[RE: [Dshield] mail1.giac.net spamcop listed]

John Sage jsage at finchhaven.com
Sat Dec 13 04:50:31 GMT 2003


Continuing to beat on the horse..

On Fri, Dec 12, 2003 at 08:53:01PM -0500, Chris Brenton wrote:
> Subject: RE: [RE: [Dshield] mail1.giac.net spamcop listed]
> From: Chris Brenton <cbrenton at chrisbrenton.org>
> To: General DShield Discussion List <list at dshield.org>
> Date: Fri, 12 Dec 2003 20:53:01 -0500
> Old-X-Envelope-To: list at dshield.org
> 
> On Fri, 2003-12-12 at 13:49, Rick Klinge wrote:
> > Geeze.. let's lay this one to rest?
> 
> Naaa. Beating a dead horse is *so* much fun. ;-)

/* snip */

The problem with the anti-spam "industry" (everything's an "industry"
these days) is that there's too many hair-trigger, mindless robots
doing the anti-spam work.

Here are two examples, one relevant to dshield; the other a recent page
out of my life that's been going on for weeks.

re: dshield. I received this:


To: John Sage <jsage at finchhaven.com>
Subject: Re: Your last message to me was rejected.
From: postmaster at temmc.com
Date: Thu, 11 Dec 2003 12:44:57 -0600

Your mail with Subject: Re: [Dshield] Port 10/tcp scans
would appear to be unsolicited mail.

Your message was sent to: General DShield Discussion List
<list at dshield.org> If you intended to contact that person for
legitmate reasons then our apologies.

------ This is a copy of the message, including all the headers. ------

Received: from root by spamkill with spam-scanned (Exim 4.20)
        id 1AUVnu-0004L0-QL
        for jlinscot at temmc.com; Thu, 11 Dec 2003 12:44:57 -0600
Received: from localhost [127.0.0.1] by localhost.localdomain
        with SpamAssassin (2.60 1.212-2003-09-23-exp);
        Thu, 11 Dec 2003 12:53:09 -0600
From: John Sage <jsage at finchhaven.com>
To: General DShield Discussion List <list at dshield.org>
Cc:
Subject: Re: [Dshield] Port 10/tcp scans
Date: Thu, 11 Dec 2003 10:08:24 -0800

/* snip */


Now, am I going to bother to resend my post to this clown (apparently
"jlinscot at temmc.com")? Heck no. Forget it. He subscribed to the
dshield list and he's not getting posts because of some over-helpful
spam filter, and I say tough luck..



As far as recent events in my life, lately my domain name has been the
recipient (I will *not* use the word "victim") of a joe-job. Scores of
people at AOL have been receiving spam that allegedly comes from my
domain.

AOL is now refusing incoming email that alleges to be from my domain
name. Do I care? No. Do I converse with anyone at AOL? Nope.


viz:

Date: Mon, 8 Dec 2003 23:47:46 -0500 (EST)
From: Mail Delivery Subsystem <MAILER-DAEMON at aol.com>
To: <l.pellizzarizp at finchhaven.com>
Subject: Returned mail: Service unavailable
Auto-Submitted: auto-generated (failure)

[-- Attachment #1 --]
[-- Type: text/plain, Encoding: 7bit, Size: 1.2K --]

The original message was received at Mon, 8 Dec 2003 22:10:22 -0500 (EST)
from logs-wg.proxy.aol.com [205.188.196.5]

*** ATTENTION ***

Your e-mail is being returned to you because there was a problem with its
delivery.  The address which was undeliverable is listed in the section
labeled: "----- The following addresses had permanent fatal errors -----".

The reason your mail is being returned to you is listed in the section
labeled: "----- Transcript of Session Follows -----".

[-- Attachment #2 --]
[-- Type: message/delivery-status, Encoding: 7bit, Size: 1.4K --]

Reporting-MTA: dns; rly-ip03.mx.aol.com
Arrival-Date: Mon, 8 Dec 2003 22:10:22 -0500 (EST)

Final-Recipient: RFC822; b8bygirl25 at aol.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mailin-01.mx.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED 554 AOL will not accept delivery
+of this message
Last-Attempt-Date: Mon, 8 Dec 2003 23:47:46 -0500 (EST)

Final-Recipient: RFC822; b8bygirl1 at aol.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mailin-01.mx.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED 554 AOL will not accept delivery
+of this message
Last-Attempt-Date: Mon, 8 Dec 2003 23:47:46 -0500 (EST)

Final-Recipient: RFC822; b8bygirl12 at aol.com
Action: failed
Status: 5.0.0
Remote-MTA: DNS; mailin-01.mx.aol.com
Diagnostic-Code: SMTP; 554 TRANSACTION FAILED 554 AOL will not accept delivery
+of this message


[-- Attachment #3 --]
[-- Type: message/rfc822, Encoding: 7bit, Size: 1.8K --]

From: "Leonor Pellizzari" <l.pellizzarizp at finchhaven.com>
To: b8byg1rl at aol.com, b8bygilr25 at aol.com, b8bygirl12 at aol.com,
    b8bygirl1 at aol.com, b8bygirl25 at aol.com
Subject: govt will pay for a new car    vilxpqcjfmyiwbbtymp
Date: Tue, 09 Dec 2003 03:07:47 +0000


/* snip */


The geniuses at AOL are, of course, bouncing this cr*p back to me,
this despite the fact that the headers of all the bounces I've looked
at are clearly from dialups, DSL and cable hosts in Europe, and not a
one of them is originated either from my web hosting provider nor from
AT&T, from whom I receive dialup conectivity..

I've received over 17k of this nonsense from AOL since 11/30..

Life goes on...


- John
-- 
"Most people don't type their own logfiles;  but, what do I care?"
-
John Sage: InfoSec Groupie
-
ABCD, EFGH, IJKL, EmEnOh, Pplus+, Mminus-
-
ATTENTION: this entire message is privileged communication, intended
for the sole use of its recipients only. If you read it even though
you know you aren't supposed to, you're a poopy-head.




More information about the list mailing list