites that harbor spammers by making > their services somewhat less useful for their legit customers (if any) > is a useful and legitimate response. A significant portion of the spam I receive comes from sites like AOL and att.worldnet.net. Even though I could block traffic from these sources, I'm not sure I would want to. > I also think that if each of us send a single, lengthy message to > the sites involved for each spam received, the return traffic should > also increase the pain on the source and its providers. If our subscribers did this to one of our lists or our home site, most of us would be mad as hell. I don't think we're better than the rest of the net community, and can come up with precious few instances where mailbombing is a good idea. But I do think that the list management community may need to come up with its own solution to the problem, since so far the net community as a whole hasn't. In general, I see several different situtions, each of which may require a different response. 1. The site management is an active and willing participant in the spamming. In this case, I think that some form of dire sanction needs to be applied, blocking the entire domain is OK by me. I don't see where e-mail bombing the site is likely to be effective, though, especially because such a site might configure itself to ignore that kind of attack anyway. (I'm not an expert on this subject, but isn't it possible to block some forms of traffic in certain directions, which could include e-mail bombs?) 2. The site management is aware of the spamming, not an active participant but tolerant of it. Blocking might be a solution here, and sending e-mail bombs might actually be more effective than in the first case, if that's what it takes to get their attention. 3. The site management is unaware of the spamming, and possibly willing to take steps to deal with it once alerted. Unless spam constitues a major portion of the traffic from this site, in which case it may more properly belong in one of the first two categories, I don't think that blocking is advisable, and mail bombing is likely to be less effective than a politely worded advisory and request for action. The more willing that the site management is to take action, the less likely I am to want to block traffic from it. 4. The site is an unwilling participant, through any of several security holes. I could see blocking as a short-term fix until security is improved. I think that mail bombing just exacerbates the problem at that site, though. 5. The site isn't really involved, it's being spoofed or forged into headers. I'm getting out of my technical depth at this point, spoofing may not be happening all that much in real life, but I'm trying to come up with a fairly complete taxonomical breakdown, so I needed to cover this variant. In the event of either spoofing or forging, neither blocking nor mail bombing is effective, it's not even clear to me that alerting the site management would always help. A further problem is the load on the net providers to the sites being affected. In the long run, the most effective form of enforcement may be for the IP community (the carriers) to refuse to do business with spammers, an updated and enforced version of the 'acceptable use' guidelines if you will. Even that might not help entirely, anyone who has ever gotten a nasty message with instructions to call area code 809 might have discovered that the phone companies of the world mostly tolerate this abuse of their billing system. The best solution to me is still some kind of authentication system, to establish certainty as to both the origination and author of all messages. which may be technically impossible and in violation of the US Government's archaic encryption rules anyway. And I'm not sure it couldn't be perverted by willing spammers, too. (And does this raise First Amendment concerns?) If this could be tied into some kind of transfer of payments system, so that unsolicited e-mail is paid for by the sender on a per-address basis rather than $19.00 per month (or whatever), then spam mail could become a problem of the past, except for bulk marketers who can afford it. My e-mail box becomes more like my postal mail box at that point, over half of the mail I receive most days is bulk rate mail. Thank heaven that isn't true for my e-mail box, at least not yet. And the ultimate transfer of payments system would pay ME for receiving such mail, or at least credit my account at my IP. Hell, I might even read some of it at that point! -- Mike Nolan From owner-list-managers-outgoing Wed Apr 2 11:34:51 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA12835 for list-managers-outgoing; Wed, 2 Apr 1997 11:11:09 -0800 (PST) Received: from solutions.apple.com (solutions.apple.com [17.255.34.19]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA12763; Wed, 2 Apr 1997 11:10:52 -0800 (PST) Received: from [17.219.12.99] (A17-219-12-99.apple.com [17.219.12.99]) by solutions.apple.com (8.6.10/A/UX 3.1) with ESMTP id LAA03133; Wed, 2 Apr 1997 11:12:52 -0800 Message-Id: In-Reply-To: References: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Wed, 2 Apr 1997 11:08:19 -0800 To: Morna Findlay , Brent Chapman , list-managers-digest@GreatCircle.COM From: Chuq Von Rospach Subject: Re: Malicious mass subscriptions Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 12:05 AM -0800 4/2/97, Morna Findlay wrote: >>We've had some success using a front-end filter for Majordomo that blocks >>incoming requess containing certain known-problem domains in the >>"Received:" lines. >That of corse would affect the valid users from those domains. > >Has anyone done this? I've done this using procmail. Anything suspicious gets sent to my account instead of to the daemon. I can monitor, and correct requests can be forwarded back for processing. In reality, the domains used for spamming seem don't seem to have legitimate users of my systems -- your mileage may well vary here, so study the requests before making assumptions. It's *really* cut down my spam problems until I can get subscription confirmation finished. I *also* generate daily subscriber change reports, so I can quickly scan the new names every morning, and once I got my system in place, while the spammers are still at it, no spam account's made it onto one of my lists in three days (unless they're hiding well). Prior to that, ti was only a couple instead of (on bad days) a dozen or more. Fortunately, the spammers have patterns you can use to your benefit. Unfortunately, they sometimes change them slightly, so you have to keep watching. More unfortunately, the patterns make it obvious what most of the spam is, but they don't lend themselves to programmatic testing very easily, except in broad ways (if someone is signed up with a name of "lamer" or "remal", for instance, you can bet it's a spam. Certain other keywords can trip a warning, too, as can certain headers such as "peer crosschecked" showing up in the mail. I've yet to see a subscription request with a "peer crosschecked" line that was legitimate.... Now, to get EVERYONE to do peer crosschecking... grin... -- Chuq Von Rospach (chuq@apple.com) Apple IS&T Mail List Gnome Plaidworks Consulting (chuqui@plaidworks.com) ( +-+ The home for Hockey on the net) From owner-list-managers-outgoing Wed Apr 2 12:22:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA21065 for list-managers-outgoing; Wed, 2 Apr 1997 12:17:33 -0800 (PST) Received: from eagle.inetnebr.com (eagle.inetnebr.com [199.184.119.14]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA21038 for ; Wed, 2 Apr 1997 12:17:19 -0800 (PST) Received: from carrot.tssi.com (root@gateway.tssi.com [198.147.197.29]) by eagle.inetnebr.com (8.8.5/8.8.5) with ESMTP id OAA14890 for ; Wed, 2 Apr 1997 14:17:37 -0600 (CST) Received: from celery.tssi.com (carrot.tssi.com) by carrot.tssi.com (8.6.12/8.6.9) with ESMTP id OAA16354 for ; Wed, 2 Apr 1997 14:17:37 -0600 Received: (from celery.tssi.com) by celery.tssi.com (8.7.5/8.7.3) id OAA13433 for list-managers@GreatCircle.com; Wed, 2 Apr 1997 14:17:35 -0600 From: Mike Nolan Message-Id: <199704022017.OAA13433@celery.tssi.com> Subject: Re: Malicious mass subscriptions To: list-managers@GreatCircle.com (List Managers) Date: Wed, 2 Apr 1997 14:17:35 -0600 (CST) Reply-To: nolan@tssi.com X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > It's *really* cut down my spam problems until I can get subscription > confirmation finished. I *also* generate daily subscriber change > reports, so I can quickly scan the new names every morning, and once I > got my system in place, while the spammers are still at it, no spam > account's made it onto one of my lists in three days (unless they're > hiding well). Prior to that, ti was only a couple instead of (on bad > days) a dozen or more. The two most effective things I've done were close my lists to non-subscribers (especially useful since one of my lists has a web archive site), and to implement a three day waiting period for new subscribers before their posting privileges are activated, a very trivial step with procmail/SmartList. I've had almost no spam or hate mail (a problem perhaps more common in my specialty, which is collegiate sports team fan lists) reach my subscribers since the three day waiting period was implemented, the only ones I can think of found a hole in my list security system, which I plugged quickly. Like Chuq, I also send myself a list of recent subscribers to see if I see any trends or sites to worry about, although I haven't taken any action based specifically on that yet. -- Mike Nolan From owner-list-managers-outgoing Wed Apr 2 18:06:44 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA03944 for list-managers-outgoing; Wed, 2 Apr 1997 18:03:49 -0800 (PST) Received: from ec2.earthchannel.com (ec2.earthchannel.com [205.160.21.65]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id SAA03926 for ; Wed, 2 Apr 1997 18:03:41 -0800 (PST) Received: from ec12.earthchannel.com (unverified [205.160.21.75]) by ec3.earthchannel.com (EMWAC SMTPRS 0.83) with SMTP id ; Wed, 02 Apr 1997 21:04:01 -0500 Message-ID: Comments: Authenticated sender is From: "Gess Shankar" Organization: Earth Channel Communications LLC To: List-Managers@greatcircle.com Date: Wed, 2 Apr 1997 20:52:23 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Forced Subs ended? Reply-to: gess@earthchannel.com X-mailer: Pegasus Mail for Win32 (v2.53/R1) Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I have not seen any of the forged subs for the past two days. I would like to confirm if this is the case or the stuff is escaping the filters because of new mutations ListAdmin., EC From owner-list-managers-outgoing Thu Apr 3 02:22:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA04148 for list-managers-outgoing; Thu, 3 Apr 1997 01:39:50 -0800 (PST) Received: from orange.metron.com (orange.katz.com [204.182.31.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA04093 for ; Thu, 3 Apr 1997 01:39:18 -0800 (PST) Received: (from lou@localhost) by orange.metron.com (8.8.4/8.8.4) id BAA23441 for list-managers@GreatCircle.COM>; Thu, 3 Apr 1997 01:38:40 -0800 (PST) From: Lou Katz Message-Id: <199704030938.BAA23441@orange.metron.com> Subject: Date: Thu, 3 Apr 1997 01:01:16 -0800 (PST) To: list-managers@GreatCircle.COM Date: Thu, 3 Apr 1997 01:38:39 -0800 (PST) X-Mailer: ELM [version 2.4ME+ PL28 (25)] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk A minor correction - by sending a lengthy message, I did not mean mailbombing at all. Rather, a treatise on why I was objecting to the particular piece of mail (included), and suggestions about how and why to cope with it. Some fine examples of this type of message have shown up on this list. I just wanted to indicate that a one-line message of complaint was not sufficient. A couple of screens of text plus the complete offending message strikes me as reasonable. It does take some care to make sure you don't complain to forged addresses, but the relays and the spam-havens should be notified. I believe that simply throwing away spam through filters will accomplish nothing besides keeping one's mailbox and the mailing lists you manage clear. In the meantime the bandwidth of the net is being choked by this unwanted traffic, and the 'cost' to the spammers and their allies is low. Silence on the part of upstream providers is acquiescence at best and encouragement at worst. If we can raise the cost of spamming we might reduce the volume. -=[Lou]=- From owner-list-managers-outgoing Thu Apr 3 19:00:53 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA15650 for list-managers-outgoing; Thu, 3 Apr 1997 18:53:20 -0800 (PST) Received: from acadcomp.cmp.ilstu.edu (acadcomp.cmp.ilstu.edu [138.87.1.3]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id SAA15633 for ; Thu, 3 Apr 1997 18:53:13 -0800 (PST) Received: from [138.87.143.23] by acadcomp.cmp.ilstu.edu (AIX 3.2/UCB 5.64/4.03) id AA31495; Thu, 3 Apr 1997 20:50:59 -0600 Message-Id: <9704040250.AA31495@acadcomp.cmp.ilstu.edu> Comments: Authenticated sender is From: "Gary Klass" To: List-Managers@greatcircle.com Date: Thu, 3 Apr 1997 20:55:17 +0000 Mime-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7BIT Subject: spammer In-Reply-To: X-Mailer: Pegasus Mail for Win32 (v2.53/R1) Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I've received three of these, fortunately listproc 6.0 won't let them through. I had thought that research@answerme... was one of the "black\remal mai" subscribers, but this is the only one to try posting to my list. Rejected message: sent to pos302-l@thor.cmp.ilstu.edu by DAEMON@ISP-AM.NET follows. Reason for rejection: suspicious address. -------------------------------------------------------------------------- ----- ------- Forwarded Message Follows ------- From: Self To: research@answerme.com Subject: p42qRsT9 text Cc: rova@mail.idt.net Reply-to: pop2.nai.net Date: Mon, 24 Mar 1997 08:36:48 ***A COMPANY THAT IS DEDICATED IN IMPROVING YOUR HEALTH WHILE OFFERING YOU THE OPPORTUNITY FOR IMPROVING YOUR WEALTH*** Dr. Earl Mindell, the world's undisputed best known nutritionist and author of his latest book "SECRET REMEDIES", provides the cutting edge treatments for common ailments that make use of vitamins, minerals, herbs, aminio acids and natuaral hormones. These -- Gary Klass gmklass@ilstu.edu Department of Political Science Illinois State University Normal Illinois 61790-4699 From owner-list-managers-outgoing Fri Apr 4 00:00:56 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA13483 for list-managers-outgoing; Thu, 3 Apr 1997 23:50:19 -0800 (PST) Received: from tardis.Tymnet.COM (tardis.tymnet.com [131.146.3.15]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA13365 for ; Thu, 3 Apr 1997 23:49:53 -0800 (PST) Received: (from jms@localhost) by tardis.Tymnet.COM (8.8.5/8.8.5) id XAA05321 for List-Managers@greatcircle.com; Thu, 3 Apr 1997 23:48:20 -0800 (PST) From: Joe Smith Message-Id: <199704040748.XAA05321@tardis.Tymnet.COM> Subject: Cyberpromo e-mail headers To: List-Managers@greatcircle.com Date: Thu, 3 Apr 1997 23:48:19 -0800 (PST) X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I got a bounce message from mail addressed to a person who had not worked here since 1991. I had not seen this particular type of header from cyberpromo before. ----- Message header follows ----- Return-Path: Received: by tymix.Tymnet.COM (4.1/SMI-4.1) id AA21511; Thu, 3 Apr 97 20:06:27 PST Received: from 205.199.212.34 by tymix.Tymnet.COM (in.smtpd); 3 Apr 0 20:06:27 PDT Received: from Cyber Promotions' new "ISPam Network" - Details at http://www.cyberpromo.com From: ginette@savetrees.com X-Shocking-Web-Page: Visit http://www.cyberpromo.com X-Please-Note: THIS SERVER RELAYS MAIL FROM OTHER SOURCES ONLY! To: dreamfactory@ginette.com Subject: $FREEDOM$ Reply-To: ginette@savetrees.com Date: today Comments: Authenticated sender is Received: from savetrees.com (savetrees.com [000.000.000.000]) by savetrees.com (0.0.0./0.0.0.) with SMTP id AAA000000 for ; Thu, 3 Apr 1997 19:26:23 -0500 (EST) Message-Id: 0000000000.AAA000@savetrees.com X-Uidl: 88789179912968814279284189728723 ----- Message header ends ----- Note the "Date:" and "X-" headers. -Joe From owner-list-managers-outgoing Fri Apr 4 18:15:43 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id SAA10766 for list-managers-outgoing; Fri, 4 Apr 1997 18:03:43 -0800 (PST) Received: from big.aa.net (big.aa.net [204.157.220.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id SAA10685 for ; Fri, 4 Apr 1997 18:03:03 -0800 (PST) Received: from cust81.max1.seattle.aa.net (cust81.max1.seattle.aa.net [205.199.141.81]) by big.aa.net (8.8.5/8.7.5) with SMTP id SAA13180 for ; Fri, 4 Apr 1997 18:01:07 -0800 X-Intended-For: Message-ID: <3345AEB2.3845@aa.net> Date: Fri, 04 Apr 1997 17:45:22 -0800 From: Troy Craig Reply-To: tc@aa.net X-Mailer: Mozilla 3.01 (Win16; I) MIME-Version: 1.0 To: List-Managers@GreatCircle.COM Subject: Re: List-Managers-Digest V6 #75 References: <199704040900.BAA21455@honor.greatcircle.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk PLEASE CANCEL THIS SUBSCRIPTION.I AM CURRENTLY BOOGED DOWN WITH EMAIL. THANKS. TROY List-Managers-Digest wrote: > > List-Managers-Digest Friday, April 4 1997 Volume 06 : Number 075 > > In this issue: > > Date: Thu, 3 Apr 1997 01:01:16 -0800 (PST) > spammer > Cyberpromo e-mail headers > > See the end of the digest for information on subscribing to the List-Managers > or List-Managers-Digest mailing lists and on how to retrieve back issues. > > ---------------------------------------------------------------------- > > Date: Thu, 3 Apr 1997 01:38:39 -0800 (PST) > From: Lou Katz > Subject: Date: Thu, 3 Apr 1997 01:01:16 -0800 (PST) > > A minor correction - by sending a lengthy message, I did not mean > mailbombing at all. Rather, a treatise on why I was objecting to the > particular piece of mail (included), and suggestions about how and why > to cope with it. Some fine examples of this type of message have shown > up on this list. I just wanted to indicate that a one-line message of > complaint was not sufficient. A couple of screens of text plus the > complete offending message strikes me as reasonable. It does take some > care to make sure you don't complain to forged addresses, but the relays > and the spam-havens should be notified. > > I believe that simply throwing away spam through filters will accomplish > nothing besides keeping one's mailbox and the mailing lists you manage > clear. In the meantime the bandwidth of the net is being choked by > this unwanted traffic, and the 'cost' to the spammers and their allies > is low. Silence on the part of upstream providers is acquiescence at best > and encouragement at worst. If we can raise the cost of spamming we > might reduce the volume. > > - -=[Lou]=- > > ------------------------------ > > Date: Thu, 3 Apr 1997 20:55:17 +0000 > From: "Gary Klass" > Subject: spammer > > I've received three of these, fortunately listproc 6.0 won't let them > through. I had thought that research@answerme... was one of the > "black\remal mai" subscribers, but this is the only one to try posting to > my list. > > Rejected message: sent to pos302-l@thor.cmp.ilstu.edu by > DAEMON@ISP-AM.NET follows. Reason for rejection: suspicious address. > - -------------------------------------------------------------------------- > - ----- ------- Forwarded Message Follows ------- From: Self > To: research@answerme.com Subject: > p42qRsT9 text Cc: rova@mail.idt.net Reply-to: pop2.nai.net > Date: Mon, 24 Mar 1997 08:36:48 > > ***A COMPANY THAT IS DEDICATED IN IMPROVING YOUR > HEALTH WHILE OFFERING YOU THE OPPORTUNITY FOR > IMPROVING YOUR WEALTH*** > > Dr. Earl Mindell, the world's undisputed best known nutritionist and > author of his latest book "SECRET REMEDIES", provides the cutting edge > treatments for common ailments that make use of vitamins, minerals, herbs, > aminio acids and natuaral hormones. These > - -- > Gary Klass > gmklass@ilstu.edu > Department of Political Science > Illinois State University > Normal Illinois 61790-4699 > > ------------------------------ > > Date: Thu, 3 Apr 1997 23:48:19 -0800 (PST) > From: Joe Smith > Subject: Cyberpromo e-mail headers > > I got a bounce message from mail addressed to a person who had not worked > here since 1991. I had not seen this particular type of header from > cyberpromo before. > > ----- Message header follows ----- > Return-Path: > Received: by tymix.Tymnet.COM (4.1/SMI-4.1) > id AA21511; Thu, 3 Apr 97 20:06:27 PST > Received: from 205.199.212.34 > by tymix.Tymnet.COM (in.smtpd); 3 Apr 0 20:06:27 PDT > Received: from Cyber Promotions' new "ISPam Network" - Details > at http://www.cyberpromo.com > From: ginette@savetrees.com > X-Shocking-Web-Page: Visit http://www.cyberpromo.com > X-Please-Note: THIS SERVER RELAYS MAIL FROM OTHER SOURCES ONLY! > To: dreamfactory@ginette.com > Subject: $FREEDOM$ > Reply-To: ginette@savetrees.com > Date: today > Comments: Authenticated sender is > Received: from savetrees.com (savetrees.com [000.000.000.000]) by savetrees.com (0.0.0./0.0.0.) with SMTP id AAA000000 for ; Thu, 3 Apr 1997 19:26:23 -0500 (EST) > Message-Id: 0000000000.AAA000@savetrees.com > X-Uidl: 88789179912968814279284189728723 > ----- Message header ends ----- > > Note the "Date:" and "X-" headers. > -Joe > > ------------------------------ > > End of List-Managers-Digest V6 #75 > ********************************** > > To unsubscribe from List-Managers-Digest, send the following command > in the body of a message to "Majordomo@GreatCircle.COM": > > unsubscribe list-managers-digest > > If you want to subscribe or unsubscribe an address other than the > account the mail is coming from, such as a local redistribution list, > then append that address to the command; for example, to subscribe > "local-list-managers": > > subscribe list-managers-digest local-list-managers@your.domain.net > > A non-digest (direct mail) version of this list is also available; to > subscribe to that instead, replace all instances of "list-managers-digest" > in the commands above with "list-managers". > > Compressed back issues are available for anonymous FTP from > FTP.GreatCircle.COM, in pub/list-managers/digest/vNN.nMMM.Z (where "NN" > is the volume number, and "MMM" is the issue number). From owner-list-managers-outgoing Sat Apr 5 19:49:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id TAA13224 for list-managers-outgoing; Sat, 5 Apr 1997 19:40:50 -0800 (PST) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id TAA13205 for list-managers@greatcircle.com; Sat, 5 Apr 1997 19:40:45 -0800 (PST) Received: from mail1y-int.prodigy.net (mail1y-ext.prodigy.net [198.83.19.113]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA24017 for ; Fri, 4 Apr 1997 12:15:56 -0800 (PST) Received: from grayling.fishy.net ([172.16.3.90]) by mail1y-int.prodigy.net (8.7.5/8.7.3) with SMTP id PAA83860 for ; Fri, 4 Apr 1997 15:14:26 -0500 Date: Fri, 4 Apr 1997 15:14:26 -0500 Message-Id: <199704042014.PAA83860@mail1y-int.prodigy.net> X-Sender: bonnie@pop.fishy.net X-Mailer: Windows Eudora Pro Version 2.1.2 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: List-Managers@GreatCircle.COM From: Bonnie Scott Subject: Re: Cyberpromo e-mail headers Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I'll bet they don't save any log files either. Bonnie Scott At 11:48 PM 4/3/97 -0800, Joe Smith wrote: > ----- Message header follows ----- >Return-Path: >Received: by tymix.Tymnet.COM (4.1/SMI-4.1) > id AA21511; Thu, 3 Apr 97 20:06:27 PST >Received: from 205.199.212.34 > by tymix.Tymnet.COM (in.smtpd); 3 Apr 0 20:06:27 PDT >Received: from Cyber Promotions' new "ISPam Network" - Details > at http://www.cyberpromo.com >From: ginette@savetrees.com >X-Shocking-Web-Page: Visit http://www.cyberpromo.com >X-Please-Note: THIS SERVER RELAYS MAIL FROM OTHER SOURCES ONLY! >To: dreamfactory@ginette.com >Subject: $FREEDOM$ >Reply-To: ginette@savetrees.com >Date: today >Comments: Authenticated sender is >Received: from savetrees.com (savetrees.com [000.000.000.000]) by savetrees.com (0.0.0./0.0.0.) with SMTP id AAA000000 for ; Thu, 3 Apr 1997 19:26:23 -0500 (EST) >Message-Id: 0000000000.AAA000@savetrees.com >X-Uidl: 88789179912968814279284189728723 > ----- Message header ends ----- > >Note the "Date:" and "X-" headers. > -Joe From owner-list-managers-outgoing Sat Apr 5 20:19:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id UAA16018 for list-managers-outgoing; Sat, 5 Apr 1997 20:14:46 -0800 (PST) Received: from sparkie.gnofn.org (sparkie.gnofn.org [206.27.168.35]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id UAA16010 for ; Sat, 5 Apr 1997 20:14:39 -0800 (PST) Received: from sparkie.gnofn.org (sparkie.gnofn.org [206.27.168.35]) by sparkie.gnofn.org (8.7.Beta.10/8.7.Beta.10) with SMTP id WAA14464 for ; Sat, 5 Apr 1997 22:13:26 -0600 (CST) Date: Sat, 5 Apr 1997 22:13:25 -0600 (CST) From: "Your friend at:" cc: List-Managers@GreatCircle.COM Subject: Majordomo In-Reply-To: <199704042014.PAA83860@mail1y-int.prodigy.net> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Dear Friends, I have tried to download majordomo but I can't seem to get it installed. Any suggestions? Sincerely, Christopher <><><><><><><><><><><><><><><><><><><><><><><><><> (Bhagavad Gita 2.51) From owner-list-managers-outgoing Sat Apr 5 23:34:52 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id XAA03395 for list-managers-outgoing; Sat, 5 Apr 1997 23:31:47 -0800 (PST) Received: from magpie.com (magpie.com [206.138.212.31]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id XAA03388 for ; Sat, 5 Apr 1997 23:31:40 -0800 (PST) Received: from ripley (ripley.magpie.com [192.0.1.2]) by magpie.com (8.8.5/8.7.3) with SMTP id DAA16803 for ; Sun, 6 Apr 1997 03:29:42 -0400 Message-Id: <3.0.32.19970406032454.00bbfe80@192.0.1.6> X-Sender: manes@192.0.1.6 X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Sun, 06 Apr 1997 03:24:55 -0400 To: List-Managers@GreatCircle.COM From: Steve Manes Subject: Digest headers Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 01:00 AM 4/5/97 -0800, you wrote: >PLEASE CANCEL THIS SUBSCRIPTION.I AM CURRENTLY BOOGED DOWN WITH EMAIL. >THANKS. >TROY > > >List-Managers-Digest wrote: >> >> List-Managers-Digest Friday, April 4 1997 Volume 06 : Number 075 >> >> In this issue: >> ----[ digest header removed ]---------------------------------- May I suggest a new feature to the next revision of Majorodomo? How about something to scan for occurances of message_fronter and message_footer in any post to prevent this kind of bandwidth-sucking feedback? I've kludged something to do this on my Majordomo but I'm sure you guys could come up with something more elegant. Also, an optional feature to bounce posts which slurp in the default Subject: of an outgoing digest, i.e. "Subject: re: List-Managers-Digest V6 #76". The latter trashes up threads in reposts to bridged newsgroups. -----------------------[ http://www.magpie.com ]-----------=o&>o--------- Steve Manes | Int'l Bass Players | for info, email manes@magpie.com | NYC Motorcyclists | server@magpie.com with 94 Harley-Davidson FLHR | Triumph MC Owners | the message text, "lists" 95 Triumph Super III | Motorcycle Safety | 97 Triumph T595 | | N'Yawk, N'Yawk From owner-list-managers-outgoing Sun Apr 6 01:06:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id AAA08268 for list-managers-outgoing; Sun, 6 Apr 1997 00:51:44 -0800 (PST) Received: from iquest3.iquest.net (iquest3.iquest.net [206.246.190.103]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id AAA08261 for ; Sun, 6 Apr 1997 00:51:39 -0800 (PST) Received: (qmail 8747 invoked by uid 15018); 6 Apr 1997 08:50:25 -0000 MBOX-Line: From aen Sun Apr 6 03:50 EST 1997 >Received: (from alt@localhost) by aen.aen.org (8.6.12/8.6.12) id DAA05511; Sun, 6 Apr 1997 03:16:42 -0500 Date: Sun, 6 Apr 1997 03:16:42 -0500 (EST) From: Al Thompson To: "Your friend at:" cc: List-Managers@GreatCircle.COM Subject: Re: Majordomo In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk On Sat, 5 Apr 1997, Your friend at: wrote: > > Dear Friends, > > I have tried to download majordomo but I can't seem to get it > installed. Any suggestions? Sure! Try again! From owner-list-managers-outgoing Sun Apr 6 11:34:18 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA18248 for list-managers-outgoing; Sun, 6 Apr 1997 11:30:26 -0700 (PDT) Received: from sina.hpc.uh.edu (Sina.HPC.UH.EDU [129.7.3.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA18239 for ; Sun, 6 Apr 1997 11:30:20 -0700 (PDT) Received: (from tibbs@localhost) by sina.hpc.uh.edu (8.7.3/8.7.3) id NAA06347; Sun, 6 Apr 1997 13:29:05 -0500 (CDT) To: Steve Manes Cc: List-Managers@GreatCircle.COM Subject: Re: Digest headers References: <3.0.32.19970406032454.00bbfe80@192.0.1.6> Mime-Version: 1.0 (generated by tm-edit 7.100) Content-Type: text/plain; charset=US-ASCII From: Jason L Tibbitts III Date: 06 Apr 1997 13:29:04 -0500 In-Reply-To: Steve Manes's message of Sun, 06 Apr 1997 03:24:55 -0400 Message-ID: Lines: 20 X-Mailer: Gnus v5.4.40/Emacs 19.34 Sender: list-managers-owner@GreatCircle.COM Precedence: bulk >>>>> "SM" == Steve Manes writes: SM> May I suggest a new feature to the next revision of Majorodomo? You'd be way better off asking on one of the Majordomo lists. This is not the place. SM> How about something to scan for occurances of message_fronter and SM> message_footer in any post to prevent this kind of bandwidth-sucking SM> feedback? It's already in there. See taboo_body. SM> Also, an optional feature to bounce posts which slurp in the default SM> Subject: of an outgoing digest, i.e. "Subject: re: List-Managers-Digest SM> V6 #76". See taboo_headers. - J< From owner-list-managers-outgoing Sun Apr 6 11:49:29 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA20098 for list-managers-outgoing; Sun, 6 Apr 1997 11:48:38 -0700 (PDT) Received: from thyme (thyme.finesse.com [140.174.171.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA20091 for ; Sun, 6 Apr 1997 11:48:32 -0700 (PDT) Received: by thyme (SMI-8.6/SMI-SVR4) id LAA20548; Sun, 6 Apr 1997 11:48:19 -0700 Date: Sun, 6 Apr 1997 11:48:19 -0700 From: marym@Finesse.COM (Mary Morris) Message-Id: <199704061848.LAA20548@thyme> To: List-Managers@GreatCircle.COM Subject: Questions X-Sun-Charset: US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I'm looking to acquire a version of sendmail that allows me to configure it to refuse email where the return address is a non-existant domain. Does such a beast exist? If so, how is it accomplished? Thanks in advance Mary Morris From owner-list-managers-outgoing Sun Apr 6 14:49:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA04215 for list-managers-outgoing; Sun, 6 Apr 1997 14:46:42 -0700 (PDT) Received: from pool.pipex.net (pool.pipex.net [158.43.128.24]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id OAA04208 for ; Sun, 6 Apr 1997 14:46:35 -0700 (PDT) Received: (qmail 29850 invoked from smtpd); 6 Apr 1997 21:45:22 -0000 Received: from pool.pipex.net (HELO pool.uunet.pipex.com) (158.43.128.24) by pool.pipex.net with SMTP; 6 Apr 1997 21:45:22 -0000 Date: Sun, 6 Apr 1997 22:45:21 +0100 (BST) From: Chuck Foster X-Sender: chuck@pool.uunet.pipex.com To: Mary Morris cc: List-Managers@GreatCircle.COM Subject: Re: Questions In-Reply-To: <199704061848.LAA20548@thyme> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk On Sun, 6 Apr 1997, Mary Morris wrote: > I'm looking to acquire a version of sendmail that allows me > to configure it to refuse email where the return address is > a non-existant domain. Does such a beast exist? If so, how > is it accomplished? Any recent sendmail (certainly 8.0+) should be able to do this, if you use a V2 or above configuration file. The example below could be a different ruleset which you could call from elsewhere. I also assume here that your general rules don't want a dot on the end, but if they do simply add that on the end of the second line for returning. # This line makes the address canonical R$+@$+ $:$1@$[$2$] # If the address was valid, it has a dot on the end, so return without it R$+@$+. $@$1@$2 # Otherwise it couldn't be resolved, so bounce it. R$+@$+ $#error $: Erm, $2 is not a known domain I'm not sure what happens if your sendmail cannot resolve the address at that time - I would imagine it would bounce it. Use it at your own risk! Hope that made some sense! Best Wishes Chuck From owner-list-managers-outgoing Mon Apr 7 01:35:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id BAA03999 for list-managers-outgoing; Mon, 7 Apr 1997 01:20:58 -0700 (PDT) Received: from magpie.com (magpie.com [206.138.212.31]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id BAA03923 for ; Mon, 7 Apr 1997 01:20:32 -0700 (PDT) Received: from ripley (ripley.magpie.com [192.0.1.2]) by magpie.com (8.8.5/8.7.3) with SMTP id EAA09046 for ; Mon, 7 Apr 1997 04:18:52 -0400 Message-Id: <3.0.32.19970407041352.00ada9a0@192.0.1.6> X-Sender: manes@192.0.1.6 X-Mailer: Windows Eudora Pro Version 3.0 (32) Date: Mon, 07 Apr 1997 04:13:53 -0400 To: List-Managers@GreatCircle.COM From: Steve Manes Subject: taboor_headers Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: list-managers-owner@GreatCircle.COM Precedence: bulk >From: Jason L Tibbitts III >It's already in there. See taboo_body. >See taboo_headers. You missed the point. Taboo_headers requires manually entering in unwanted strings which in this case Majordomo's 'resend' program has already loaded and already knows. -----------------------[ http://www.magpie.com ]-----------=o&>o--------- Steve Manes | Int'l Bass Players | for info, email manes@magpie.com | NYC Motorcyclists | server@magpie.com with 94 Harley-Davidson FLHR | Triumph MC Owners | the message text, "lists" 95 Triumph Super III | Motorcycle Safety | 97 Triumph T595 | | N'Yawk, N'Yawk From owner-list-managers-outgoing Mon Apr 7 11:18:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA07502 for list-managers-outgoing; Mon, 7 Apr 1997 10:57:55 -0700 (PDT) Received: from sina.hpc.uh.edu (Sina.HPC.UH.EDU [129.7.3.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA07454 for ; Mon, 7 Apr 1997 10:57:42 -0700 (PDT) Received: (from tibbs@localhost) by sina.hpc.uh.edu (8.7.3/8.7.3) id MAA04744; Mon, 7 Apr 1997 12:56:15 -0500 (CDT) To: Steve Manes Cc: List-Managers@GreatCircle.COM Subject: Re: taboor_headers References: <3.0.32.19970407041352.00ada9a0@192.0.1.6> Mime-Version: 1.0 (generated by tm-edit 7.100) Content-Type: text/plain; charset=US-ASCII From: Jason L Tibbitts III Date: 07 Apr 1997 12:56:15 -0500 In-Reply-To: Steve Manes's message of Mon, 07 Apr 1997 04:13:53 -0400 Message-ID: Lines: 19 X-Mailer: Gnus v5.4.40/Emacs 19.34 Sender: list-managers-owner@GreatCircle.COM Precedence: bulk >>>>> "SM" == Steve Manes writes: SM> You missed the point. Not at all. SM> Taboo_headers requires manually entering in unwanted strings which in SM> this case Majordomo's 'resend' program has already loaded and already SM> knows. No, it gives you the flexibility to cook up expressions that would let Majordomo recognize your fronters or footers even in the face of quoting, line wrapping, or other mangling. A simple match wouldn't do it, and Majordomo has no idea of what in your footers is unique enough to match on. But, like I said, this is not the place to discuss it. - J< From owner-list-managers-outgoing Mon Apr 7 15:51:04 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13538 for list-managers-outgoing; Mon, 7 Apr 1997 15:25:49 -0700 (PDT) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id PAA13519 for list-managers@greatcircle.com; Mon, 7 Apr 1997 15:25:41 -0700 (PDT) Received: from outlawnet.com (outlawnet.com [204.245.248.202]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA26070; Mon, 7 Apr 1997 13:17:41 -0700 (PDT) Received: from [163.185.20.230] ([163.185.20.230]) by outlawnet.com (8.7.5/8.7.3) with ESMTP id NAA06979; Mon, 7 Apr 1997 13:17:14 -0700 (PDT) X-Sender: garyb@outlawnet.com Message-Id: In-Reply-To: <199704020900.BAA12316@honor.greatcircle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Mon, 7 Apr 1997 14:16:53 -0600 To: Brent@GreatCircle.COM From: Gary Bickford Subject: Re: List-Managers-Digest V6 #73 Cc: list-managers-digest@GreatCircle.COM Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Brent, >We've had some success using a front-end filter for Majordomo that blocks [snip] Thanks for the great work, and the great tool! Just thought you'd like to hear something once in a while. PS - I sent mail to the list-managers list a few weeks ago, offering to set up and run a database of problem domains/users, if folks would help figure out just what it should contain. There's some obvious difficulties and complexities. I was thinking of a kind of clearinghouse that would be able to keep pretty close to up-to-the minute based on input from selected master users. I posted it twice, but to my knowledge it never appeared (I get the digest, so I miss things sometimes). Maybe somebody thought this was a hoax. The offer still stands - I run mSQL (http://www.hughes.com.au), and I/we can make it accessible only from approved hosts either via the web, or via a connection on a particular port if you want to make it accessible from within majordomo. Or, if you'd rather, I can help you set something like this up at Great Circle. GB From owner-list-managers-outgoing Mon Apr 7 15:58:28 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA13407 for list-managers-outgoing; Mon, 7 Apr 1997 15:24:52 -0700 (PDT) Received: (mcb@localhost) by honor.greatcircle.com (8.8.5/Honor-970308-1) id PAA13399 for list-managers@greatcircle.com; Mon, 7 Apr 1997 15:24:49 -0700 (PDT) Received: from epona.sugar-land.oilfield.slb.com. (epona.sugar-land.oilfield.slb.com [163.185.167.200]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA13500 for ; Mon, 7 Apr 1997 07:57:18 -0700 (PDT) Received: by epona.sugar-land.oilfield.slb.com. (SMI-8.6/SMI-SVR4) id JAA25945; Mon, 7 Apr 1997 09:59:00 -0500 Date: Mon, 7 Apr 1997 09:59:00 -0500 From: garyb@epona.sugar-land.oilfield.slb.com (Gary Bickford) Message-Id: <199704071459.JAA25945@epona.sugar-land.oilfield.slb.com.> Subject: Re: Spoofed junk mail To: list-managers@greatcircle.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Content-MD5: 9aAmPAXGGLdCUJQDHPRzSg== Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Folks, We just got spoofed in a junk mail attack. Does this look familiar to anyone? I included the first few lines, only for identification. Needless to say, there's nobody at this company with the email hab GB PS - Please >>>Return-Path: >>>Received: from relay7.UU.NET ([192.48.96.17]) by stats.tcd.ie (4.1/SMI-4.1) >>> id AA20262; Fri, 4 Apr 97 22:30:18 BST >>>Received: from default by relay7.UU.NET with SMTP >>> (peer crosschecked as: Cust14.Max19.New-Orleans.LA.MS.UU.NET >>>[153.34.209.14]) >>> id QQcjwg04613; Fri, 4 Apr 1997 16:43:00 -0500 (EST) >>>Date: Fri, 4 Apr 1997 16:43:00 -0500 (EST) >>>Message-Id: >>>From: Harvey >>>To: XXXXXXXXXX >>>Subject: STARCH BLOCKER >>>Mime-Version: 1.0 >>>Content-Type: text/plain; charset="us-ascii" >>>Content-Transfer-Encoding: 7bit >>> >>> >>> I've sent this to a LOT of people today and thought you'd like >>> to see it also. >>> >>> ********************************************************************** >>> This message is a one time delivery. >>> You have NOT been added to any list and will NOT be contacted again. >>> ********************************************************************** >>> >>> >>> >>> For a free tape on Starch Blocker, >>> hit reply, type "SEND STARCH BLOCKER TAPE" in the Subject Field, >>> and fill out the following info completely: From owner-list-managers-outgoing Mon Apr 7 16:27:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA17574 for list-managers-outgoing; Mon, 7 Apr 1997 16:14:07 -0700 (PDT) Received: from miles.greatcircle.com (miles.greatcircle.com [198.102.244.34]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA17501 for ; Mon, 7 Apr 1997 16:13:50 -0700 (PDT) Received: from sacusr.mp.usbr.gov (sacusr.mp.usbr.gov [140.214.12.2]) by miles.greatcircle.com (8.8.5/Miles-970308-2) with SMTP id QAA22022 for ; Mon, 7 Apr 1997 16:14:51 -0700 (PDT) Received: by sacto.mp.usbr.gov (MX V4.2A VAX) id 44; Mon, 07 Apr 1997 16:12:00 PDT Date: Mon, 07 Apr 1997 16:11:58 PDT From: "Henry W. Miller" To: garyb@epona.sugar-land.oilfield.slb.com CC: list-managers@greatcircle.com, henrym@sacto.mp.usbr.gov Message-ID: <009B26F6.E1C2558E.44@sacto.mp.usbr.gov> Subject: Re: Spoofed junk mail Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > From: MX%"garyb@epona.sugar-land.oilfield.slb.com" "Gary Bickford" 7-APR-1997 16:06:16.46 > Subj: Re: Spoofed junk mail Gary, Well, the host name and IP address are the time that MSN "leases" from uunet. Maybe you should try complaining to MSN and uunet. -HWM > Folks, > We just got spoofed in a junk mail attack. Does this look familiar to anyone? > I included the first few lines, only for identification. > > Needless to say, there's nobody at this company with the email hab > GB > PS - Please > > >>>Return-Path: > >>>Received: from relay7.UU.NET ([192.48.96.17]) by stats.tcd.ie (4.1/SMI-4.1) > >>> id AA20262; Fri, 4 Apr 97 22:30:18 BST > >>>Received: from default by relay7.UU.NET with SMTP > >>> (peer crosschecked as: Cust14.Max19.New-Orleans.LA.MS.UU.NET > >>>[153.34.209.14]) > >>> id QQcjwg04613; Fri, 4 Apr 1997 16:43:00 -0500 (EST) > >>>Date: Fri, 4 Apr 1997 16:43:00 -0500 (EST) > >>>Message-Id: > >>>From: Harvey > >>>To: XXXXXXXXXX > >>>Subject: STARCH BLOCKER > >>>Mime-Version: 1.0 > >>>Content-Type: text/plain; charset="us-ascii" > >>>Content-Transfer-Encoding: 7bit > >>> > >>> > >>> I've sent this to a LOT of people today and thought you'd like > >>> to see it also. > >>> > >>> ********************************************************************** > >>> This message is a one time delivery. > >>> You have NOT been added to any list and will NOT be contacted again. > >>> ********************************************************************** > >>> > >>> > >>> > >>> For a free tape on Starch Blocker, > >>> hit reply, type "SEND STARCH BLOCKER TAPE" in the Subject Field, > >>> and fill out the following info completely: > From owner-list-managers-outgoing Tue Apr 8 03:06:46 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA19326 for list-managers-outgoing; Tue, 8 Apr 1997 02:37:14 -0700 (PDT) Received: from hyperreal.com (taz.hyperreal.com [204.152.144.36]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id CAA19319 for ; Tue, 8 Apr 1997 02:36:43 -0700 (PDT) Received: from localhost (brian@localhost) by hyperreal.com (8.8.4/8.8.4) with SMTP id CAA01020 for ; Tue, 8 Apr 1997 02:35:24 -0700 (PDT) Date: Tue, 8 Apr 1997 02:35:24 -0700 (PDT) From: Brian Behlendorf To: list-managers@greatcircle.com Subject: AOL down, list-bombers to blame? Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk AOL mail servers have been refusing connections from my neck of the woods since 9am PST Monday morning. I've also seen a huge spike in the number of mailing-list-svbscribe-bombs being lobbied at AOL users today. Coincidence? Brian --=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-- brian@hyperreal.com http://www.apache.org http://www.organic.com/jobs From owner-list-managers-outgoing Tue Apr 8 07:53:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id HAA09230 for list-managers-outgoing; Tue, 8 Apr 1997 07:36:07 -0700 (PDT) Received: from sacusr.mp.usbr.gov (sacusr.mp.usbr.gov [140.214.12.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id HAA09155 for ; Tue, 8 Apr 1997 07:35:47 -0700 (PDT) Received: by sacto.mp.usbr.gov (MX V4.2A VAX) id 47; Tue, 08 Apr 1997 07:33:33 PDT Date: Tue, 08 Apr 1997 07:33:31 PDT From: "Henry W. Miller" To: garyb@epona.sugar-land.oilfield.slb.com CC: list-managers@greatcircle.com, henrym@sacto.mp.usbr.gov Message-ID: <009B2777.9F7581DE.47@sacto.mp.usbr.gov> Subject: Re: Spoofed junk mail Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > From: MX%"garyb@epona.sugar-land.oilfield.slb.com" "Gary Bickford" 8-APR-1997 07:16:15.93 > Subj: Re: Spoofed junk mail Gary, > Folks, here's some more information re our little spam problem. This may be a > little long, but I thought it might be useful to somebody out there. If > nothing else, it shows the mentality. Names have been removed to protect the > innocent. > > Looks like I'll have to start reading newsgroups again. PS - What's UCE? AFAIK - "Unsolicited Commercial Email". > GB > -HWM From owner-list-managers-outgoing Tue Apr 8 16:07:57 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id PAA24064 for list-managers-outgoing; Tue, 8 Apr 1997 15:56:42 -0700 (PDT) Received: from random.tpgi.com.au (random.tpgi.com.au [203.12.160.7]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id PAA24042 for ; Tue, 8 Apr 1997 15:56:24 -0700 (PDT) Received: from elec_eng_laptop ([156.50.106.96]) by random.tpgi.com.au (8.8.4/8.8.4) with SMTP id IAA20790 for ; Wed, 9 Apr 1997 08:54:35 +1000 (EST) Date: Wed, 9 Apr 1997 08:54:35 +1000 (EST) Message-Id: <199704082254.IAA20790@random.tpgi.com.au> X-Sender: rmanthe@bri-mail.tpgi.com.au X-Mailer: Windows Eudora Version 2.0.3 Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" To: list-managers@GreatCircle.COM From: RibMan@tpgi.com.au (Rob «RibMan») Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Subject: FW: Toni Kawada: Internet Virus !!!! Please Read. (fwd) >THIS INFORMATION WAS RECEIVED THIS MORNING FROM IBM, PLEASE SHARE IT >ENTITLED "PENPAL GREETINGS!" This message appears to be a friendly I presume this is puke. Is there a site dedicated to declaring genuine and non-genuine viruses? Rob From owner-list-managers-outgoing Tue Apr 8 17:22:02 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA00559 for list-managers-outgoing; Tue, 8 Apr 1997 16:54:15 -0700 (PDT) Received: from colossus.arl.mil ([131.218.204.98]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id QAA00525 for ; Tue, 8 Apr 1997 16:53:54 -0700 (PDT) Received: from [131.218.204.98] by colossus.arl.mil with ESMTP (Apple Internet Mail Server 1.1.1); Tue, 8 Apr 1997 19:58:52 -0400 Message-Id: In-Reply-To: <199704082254.IAA20790@random.tpgi.com.au> Mime-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Organization: Little to None X-Mailer: Eudora 3.0 for Cray Y-MP Date: Tue, 8 Apr 1997 19:58:15 -0400 To: List-Managers@GreatCircle.COM From: Vince Sabio Subject: Re: Virus Hoaxes Sender: list-managers-owner@GreatCircle.COM Precedence: bulk ** Sometime around 08:54 +1000 4/9/97, Rob «RibMan» said: >I presume this is puke. Is there a site dedicated to declaring genuine and >non-genuine viruses? See DOE's Computer Incident Advisory Capability web page: Skip down to "Internet Hoaxes." And yes, it mentions "Penpal Greetings," along with a host of others that we've all grown to know and love. - Vince Sabio orionsoft@telephonet.com -- If you run a mailing list and are tired of manually processing mail bounces, then you probably need SmartBounce. For more information, send a blank email to . -- Because The Only GOOD Spammer is a DEAD Spammer From owner-list-managers-outgoing Tue Apr 8 17:36:58 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id QAA01116 for list-managers-outgoing; Tue, 8 Apr 1997 16:58:16 -0700 (PDT) Received: from casti.com (vector.casti.com [199.181.80.100]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id QAA01088 for ; Tue, 8 Apr 1997 16:58:03 -0700 (PDT) Received: by casti.com (8.6.9/NX3.0M) id SAA11536; Tue, 8 Apr 1997 18:56:41 -0500 Date: Tue, 8 Apr 1997 18:56:40 -0500 (GMT-0500) From: "Bill Casti, CQA (Moderator)" X-Sender: help@vector.casti.com To: Rob «RibMan» cc: list-managers@GreatCircle.COM Subject: Re: your mail In-Reply-To: <199704082254.IAA20790@random.tpgi.com.au> Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Content-Transfer-Encoding: QUOTED-PRINTABLE Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Yes, it's a hoax (and an OLD one at that). Try these sites: =09 http://ciac.llnl.gov/ciac/CIACHoaxes.html http://www.kumite.com/myths/ http://www.av.ibm.com/BreakingNews/HypeAlert/ http://www.av.ibm.com/BreakingNews/VirusAlert/ Regards. Bill =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D Bill Casti, CQA Email: help@quality.or= g - Domain Owner, QUALITY.ORG Pager: +1 800 604 6149 - List Moderator, "TQM in Manufacturing and Service Industries" - Chairman, Electronic Media ASQC Section 0511 (Northern VA) Section Email: E-media@quality.org - 1997-98 Chair-elect, Executive Board, ASQC Section 0511=20 - Senior Administrator, Internet Systems, Fed. Emergency Mgmt. Agency (FEM= A) ---------------------------------------------------------------------------= -- Get Your New CyberQ Teeshirt now! See the Design at http://www.quality.org/qc/teeshirts.html =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D On Wed, 9 Apr 1997, Rob =ABRibMan=BB wrote: > > Subject: FW: Toni Kawada: Internet Virus !!!! Please Read. (fwd) > > >THIS INFORMATION WAS RECEIVED THIS MORNING FROM IBM, PLEASE SHARE IT > > >ENTITLED "PENPAL GREETINGS!" This message appears to be a friendly > >=20 > I presume this is puke. Is there a site dedicated to declaring genuine a= nd > non-genuine viruses? >=20 > Rob >=20 >=20 From owner-list-managers-outgoing Tue Apr 8 17:53:12 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id RAA02156 for list-managers-outgoing; Tue, 8 Apr 1997 17:04:48 -0700 (PDT) Received: from [198.102.244.42] (pb520.greatcircle.com [198.102.244.42]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id RAA02034; Tue, 8 Apr 1997 17:04:03 -0700 (PDT) X-Sender: brent@honor.greatcircle.com Message-Id: In-Reply-To: References: <199704020900.BAA12316@honor.greatcircle.com> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Tue, 8 Apr 1997 17:00:44 -0800 To: Gary Bickford From: Brent Chapman Subject: Re: List-Managers-Digest V6 #73 Cc: list-managers-digest@GreatCircle.COM, mcb@GreatCircle.COM Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 2:16 PM -0600 4/7/97, Gary Bickford wrote: >Brent, >>We've had some success using a front-end filter for Majordomo that blocks >[snip] > >Thanks for the great work, and the great tool! Just thought you'd like to >hear something once in a while. > >PS - >I sent mail to the list-managers list a few weeks ago, offering to set up >and run a database of problem domains/users, if folks would help figure out >just what it should contain. There's some obvious difficulties and >complexities. I was thinking of a kind of clearinghouse that would be able >to keep pretty close to up-to-the minute based on input from selected >master users. > >I posted it twice, but to my knowledge it never appeared (I get the digest, >so I miss things sometimes). Maybe somebody thought this was a hoax. Your messages got held for review because the address you're posting from (garyb@fxt.com) isn't the same as what you're subscribed to the List-Managers mailing list with (garyb@outlawnet.com). The person who normally does all the postmaster stuff here (Michael Berch), including reviewing such messages, was out of the country for most of March, and I didn't have enough spare time to keep up with it all myself. He's back now, and more or less caught up, so things should be getting back to normal. >The offer still stands - I run mSQL (http://www.hughes.com.au), and I/we >can make it accessible only from approved hosts either via the web, or via >a connection on a particular port if you want to make it accessible from >within majordomo. Or, if you'd rather, I can help you set something like >this up at Great Circle. > >GB We have no interest in hosting such a database here. As you mention, there are a number of issues involved. Thanks! -Brent -- Brent Chapman Internet/intranet training and consulting, Brent@GreatCircle.COM specializing in network design and security. Great Circle Associates,Inc. Visit us at http://www.greatcircle.com/ From owner-list-managers-outgoing Wed Apr 9 07:06:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id GAA13116 for list-managers-outgoing; Wed, 9 Apr 1997 06:55:04 -0700 (PDT) Received: from grinch.whoville.leftbank.com (grinch.leftbank.com [139.167.128.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id GAA13102 for ; Wed, 9 Apr 1997 06:54:56 -0700 (PDT) Received: from zax.whoville.leftbank.com by grinch.whoville.leftbank.com via smtpd (for honor.greatcircle.com [198.102.244.44]) with SMTP; 9 Apr 1997 13:53:49 UT Received: (from nmehl@localhost) by zax.leftbank.com (8.7.5/8.7.3/LeftBank-1.1/http://www.leftbank.com/) id JAA18051; Wed, 9 Apr 1997 09:54:12 -0400 (EDT) From: "Nathan J. Mehl" Message-Id: <199704091354.JAA18051@zax.leftbank.com> Subject: Re: your mail To: RibMan@tpgi.com.au (Rob RibMan) Date: Wed, 9 Apr 1997 09:54:12 -0400 (EDT) Cc: list-managers@GreatCircle.COM In-Reply-To: <199704082254.IAA20790@random.tpgi.com.au> from "Rob RibMan" at Apr 9, 97 08:54:35 am X-Abby-Says: Nathan, you keep getting to be the first person who does things to me X-My-Minions: Took over Lunacon...and Minbar. X-Mailer: ELM [version 2.4 PL24] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk In the immortal words of Rob RibMan: > > Subject: FW: Toni Kawada: Internet Virus !!!! Please Read. (fwd) > >THIS INFORMATION WAS RECEIVED THIS MORNING FROM IBM, PLEASE SHARE IT > >ENTITLED "PENPAL GREETINGS!" This message appears to be a friendly > > I presume this is puke. Is there a site dedicated to declaring genuine and > non-genuine viruses? As a matter of fact, yes. Ironically given the content of the above message, the site devoted to debunking virus hoaxes is, in fact, run by IBM: http://www.av.ibm.com/BreakingNews/HypeAlert/ -n -- Don't blame me -- I voted for the Unabomber! Nathan J. Mehl -- The Left Bank Operation (work) nmehl@leftbank.com -- http://www.leftbank.com (play) memory@blank.org -- http://ccat.sas.upenn.edu/nmehl/ From owner-list-managers-outgoing Thu Apr 10 09:37:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA12016 for list-managers-outgoing; Thu, 10 Apr 1997 09:34:09 -0700 (PDT) Received: from mail.crl.com (mail.crl.com [165.113.1.22]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA12005 for ; Thu, 10 Apr 1997 09:34:03 -0700 (PDT) Received: from crl5.crl.com by mail.crl.com with SMTP id AA17946 (5.65c/IDA-1.5 for ); Thu, 10 Apr 1997 09:30:59 -0700 Date: Thu, 10 Apr 1997 09:30:56 -0700 (PDT) From: Subir Grewal To: List Managers Subject: AOL & compuserve problems. Message-Id: Mime-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I was wondering whether anyone here could help me understand and resolve two problems we're having. The first is the the widely reported problem reaching AOL's mail exchangers. If anyone has updates on that, or knows when it will be fixed, where to find out more about it etc. That would be very helpful. The second problem is a long standing one (since I took over our lists at work about 4 months ago). A lot of compuserve subscribers complain that they only recieve mail from us at infrequent intervals. We operate large mailing lists to deliver the synopsis of the day's news as reported in newspapers we host. Our logs show mail arrives at Compuserve. After that I have no way to track it, so it seems to be ending up in a black hole on some days. I'm interedted in solving this problem, but repeated messages (about 15 or so since I CC postmaster@compuserve on ever reply to a compuserve user's complaint) have gone unanswered and unacknowledged. Anyone know how to get a reply out of Compuserve? My usual trick is to send a message pointing out my difficulties, why the setup at the ISPs end makes it difficult for me to perform the trace myself (to find what address is bouncing etc.) and regreting the lack of a response which simply shows the ISPs complete lack of concern for a valuable service (mail) and possibly ineptness. This usually gets a response within the hour (people don't like to be told, however gently, that they don't know what they're doing) but not a peep out of CompuServe. So what do you think I should do? We have over a hundred compuserve users on our lists. hostmaster@trill-home.com * Lynx 2.7.1 * PGP * http://www.crl.com/~subir/ If an S and an I and an O and a U With an X at the end spell Su; And an E and a Y and an E spell I, Pray what is a speller to do? Then, if also an S and an I and a G And an HED spell side, There's nothing much left for a speller to do But to go commit siouxeyesighed. -- Charles Follen Adams, "An Orthographic Lament" From owner-list-managers-outgoing Thu Apr 10 10:22:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA15296 for list-managers-outgoing; Thu, 10 Apr 1997 09:54:02 -0700 (PDT) Received: from atheria.europa.com (atheria.europa.com [199.2.194.10]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id JAA15243 for ; Thu, 10 Apr 1997 09:53:48 -0700 (PDT) Received: from thetics.europa.com(really [199.2.194.14]) by atheria.europa.com via sendmail with smtp id for ; Thu, 10 Apr 1997 09:52:30 -0700 (PDT) (Smail-3.2.0.91 1997-Jan-14 #4 built 1997-Jan-19) Date: Thu, 10 Apr 1997 09:52:30 -0700 (PDT) From: kali To: List Managers Subject: Re: AOL & compuserve problems. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > I was wondering whether anyone here could help me understand and resolve > two problems we're having. The first is the the widely reported problem > reaching AOL's mail exchangers. If anyone has updates on that, or knows > when it will be fixed, where to find out more about it etc. That would be > very helpful. My ISP was experiencing problems with sending mail to AOL also, here is what they said to us: "The last few days our mail servers have been refusing connections at times due to very high loads. Once they handle their mail and open the port again, they are again flooded. This recurring cycle may make it appear like we are not accepting mail from your domain. We are aware that our mail servers are refusing connections at times, and we are taking steps to rectify those problems." humpf...doesn't really say much...but this was just yesterday..... -kali kali@europa.com From owner-list-managers-outgoing Thu Apr 10 12:38:24 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA28918 for list-managers-outgoing; Thu, 10 Apr 1997 11:24:47 -0700 (PDT) Received: from gumby.combdyn.com (gumby.combdyn.com [192.203.203.5]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA28898 for ; Thu, 10 Apr 1997 11:24:33 -0700 (PDT) Received: (from lawrence@localhost) by combdyn.com (8.8.5/8.8.5) id MAA18985; Thu, 10 Apr 1997 12:22:55 -0600 (MDT) From: Lawrence Chen Message-Id: <199704101822.MAA18985@gumby.combdyn.com> Subject: Re: AOL & compuserve problems. To: subir@crl.com (Subir Grewal) Date: Thu, 10 Apr 1997 12:22:55 -0600 (MDT) Cc: list-managers@GreatCircle.COM In-Reply-To: from "Subir Grewal" at Apr 10, 97 09:30:56 am X-Mailer: ELM [version 2.4 PL25] MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: 7bit Sender: list-managers-owner@GreatCircle.COM Precedence: bulk According to Subir Grewal: > The second problem is a long standing one (since I took over our lists > at work about 4 months ago). A lot of compuserve subscribers complain > that they only recieve mail from us at infrequent intervals. We operate > large mailing lists to deliver the synopsis of the day's news as reported > in newspapers we host. Our logs show mail arrives at Compuserve. After > that I have no way to track it, so it seems to be ending up in a black > hole on some days. I'm interedted in solving this problem, but repeated > messages (about 15 or so since I CC postmaster@compuserve on ever reply to > a compuserve user's complaint) have gone unanswered and unacknowledged. > Compuserve is kind of a strange beast......internally mail is not instantenous. I have seen it take hours for a message to go from one Compuserve user to another.....so it stands to reason that the same delays affect mail with the outside world. And, I have seen it take hours for a message originating from Compuserve arrive in my Internet mailbox. -- Lawrence Chen, P.Eng. "The Dreamer" VE6LKC/VE6PAQ Computer/Research Engineer Email: lawrence@combdyn.com Combustion Dynamics Ltd. Phone: +1 403 529 2162 #203, 132 4th Avenue S.E. Fax: +1 403 529 2516 Medicine Hat, AB T1A 8B5 URL: http://www.combdyn.com "Just a Crazy Engineer with an Amiga and a Newton MP130" - The Dreamer From owner-list-managers-outgoing Thu Apr 10 13:22:16 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA02015 for list-managers-outgoing; Thu, 10 Apr 1997 11:43:32 -0700 (PDT) Received: from casti.com (vector.casti.com [199.181.80.100]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA02000 for ; Thu, 10 Apr 1997 11:43:22 -0700 (PDT) Received: by casti.com (8.6.9/NX3.0M) id OAA09420; Thu, 10 Apr 1997 14:44:25 -0500 Date: Thu, 10 Apr 1997 14:44:24 -0500 (GMT-0500) From: "Bill Casti, CQA (Moderator)" X-Sender: help@vector.casti.com To: List Managers Subject: Re: AOL & compuserve problems. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk I've sent the posting to AOL's Postmaster, who is a friend of mine, for his viewpoint. I'll post what I get. Regards. Bill ============================================================================= Bill Casti, CQA Email: help@quality.org - Domain Owner, QUALITY.ORG Pager: +1 800 604 6149 - List Moderator, "TQM in Manufacturing and Service Industries" - Chairman, Electronic Media ASQC Section 0511 (Northern VA) Section Email: E-media@quality.org - 1997-98 Chair-elect, Executive Board, ASQC Section 0511 - Senior Administrator, Internet Systems, Fed. Emergency Mgmt. Agency (FEMA) ----------------------------------------------------------------------------- Get Your New CyberQ Teeshirt now! See the Design at http://www.quality.org/qc/teeshirts.html ============================================================================= On Thu, 10 Apr 1997, kali wrote: > > I was wondering whether anyone here could help me understand and resolve > > two problems we're having. The first is the the widely reported problem > > reaching AOL's mail exchangers. If anyone has updates on that, or knows > > when it will be fixed, where to find out more about it etc. That would be > > very helpful. > > My ISP was experiencing problems with sending mail to AOL also, here is > what they said to us: > > "The last few days our mail servers have been refusing connections at > times due to very high loads. Once they handle their mail and open the > port again, they are again flooded. This recurring cycle may make it > appear like we are not accepting mail from your domain. We are aware that > our mail servers are refusing connections at times, and we are taking > steps to rectify those problems." > > humpf...doesn't really say much...but this was just yesterday..... > > -kali > kali@europa.com > > From owner-list-managers-outgoing Thu Apr 10 14:22:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA23360 for list-managers-outgoing; Thu, 10 Apr 1997 13:46:05 -0700 (PDT) Received: from casti.com (vector.casti.com [199.181.80.100]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA23177 for ; Thu, 10 Apr 1997 13:45:11 -0700 (PDT) Received: by casti.com (8.6.9/NX3.0M) id QAA11175; Thu, 10 Apr 1997 16:46:16 -0500 Date: Thu, 10 Apr 1997 16:46:16 -0500 (GMT-0500) From: "Bill Casti, CQA (Moderator)" X-Sender: help@vector.casti.com To: list-managers@GreatCircle.COM Subject: Re: AOL & compuserve problems. (fwd) Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: list-managers-owner@GreatCircle.COM Precedence: bulk FYI.... ---------- Forwarded message ---------- Date: Thu, 10 Apr 1997 15:51:42 -0400 (EDT) From: Postmaster@aol.com To: help@quality.org Subject: Re: AOL & compuserve problems. (fwd) In a message dated 97-04-10 15:36:29 EDT, you write: > If you can shed light, please do so. There's not much light I can shed -- Operations is painfully aware of the problems and are working diligently to get things back to normal. I understand that we -are- accepting mail, but we have an enormous backlog of messages to process. --David ------------------- End of Forwarded Message -------------------- ============================================================================= Bill Casti, CQA Email: help@quality.org - Domain Owner, QUALITY.ORG Pager: +1 800 604 6149 - List Moderator, "TQM in Manufacturing and Service Industries" - Chairman, Electronic Media ASQC Section 0511 (Northern VA) Section Email: E-media@quality.org - 1997-98 Chair-elect, Executive Board, ASQC Section 0511 - Senior Administrator, Internet Systems, Fed. Emergency Mgmt. Agency (FEMA) ----------------------------------------------------------------------------- Get Your New CyberQ Teeshirt now! See the Design at http://www.quality.org/qc/teeshirts.html ============================================================================= From owner-list-managers-outgoing Thu Apr 10 14:22:21 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA27004 for list-managers-outgoing; Thu, 10 Apr 1997 14:11:27 -0700 (PDT) Received: from solutions.apple.com (solutions.apple.com [17.255.34.19]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id OAA26995 for ; Thu, 10 Apr 1997 14:11:21 -0700 (PDT) Received: from [17.219.12.99] (A17-219-12-99.apple.com [17.219.12.99]) by solutions.apple.com (8.6.10/A/UX 3.1) with ESMTP id OAA29644; Thu, 10 Apr 1997 14:11:24 -0700 Message-Id: In-Reply-To: <199704101822.MAA18985@gumby.combdyn.com> References: from "Subir Grewal" at Apr 10, 97 09:30:56 am Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Thu, 10 Apr 1997 14:03:56 -0700 To: Lawrence Chen , subir@crl.com (Subir Grewal) From: Chuq Von Rospach Subject: Re: AOL & compuserve problems. Cc: list-managers@GreatCircle.COM Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 11:22 AM -0700 4/10/97, Lawrence Chen wrote: >Compuserve is kind of a strange beast......internally mail is not >instantenous. Or consistent -- it's obviously an internal hodgepodge, because depending on the phase of the moon, different error messages come out of compuserve for different users. They haven't even gotten to the point where their internal systems are standardized.... That worries me... (grin) -- Chuq Von Rospach (chuq@apple.com) Apple IS&T Mail List Gnome Plaidworks Consulting (chuqui@plaidworks.com) ( +-+ The home for Hockey on the net) From owner-list-managers-outgoing Sat Apr 12 08:53:54 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id IAA28565 for list-managers-outgoing; Sat, 12 Apr 1997 08:39:34 -0700 (PDT) Received: from mail.his.com (mail.his.com [205.177.25.9]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id IAA28541 for ; Sat, 12 Apr 1997 08:39:27 -0700 (PDT) Received: from [205.177.25.174] (brad.his.com [205.177.25.174]) by mail.his.com (8.8.4/8.8.4) with ESMTP id LAA26886; Sat, 12 Apr 1997 11:38:31 -0400 (EDT) Message-Id: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sat, 12 Apr 1997 11:36:29 -0400 To: Subir Grewal , List Managers From: Brad Knowles Subject: Re: AOL & compuserve problems. Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 12:30 PM -0400 4/10/1997, Subir Grewal wrote: >I was wondering whether anyone here could help me understand and resolve >two problems we're having. The first is the the widely reported problem >reaching AOL's mail exchangers. If anyone has updates on that, or knows >when it will be fixed, where to find out more about it etc. That would be >very helpful. We have recently installed some new hardware to help boost our capacity, but even with the added capacity, it's still going to take a while for the backlog to clear. We have additional capacity expansion being prepared, which will hopefully come online this next week. Once it does, the rest of the backlog should clear quickly. -- Brad Knowles, MIME/PGP: brad@his.com comp.mail.sendmail FAQ Maintainer finger brad@his.com for my PGP Public Keys and Geek Code The comp.mail.sendmail FAQ is at From owner-list-managers-outgoing Sun Apr 13 03:22:13 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id DAA23494 for list-managers-outgoing; Sun, 13 Apr 1997 03:12:54 -0700 (PDT) Received: from duticai.twi.tudelft.nl (duticai.twi.tudelft.nl [130.161.159.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id DAA23487 for ; Sun, 13 Apr 1997 03:12:45 -0700 (PDT) Received: (from winfave@localhost) by duticai.twi.tudelft.nl (8.8.5/8.8.5) id MAA26089; Sun, 13 Apr 1997 12:11:55 +0200 (MET DST) From: Alexander Verbraeck Message-Id: <199704131011.MAA26089@duticai.twi.tudelft.nl> Subject: Re: Prelude to spam attack? To: jthomas@sun.soci.niu.edu Date: Sun, 13 Apr 1997 12:11:54 +0200 (MET DST) Cc: winfave@duticai.twi.tudelft.nl, list-managers@greatcircle.com In-Reply-To: from "Jim Thomas" at Apr 13, 97 01:50:54 am X-Mailer: ELM [version 2.4 PL25] Content-Type: text Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > A user from @pop3.sushiking.com subbed to a number of listproc groups > on our system in the past day or so, including a "non-existent" group. > The groups are sufficiently diverse in topic and audience that the > odds of this being a legit sub are virtually nil. > > A letter of inquiry went unanswered, but more subs arrived. > Has anybody else experienced this? Same here. The user subscribed to every single group we have. As far as I can see from a port 25 session, the system is full time busy with mail processing, and does not know it has users anymore. I unsubbed the user from all groups, and put the domain in the .ignored file. Kind regards, Alexander Verbraeck List Manager BPR-L, DYNMOD-L ----------------------------------------------------------------- Dr. Alexander Verbraeck Delft University of Technology Department of Systems Engineering, Policy Analysis and Management Jaffalaan 5 P.O. Box 5015, 2600 GA Delft The Netherlands Tel: +31 15 2783805 Secr: +31 15 2788380 Fax: +31 15 2783429 e-mail: A.Verbraeck@sepa.tudelft.nl List manager BPR-L, DYNMOD-L http://www.sepa.tudelft.nl/~alexandv/ See also ..../bpr-l.html ----------------------------------------------------------------- From owner-list-managers-outgoing Sun Apr 13 09:37:31 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id JAA23250 for list-managers-outgoing; Sun, 13 Apr 1997 09:25:09 -0700 (PDT) Received: from colossus.arl.mil (colossus.arl.mil [131.218.204.98]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id JAA23230 for ; Sun, 13 Apr 1997 09:24:59 -0700 (PDT) Received: from [207.254.96.49] by colossus.arl.mil with ESMTP (Apple Internet Mail Server 1.1.1); Sun, 13 Apr 1997 12:31:27 -0400 Message-Id: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Organization: Little to None X-Mailer: Eudora 3.0 for Cray Y-MP Date: Sun, 13 Apr 1997 12:25:07 -0400 To: List-Abuse , listmom-talk@skyweyr.com, List-Managers@GreatCircle.COM From: Vince Sabio Subject: Mailing Lists Are Under Attack Again Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Posted to: List-Abuse, Listmom-Talk, List-Managers It is underway again. Attached is a message I received yesterday ... --- begin forwarded text Date: Sat, 12 Apr 1997 18:28:26 -0500 (CDT) From: "David St. Pierre" To: owner-humornet@csf.colorado.edu Subject: please unsubscribe rickmac@swbell.net rickmac@swbell.net was subscribed to a mailing list which you manage without his permission. he would really appreciate it if you could remove his entry as soon as possible. we have been bouncing your mail to him for several days now, and will continue to do so, at his request. --- end forwarded text I tracked down the subscription confirmation (well, the Welcome message), and the original request was apparently formatted as such: SUBSCRIBE HUMORNET RICKMAC SWBELL Note -- the personal-info fields are filled by the local-part of the address and the domain name (sans the top-level field). So I checked this morning's subscriptions, and found several MORE just like it. I think that the addresses under attack will be of interest to all of us; including Rick's address, above, here is my current list: rickmac@swbell.net fumellif@ats.it mario@Baskerville.it info@baskerville.it phant@rpi.edu administrator@rcm.inet.it cneedham@matrix.it mark@galactica.it I'd appreciate any confirmations to this list that others can provide by cross-checking their lists. Final note: In my case, I am NOT unsubscribing them -- I am setting their accounts to POSTPONE, so that they will not receive list mail. Any subssequent attempts at subscribing these addresses will result in "user already subscribed" errors. And at least *one* of those addresses up there has already had at least SIX subscription attempts since I caught the first one. - Vince Sabio orionsoft@telephonet.com -- If you run a mailing list and are tired of manually processing mail bounces, then you probably need SmartBounce -- currently managing mailing lists in excess of 150,000 subscribers. For more information, send a blank email to . -- Because The Only GOOD Spammer is a DEAD Spammer From owner-list-managers-outgoing Sun Apr 13 10:22:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id KAA27199 for list-managers-outgoing; Sun, 13 Apr 1997 10:07:59 -0700 (PDT) Received: from plaidworks.com (plaidworks.com [207.167.80.66]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id KAA27155 for ; Sun, 13 Apr 1997 10:07:47 -0700 (PDT) Received: from [207.167.80.70] (zamboni.plaidworks.com [207.167.80.70]) by plaidworks.com (8.8.5/8.8.5) with ESMTP id KAA13641; Sun, 13 Apr 1997 10:08:47 -0700 (PDT) Message-Id: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Date: Sun, 13 Apr 1997 09:52:06 -0700 To: "ListMom-Talk Discussion List" , List-Abuse , List-Managers@GreatCircle.COM From: Chuq Von Rospach Subject: Re: Mailing Lists Are Under Attack Again Sender: list-managers-owner@GreatCircle.COM Precedence: bulk At 9:25 AM -0700 4/13/97, Vince Sabio wrote: >Posted to: List-Abuse, Listmom-Talk, List-Managers > >It is underway again. Attached is a message I received yesterday ... whooo, baby is it. My filters have trapped about 200K of attempted spam since midnight. As far as I can tell,it's the same person/group, using the same sources, since none of it seems to be sneaking through my filters. -- Chuq Von Rospach (chuq@apple.com) Apple IS&T Mail List Gnome Plaidworks Consulting (chuqui@plaidworks.com) ( +-+ The home for Hockey on the net) From owner-list-managers-outgoing Sun Apr 13 11:07:07 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA29045 for list-managers-outgoing; Sun, 13 Apr 1997 11:01:59 -0700 (PDT) Received: from colossus.arl.mil (colossus.arl.mil [131.218.204.98]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA29030 for ; Sun, 13 Apr 1997 11:01:49 -0700 (PDT) Received: from [207.254.96.49] by colossus.arl.mil with ESMTP (Apple Internet Mail Server 1.1.1); Sun, 13 Apr 1997 14:08:18 -0400 Message-Id: In-Reply-To: Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Organization: Little to None X-Mailer: Eudora 3.0 for Cray Y-MP Date: Sun, 13 Apr 1997 14:01:56 -0400 To: "ListMom-Talk Discussion List" , List-Abuse , List-Managers@GreatCircle.COM From: Vince Sabio Subject: Re: Mailing Lists Are Under Attack Again Sender: list-managers-owner@GreatCircle.COM Precedence: bulk ** Sometime around 09:52 -0700 4/13/97, Chuq Von Rospach sent everyone: >>It is underway again. Attached is a message I received yesterday ... > >whooo, baby is it. My filters have trapped about 200K of attempted spam >since midnight. As far as I can tell,it's the same person/group, using >the same sources, since none of it seems to be sneaking through my >filters. Chuq, if you collate the targeted addresses at some point, could you please post them? I know I'd like to scrub my list, and I'm sure that several others would like to, as well. I wish I had access to the Unix shell on the server; it appears to be pretty easy to trap the suspect subscriptions with procmail, since they are using a rather consistent format for the subscribes. Unfortunately, all I have are Eudora filters, which are not as robust. However, a *minor* pattern has become evident, and has allowed me to write an effective filter to catch many of the illicit subs: apparently, a good portion of these attacks are directed against Italian addresses. Filtering on the subject of the "Welcome" message (on which I'm CCed) *and* ".ir\r\r" (i.e., ".ir") in the body of the message has enabled me to trap the Italian addresses on ListProc. I'm considering just extracting the entire subscription archive into a text file, and processing it in DCL to catch the errant subs ... - Vince Sabio orionsoft@telephonet.com -- If you run a mailing list and are tired of manually processing mail bounces, then you probably need SmartBounce -- currently managing mailing lists in excess of 150,000 subscribers. For more information, send a blank email to . -- Because The Only GOOD Spammer is a DEAD Spammer From owner-list-managers-outgoing Sun Apr 13 11:37:06 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA00201 for list-managers-outgoing; Sun, 13 Apr 1997 11:33:47 -0700 (PDT) Received: from moose.ncia.net (moose.ncia.net [207.140.8.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id LAA00192 for ; Sun, 13 Apr 1997 11:33:41 -0700 (PDT) Received: from ncia99n.ncia.net (gkfoote@ncia99n.ncia.net [207.141.176.99]) by moose.ncia.net (8.6.12/8.6.12) with SMTP id OAA16488 for ; Sun, 13 Apr 1997 14:32:00 -0400 Message-Id: <3.0.1.16.19970413143259.469f1e06@mailhost.ncia.net> X-Sender: gkfoote@mailhost.ncia.net X-Mailer: Windows Eudora Light Version 3.0.1 (16) Date: Sun, 13 Apr 1997 14:32:59 To: list-managers@greatcircle.com From: "Gary K. Foote" Subject: Introduction Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Hello, My name is Gary K. Foote and I am a fairly new subscriber to the list-managers list. Here's what I do; Since 1994 I have been developing and online-marketing WWW sites for small and medium companies. I also run 52 north American weather forecast mailing-lists ( mailto:subs@webbers.com ) and recently concieved of and implemented The List Exchange, a fast-growing community of list-owner members negotiating the free exchange of list sponsorships with an eye towards increasing circulation for the participating parties. (see .sig for URL) But, enough about me. Gary K. Foote mailto:gf@listex.com ----------------------------------------------------- The List Exchange http://www.listex.com Increase your readership by trading list sponsorships Webbers.com http://www.webbers.com PO 3214, N.Conway, NH 03860 (603)356-2748 From owner-list-managers-outgoing Sun Apr 13 12:07:08 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id LAA01101 for list-managers-outgoing; Sun, 13 Apr 1997 11:56:47 -0700 (PDT) Received: from duticai.twi.tudelft.nl (duticai.twi.tudelft.nl [130.161.159.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id LAA01094 for ; Sun, 13 Apr 1997 11:56:39 -0700 (PDT) Received: (from winfave@localhost) by duticai.twi.tudelft.nl (8.8.5/8.8.5) id UAA01041; Sun, 13 Apr 1997 20:55:48 +0200 (MET DST) From: Alexander Verbraeck Message-Id: <199704131855.UAA01041@duticai.twi.tudelft.nl> Subject: Re: Mailing Lists Are Under Attack Again To: orionsoft@telephonet.com, wavelet@colossus.arl.mil Date: Sun, 13 Apr 1997 20:55:47 +0200 (MET DST) Cc: list-managers@greatcircle.com In-Reply-To: from "Vince Sabio" at Apr 13, 97 02:01:56 pm X-Mailer: ELM [version 2.4 PL25] Content-Type: text Sender: list-managers-owner@GreatCircle.COM Precedence: bulk > Chuq, if you collate the targeted addresses at some point, could you > please post them? I know I'd like to scrub my list, and I'm sure that > several others would like to, as well. Here's my current list. It contains everything I got after the second or third day or so; after the filters took hold. The number in front tells how many e-mails I got for those users. 1 From: 71112.1620@compuserve.com 1 From: Anderson_ajax@msn.com 1 From: JohnChen00@aol.com 1 From: RICKMAC@swbell.net 1 From: Scott.Weiser@worldnet.att.net 1 From: abc46@juno.com 1 From: bobafett@hunter.ca 1 From: bolsa@flop.engr.orst.edu 1 From: dividual@hotmail.com 1 From: eblackwe@med.wayne.edu 1 From: ecurb@intercom.it 1 From: elee2@aries.ee.mcgill.ca 1 From: gioconda@ctrade.ctrade.it 1 From: hattrick@laplaza.org 1 From: htran1@erols.com 1 From: jimh@mail2.quicknet.com 1 From: lpeterson@sushiking.com 1 From: lutnik@cartabianca.com 1 From: lynnsgould@scomm2000.it 1 From: marc_bernardini@rcm.inet.it 1 From: mark@galactica.it 1 From: matteo_aletti@rcm.inet.it 1 From: mbail@flash.net 1 From: melgibbo@aol.com 1 From: melissa@series2000.com 1 From: mlc777@fullmkt.com 1 From: noreply@feefifofe.com 1 From: quynhle@erols.com 1 From: rckhrd_69@hotmail.com 1 From: rein777@flash.net 1 From: robrota@texnet.it 1 From: sales@quantcom.com 1 From: speed@paperuzz.net 1 From: sweetjan@ix.netcom.com 1 From: trangle@msuvx2.memphis.edu 1 From: trdchau@erols.com 1 From: unk@mindspring.com 1 From: vayman@eden.rutgers.edu 1 From: wskjr@swbell.net 2 From: 110077.0253@compuserve.com 2 From: Ewek@msn.com 2 From: Gryphon@skylord.com 2 From: IM4BUFFALO@postoffice.worldnet.att.net 2 From: PPereira@usa.net 2 From: Skidout@aol.com 2 From: aljber@kuwait.net 2 From: bed8226@megahertz.njit.edu 2 From: cookie@cyberjunkie.com 2 From: dung73@chollian.dacom.co.kr 2 From: gbryan@devry-phx.edu 2 From: johnkar@cris.com 2 From: junecho@idt.net 2 From: juseok@white.xtel.com 2 From: jwchoi@geocities.com 2 From: keast@soback4.kornet.nm.kr 2 From: lachico@aol.com 2 From: landfall@soback.kornet.nm.kr 2 From: ljsuk@hyundai.hdec.co.kr 2 From: mario@Baskerville.it 2 From: postmaster@rcm.inet.it 2 From: qluu@polaris.umuc.edu 2 From: sillyslut@hotmail.com 2 From: tildeath@nuri.net 2 From: tradelaw@onramp.net 2 From: wshaw@wantree.com.au 2 From: zybrgoat@ix.netcom.com 3 From: charles1@netcom.com 3 From: hotline@usit.net 3 From: sys21@nuri.net 4 From: MPETER@AOL.COM 4 From: caravita@public.iunet.it 4 From: simmons@pacbell.net 5 From: dblack@devry-phx.edu 6 From: scott.weiser@worldnet.att.net 6 From: tran@addis.net 20 From: phant@rpi.edu > I wish I had access to the Unix shell on the server; it appears to be > pretty easy to trap the suspect subscriptions with procmail, since they > are using a rather consistent format for the subscribes. Unfortunately, > all I have are Eudora filters, which are not as robust. For Unix listprocessor users, the fastest way is to patch the Catmail script. Listprocessor uses "Catmail" to determine what to do with the e-mails the listprocessor and the lists receive. I patched Catmail so it firsts checks the ENTIRE e-mail message against a file with strings it should NOT contain. On a UNIX system, this took me less than an hour or so. In this file are the domains that the spammer uses to distribute the forged e-mails, like nlights.net, goofy.gte.net, and others. Furthermore, I included strings in that file that usually point at spamming, like a sentence of the Krazy Kevin spam, the string "1-900", typical strings from every other spam I have received, etc. The e-mails are routed to me instead of to the list or the listprocessor. I receive them as regular mail in my mailbox, and I can then determine what to do about them. This has proven to save dozens and dozens of hours of work. > However, a *minor* pattern has become evident, and has allowed me to > write an effective filter to catch many of the illicit subs: apparently, > a good portion of these attacks are directed against Italian addresses. > Filtering on the subject of the "Welcome" message (on which I'm CCed) > *and* ".ir\r\r" (i.e., ".ir") in the body of the message has > enabled me to trap the Italian addresses on ListProc. Beware: .ir is IRAN, .it is ITALY. For European users this would be tedious; on one of my lists I have 34 users from Italy, who regularly post. Hope this can be of use, Kind regards, Alexander Verbraeck ----------------------------------------------------------------- Dr. Alexander Verbraeck Delft University of Technology Department of Systems Engineering, Policy Analysis and Management Jaffalaan 5 P.O. Box 5015, 2600 GA Delft The Netherlands Tel: +31 15 2783805 Secr: +31 15 2788380 Fax: +31 15 2783429 e-mail: A.Verbraeck@sepa.tudelft.nl List manager BPR-L, DYNMOD-L http://www.sepa.tudelft.nl/~alexandv/ See also ..../bpr-l.html ----------------------------------------------------------------- From owner-list-managers-outgoing Sun Apr 13 12:22:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA02044 for list-managers-outgoing; Sun, 13 Apr 1997 12:15:11 -0700 (PDT) Received: from colossus.arl.mil (colossus.arl.mil [131.218.204.98]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id MAA02009 for ; Sun, 13 Apr 1997 12:14:59 -0700 (PDT) Received: from [207.254.96.49] by colossus.arl.mil with ESMTP (Apple Internet Mail Server 1.1.1); Sun, 13 Apr 1997 15:21:18 -0400 Message-Id: In-Reply-To: <199704131855.UAA01041@duticai.twi.tudelft.nl> References: from "Vince Sabio" at Apr 13, 97 02:01:56 pm Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Organization: Little to None X-Mailer: Eudora 3.0 for Cray Y-MP Date: Sun, 13 Apr 1997 15:15:13 -0400 To: Alexander Verbraeck From: Vince Sabio Subject: Re: Mailing Lists Are Under Attack Again Cc: list-managers@greatcircle.com, listmom-talk@skyweyr.com, list-abuse@clio.lyris.net Sender: list-managers-owner@GreatCircle.COM Precedence: bulk ** Sometime around 20:55 +0200 4/13/97, Alexander Verbraeck sent everyone: >Here's my current list. It contains everything I got after the second or >third day or so; after the filters took hold. The number in front tells >how many e-mails I got for those users. ::snip:: Awesome. Thanks, Alexander. >> However, a *minor* pattern has become evident, and has allowed me to >> write an effective filter to catch many of the illicit subs: apparently, >> a good portion of these attacks are directed against Italian addresses. >> Filtering on the subject of the "Welcome" message (on which I'm CCed) >> *and* ".ir\r\r" (i.e., ".ir") in the body of the message has >> enabled me to trap the Italian addresses on ListProc. > >Beware: .ir is IRAN, .it is ITALY. I *know* that I originally typed ".it"; the modem switched it on me, I think. *sigh* (Thanks for catching that.) >For European users this would be tedious; >on one of my lists I have 34 users from Italy, who regularly post. Oh, I'm just catching the subscribes. In my case, posts come only from me. - Vince S. wavelet@colossus.arl.mil -- For info on HumourNet--the Internet's moderated mailing list for humor-- send the command INFO HUMORNET (only one U) to listproc@csf.colorado.edu -- Because The Only GOOD Spammer is a DEAD Spammer From owner-list-managers-outgoing Sun Apr 13 12:53:10 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id MAA02867 for list-managers-outgoing; Sun, 13 Apr 1997 12:39:58 -0700 (PDT) Received: from moose.ncia.net (moose.ncia.net [207.140.8.2]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id MAA02856 for ; Sun, 13 Apr 1997 12:39:53 -0700 (PDT) Received: from ncia99n.ncia.net (ncia99n.ncia.net [207.141.176.99]) by moose.ncia.net (8.6.12/8.6.12) with SMTP id PAA18892 for ; Sun, 13 Apr 1997 15:38:21 -0400 Message-Id: <3.0.1.16.19970413153921.0dbfda9c@mailhost.ncia.net> X-Sender: gkfoote@mailhost.ncia.net X-Mailer: Windows Eudora Light Version 3.0.1 (16) Date: Sun, 13 Apr 1997 15:39:21 To: list-managers@greatcircle.com From: "Gary K. Foote" Subject: Re: Introduction Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Hello again, Somehow I cut everything after this line; >But, enough about me. I also meant to ask if anyone on this list can point me towards a FAQ on the issue of filtering software for bounces. Thanks, Gary K. Foote mailto:gf@listex.com ----------------------------------------------------- The List Exchange http://www.listex.com Increase your readership by trading list sponsorships Webbers.com http://www.webbers.com PO 3214, N.Conway, NH 03860 (603)356-2748 From owner-list-managers-outgoing Sun Apr 13 13:40:03 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA05146 for list-managers-outgoing; Sun, 13 Apr 1997 13:36:04 -0700 (PDT) Received: from colossus.arl.mil (colossus.arl.mil [131.218.204.98]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA05138 for ; Sun, 13 Apr 1997 13:35:56 -0700 (PDT) Received: from [207.254.96.49] by colossus.arl.mil with ESMTP (Apple Internet Mail Server 1.1.1); Sun, 13 Apr 1997 16:42:25 -0400 Message-Id: In-Reply-To: <3.0.1.16.19970413153921.0dbfda9c@mailhost.ncia.net> Mime-Version: 1.0 Content-Type: text/plain; charset="us-ascii" X-Organization: Little to None X-Mailer: Eudora 3.0 for Cray Y-MP Date: Sun, 13 Apr 1997 16:36:24 -0400 To: "Gary K. Foote" , List-Managers@GreatCircle.COM From: Vince Sabio Subject: Bounce Processing (was: Introduction) Sender: list-managers-owner@GreatCircle.COM Precedence: bulk ** Sometime around 15:39 -0400 4/13/97, Gary K. Foote said: >I also meant to ask if anyone on this list can point me towards a FAQ on >the issue of filtering software for bounces. Damn, that's my cue! Send a blank message to our AR for information on SmartBounce, an app that automatically processes mailing-list bounces: smartbounce@bsabio.com I am currently within hours of the first full release (though you can DL the most recent beta right now) for Mac and Windows. BTW, the next step is a Unix port. I'll probably put out another call when I start on it, but anyone who is interested in being a beta tester for SmartBounce on Linux and/or Solaris platforms can contact me at . - Vince Sabio orionsoft@telephonet.com -- If you run a mailing list and are tired of manually processing mail bounces, then you probably need SmartBounce -- currently managing mailing lists in excess of 150,000 subscribers. For more information, send a blank email to . -- Because The Only GOOD Spammer is a DEAD Spammer From owner-list-managers-outgoing Sun Apr 13 13:52:05 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA05300 for list-managers-outgoing; Sun, 13 Apr 1997 13:38:57 -0700 (PDT) Received: from duticai.twi.tudelft.nl (duticai.twi.tudelft.nl [130.161.159.1]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id NAA05283 for ; Sun, 13 Apr 1997 13:38:49 -0700 (PDT) Received: (from winfave@localhost) by duticai.twi.tudelft.nl (8.8.5/8.8.5) id WAA01758; Sun, 13 Apr 1997 22:37:56 +0200 (MET DST) From: Alexander Verbraeck Message-Id: <199704132037.WAA01758@duticai.twi.tudelft.nl> Subject: Re: Mailing Lists Are Under Attack Again To: wavelet@colossus.arl.mil, orionsoft@telephonet.com Date: Sun, 13 Apr 1997 22:37:54 +0200 (MET DST) Cc: list-managers@greatcircle.com In-Reply-To: from "Vince Sabio" at Apr 13, 97 03:15:13 pm X-Mailer: ELM [version 2.4 PL25] Content-Type: text Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Oops, two attacks slipped through in the past few hours. One more pattern to add to my filter. The targeted domain is well known from previous attacks: 1 From: pgaske@audiophile.com 1 From: mattblack2@audiophile.com Kind regards, Alexander Verbraeck From owner-list-managers-outgoing Sun Apr 13 14:07:09 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id OAA06779 for list-managers-outgoing; Sun, 13 Apr 1997 14:06:25 -0700 (PDT) Received: from shore.shore.net (shore.shore.net [192.233.85.136]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with ESMTP id OAA06762 for ; Sun, 13 Apr 1997 14:06:17 -0700 (PDT) Received: from jane.smoe.org (jeffw@smoe.org [204.167.97.154]) by shore.shore.net (8.8.3/8.8.2) with SMTP id RAA24178 for ; Sun, 13 Apr 1997 17:05:34 -0400 (EDT) Received: by jane.smoe.org (SMI-8.6/SMI-SVR4) id RAA15162; Sun, 13 Apr 1997 17:06:06 -0400 Message-ID: <19970413170604.PY17658@smoe.org> Date: Sun, 13 Apr 1997 17:06:04 -0400 From: jeffw@smoe.org (Jeff Wasilko) To: list-managers@greatcircle.com Subject: Re: Mailing Lists Are Under Attack Again References: <199704132037.WAA01758@duticai.twi.tudelft.nl> X-Mailer: Mutt 0.59.1 Mime-Version: 1.0 In-Reply-To: <199704132037.WAA01758@duticai.twi.tudelft.nl>; from "Alexander Verbraeck" on Apr 13, 1997 22:37:54 +0200 Sender: list-managers-owner@GreatCircle.COM Precedence: bulk Alexander Verbraeck writes: > Oops, two attacks slipped through in the past few hours. One more pattern > to add to my filter. The targeted domain is well known from previous > attacks: > While looking thru my file of pending confirmations, I found 2 attempts to s*b: Anti-Spam Campaign The email that was sent is below. It's a pretty bad attempt: From isaacb@netmcr.com Sun Apr 13 10:04:09 1997 Return-Path: Received: from bretweir.total.net by jane.smoe.org (SMI-8.6/SMI-SVR4) id KAA10585; Sun, 13 Apr 1997 10:04:08 -0400 Received: from smtp.total.net (pool14-16.odyssee.net [204.50.81.90]) by bretweir.total.net (8.8.5/8.8.5) with SMTP id JAA15004; Sun, 13 Apr 1997 09:55:30 -0400 (EDT) Date: Sun, 13 Apr 1997 09:55:30 -0400 (EDT) Message-Id: <199704131355.JAA15004@bretweir.total.net> X-Mailer: Microsoft Internet Mail and News for Macintosh - 1.1 (34) Subject: subscribe From: Anti-Spam Campaign To: MorganList-D-Request@morganlist.org content-length: 2846 Status: RO Lines: 185 dx-request@ve7tcp.ampr.org, majordomo@cycling.org, bitbucket-request@primenet.com, ct-user-request@ve7tcp.ampr.org, dx-request@ve7tcp.ampr.org, exam-list-request@arrl.org, vhf-request@w6yx.stanford.edu, w1aw-list-request@arrl.org, 990-request@xyzoom.info.com, veganmc@ibm.net, CC: MorganList-D-Request@morganlist.org, dx-request@ve7tcp.ampr.org, majordomo@cycling.org, bitbucket-request@primenet.com, ct-user-request@ve7tcp.ampr.org, dx-request@ve7tcp.ampr.org, exam-list-request@arrl.org, vhf-request@w6yx.stanford.edu, w1aw-list-request@arrl.org, 990-request@xyzoom.info.com, veganmc@ibm.net, vjmc-request@hyperreal.com, vulcan-request@enosys.com, ba-rides-request@terisa.com, ba-tuesday-request@terisa.com, ba-wednesday-request@terisa.com, bmw-tech-request@roadkill.com, aae-info@thechurch.ebay.sun.com, auteurs-request@niweb.com, basia-request@jane.tiac.net, bc-request@specklec.mpifr-bonn.mpg.de, BLODeMAIL@aol.com, white-house-request@wupper.de, richruss@gate.net, then-request@lysator.liu.se, harbinger-request@webcom.com, little-conversations-request@dover.cerf.net, costello-l-request@rain.org, eternal-request@keme.co.uk, avalon-request@webcom.com, sycophant-request@webcom.com, MULEemail@aol.com, gowest-request@worldmachine.com, weslist-request@world.std.com, incognito-request@worldmachine.com, magazine@cs.rmit.edu.au, jewel-request@jane.tiac.net, the-22nd-row-request@uiuc.edu, painted-desert-request@indyramp.com, kx-mgr@rfleming.demon.co.uk, kx-mgr@rfleming.demon.co.uk, otten@quark.umd.edu, level42-request@worldmachine.com, mahler-l-request@webcom.com, richruss@gate.net, neds-request@halcyon.com, nil8@cencom.net, marygold-babydoll-request@mailhost.wildstar.com, oceans-digest-request@tamos.gmu.edu, early-morning-hours-request@dip1.ee.uct.ac.za, police-digest-request@xmission.com, castaway@world.std.com, siblings-request@smoe.org, new-gold-dream-request@dfw.net, dominion-request@ohm.york.ac.uk, soupnet@iii.net, we-connect-request@indyramp.com, steely-dan-request@uiuc.edu, arithmetic-request@uclink.berkeley.edu, tagyerit@bcn.net, bobbieg@azstarnet.com, zztop-request@cabana.ncsa.uiuc.edu, aj-request@rock.net, jredmon@hpux.mesd.k12.or.us, ambient-digest-request@hyperreal.com, CB-Music@chatsubo.com, chi-improv@listmac.acns.nwu.edu, dp4@OAK.Oakland.Edu, Handbell-L@ringer.jpl.nasa.gov, playlist-request@hos.com, idm-request@hyperreal.com, mixmasters-request@infopro.com, Nettlist-Request@Nettwerk.wimsey.com, rad@intele.net, ringo@media.mit.edu, the-list-request@violet.berkeley.edu, sfraves-request@hyperreal.com, iawm-request@acuvax.acu.edu, xpert-request@x.org, Mime-version: 1.0 Content-type: text/plain; charset="us-ascii" subscribe From owner-list-managers-outgoing Sun Apr 13 14:12:11 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id NAA06006 for list-managers-outgoing; Sun, 13 Apr 1997 13:52:10 -0700 (PDT) Received: from ec2.earthchannel.com (ec2.earthchannel.com [205.160.21.65]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id NAA05984; Sun, 13 Apr 1997 13:51:54 -0700 (PDT) Received: from ec12.earthchannel.com (unverified [205.160.21.75]) by ec3.earthchannel.com (EMWAC SMTPRS 0.83) with SMTP id ; Sun, 13 Apr 1997 16:50:30 -0400 Message-ID: Comments: Authenticated sender is From: "Gess Shankar" Organization: Earth Channel Communications LLC To: list-managers@greatcircle.com Date: Sun, 13 Apr 1997 16:38:49 -0500 MIME-Version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Subject: Re: Mailing Lists Are Under Attack Again Reply-to: gess@earthchannel.com CC: list-managers@greatcircle.com In-reply-to: <199704131855.UAA01041@duticai.twi.tudelft.nl> References: from "Vince Sabio" at Apr 13, 97 02:01:56 pm X-mailer: Pegasus Mail for Win32 (v2.53/R1) Sender: list-managers-owner@GreatCircle.COM Precedence: bulk On 13 Apr 97 at 20:55, Alexander Verbraeck wrote: > > Chuq, if you collate the targeted addresses at some point, could you > > please post them? I know I'd like to scrub my list, and I'm sure that > > several others would like to, as well. > > Here's my current list. It contains everything I got after the > second or third day or so; after the filters took hold. The number > in front tells how many e-mails I got for those users. > > 1 From: 71112.1620@compuserve.com > 1 From: Anderson_ajax@msn.com > 1 From: JohnChen00@aol.com > 1 From: RICKMAC@swbell.net > 1 From: Scott.Weiser@worldnet.att.net > 1 From: abc46@juno.com > 1 From: bobafett@hunter.ca > 1 From: bolsa@flop.engr.orst.edu > 1 From: dividual@hotmail.com > 1 From: eblackwe@med.wayne.edu > 1 From: ecurb@intercom.it > 1 From: elee2@aries.ee.mcgill.ca > 1 From: gioconda@ctrade.ctrade.it > 1 From: hattrick@laplaza.org > 1 From: htran1@erols.com > 1 From: jimh@mail2.quicknet.com > 1 From: lpeterson@sushiking.com > 1 From: lutnik@cartabianca.com > 1 From: lynnsgould@scomm2000.it > 1 From: marc_bernardini@rcm.inet.it > 1 From: mark@galactica.it > 1 From: matteo_aletti@rcm.inet.it > 1 From: mbail@flash.net > 1 From: melgibbo@aol.com > 1 From: melissa@series2000.com > 1 From: mlc777@fullmkt.com > 1 From: noreply@feefifofe.com > 1 From: quynhle@erols.com > 1 From: rckhrd_69@hotmail.com > 1 From: rein777@flash.net > 1 From: robrota@texnet.it > 1 From: sales@quantcom.com > 1 From: speed@paperuzz.net > 1 From: sweetjan@ix.netcom.com > 1 From: trangle@msuvx2.memphis.edu > 1 From: trdchau@erols.com > 1 From: unk@mindspring.com > 1 From: vayman@eden.rutgers.edu > 1 From: wskjr@swbell.net > 2 From: 110077.0253@compuserve.com > 2 From: Ewek@msn.com > 2 From: Gryphon@skylord.com > 2 From: IM4BUFFALO@postoffice.worldnet.att.net > 2 From: PPereira@usa.net > 2 From: Skidout@aol.com > 2 From: aljber@kuwait.net > 2 From: bed8226@megahertz.njit.edu > 2 From: cookie@cyberjunkie.com > 2 From: dung73@chollian.dacom.co.kr > 2 From: gbryan@devry-phx.edu > 2 From: johnkar@cris.com > 2 From: junecho@idt.net > 2 From: juseok@white.xtel.com > 2 From: jwchoi@geocities.com > 2 From: keast@soback4.kornet.nm.kr > 2 From: lachico@aol.com > 2 From: landfall@soback.kornet.nm.kr > 2 From: ljsuk@hyundai.hdec.co.kr > 2 From: mario@Baskerville.it > 2 From: postmaster@rcm.inet.it > 2 From: qluu@polaris.umuc.edu > 2 From: sillyslut@hotmail.com > 2 From: tildeath@nuri.net > 2 From: tradelaw@onramp.net > 2 From: wshaw@wantree.com.au > 2 From: zybrgoat@ix.netcom.com > 3 From: charles1@netcom.com > 3 From: hotline@usit.net > 3 From: sys21@nuri.net > 4 From: MPETER@AOL.COM > 4 From: caravita@public.iunet.it > 4 From: simmons@pacbell.net > 5 From: dblack@devry-phx.edu > 6 From: scott.weiser@worldnet.att.net > 6 From: tran@addis.net > 20 From: phant@rpi.edu > Great list! Many of the names appeared here too. phant@rpi.edu definitely is number one - popular person. Here are a few which I don't think are on the above list. 1 From: shawpk@msn.com 2 From: bradxox@netcom.ca 2 From: Kkkwww123@aol.com 3 From: cxh0837@megahertz.njit.edu Most of them originated from the following source. Received: from mom.hooked.net (fox-sl0.easyway.net [205.232.178.254]) by mom.hooked.net (8.8.0/8.7.3) with SMTP id DAA14064 for ; Sun, 13 Apr 1997 03:55:15 -0700 ( PDT) From: phant@rpi.edu Gess :::::::::::::::::::::::::::::::::::::::::::::::::::::::: Gess Shankar pax vobiscum gess@earthchannel.com http://www.earthchannel.com Earth Channel Communications, LLC. :::::::::::::::::::::::::::::::::::::::::::::::::::::::: From owner-list-managers-outgoing Mon Apr 14 02:56:25 1997 Received: (majordom@localhost) by honor.greatcircle.com (8.8.5/Honor-Lists-970308-1) id CAA19368 for list-managers-outgoing; Mon, 14 Apr 1997 02:46:26 -0700 (PDT) Received: from relay.cs.tcd.ie (relay.cs.tcd.ie [134.226.32.56]) by honor.greatcircle.com (8.8.5/Honor-970308-1) with SMTP id CAA19360 for ; Mon, 14 Apr 1997 02:46:19 -0700 (PDT) Message-Id: <199704140946.CAA19360@honor.greatcircle.com> Received: from cs.tcd.ie (actually relay.cs.tcd.ie) by relay.cs.tcd.ie with SMTP (PP); Mon, 14 Apr 1997 10:45:31 +0100 To: list-managers@greatcircle.com, pp-people@cs.ucl.ac.uk Subject: [NDEL] 554 No From field given Date: Mon, 14 Apr 1997 10:45:29 +0100 From: Maire Jones Sender: list-managers-owner@GreatCircle.COM Precedence: bulk We are running Majordomo