Re: WAS: Re: RE: Spamcop automated reporting script...

["Bart Lansing" <bart.lansing () hushmail com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Bob,

First...the knujon site clearly states: "Return forged email to
original sender", so yes, forgery most assuredly has a relationship
to this conversation since it's apparently what knujon does, at
least according to knujon. True, packet shaping is not involved
here...I said it's a better solution than this one...which, no
matter how much I read keeps coming back to "we'll fire emails at
the genuine sender of your spam...isn't that great?".
Anyway...

I think the biggest point missed here is this:  The sender you
identify...99 out of 100 times, is not the twit who is actually
doing the spamming.  Nowhere in the header will you be able to
parse out
"JohnSpammer@Not_this_poor_bastard's_Box_I_really_run_This_Box.com".
The sender you identify is some poor end user or clueless sysadmin
who got their box/server owned.  At best, given what you just said,
you are doing no more than SpamCop already does, yes?

On we merrily go...

Bob, help me understand why it is you feel that ICANN will somehow
respond to you and shut down the domains where spam is comig from,
please.  Where it's coming from is NOT a mystery...hasn't been in
ages.  A quick trip to spamhaus will handle that for you.  I know
who those domains are, everyone on this list knows...or can know
with trivial effort...who those domains are, and ICANN sure as hell
knows who those domains are.
<http://www.spamhaus.org/statistics/networks.lasso for the curious
but lazy>

Why should any of us think that somehow this new service has more
cred with ICANN or the ISPs than spamhaus, spamcop, et al?  We who
get to try and stop this crap from flooding mail servers have been
reporting for quite some time now...and funny, I don't see ICANN
shutting down MCI, SBC, Comacast, level3, or any of the rest of the
top 10.  The simple fact is that ICANN's not going to shut them
down...and it wouldn't matter if they did.  That's right...would
not matter.  If one compromised machine that is being used as a
spam generator goes dark, do you really think they real spammer
won't just find a new one?

As I said in the first email, you are going to return mail to the
"actual sender" and I guess, the sender's ISP...who is in reality
not at all the actual sender.

Last but not least..I love the "if you don't agree that we know THE
WAY it's only because you don't get it...but that's ok, most people
don't...just trust us." bit.  You're right, none of us on this list
can grok "KnujOn has a special algorithm that finds out where the
email is
really coming from and then returns the email to the sender."  Yep,
that sure as hell is rocket science (ok, where is that guy from
nasa we had here...maybe he can help us out) Bob.

Anyway, I've burned enough cycles on this...

Cheers,

Bart

On Thu, 10 Nov 2005 12:51:24 -0800 VTLinux () coldrain net wrote:
> Hi Bart,
>
>  Sorry but you missed a few points. The mail you would forward
> will be
> sorted so that only one email goes back to the source. Next the
> source
> will lose its domain registration if they do not follow the ICANN
> rules,
> which is most spammers. In general, they do not tell the truth nor

> do they
> behave responsibly.
>
> Packet shaping and forgery have no relationship to this.
>
> The experience so far is that no one gets it the first time
> around and
> very few of them after some effort. It is not like any current
> approach,
> so don't feel bad. It is a very good idea, once it's understood.
>
> There is no real increase in mail from KnujOn, but the decrease
> in spam
> received has been proven in alpha testing. Your filter, we'll take

> it from
> there.
>
>             cheers, bob
>
> On Thu, 10 Nov 2005, Bart Lansing wrote:
>
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> >
> > Bob,  took a little trip to KnujOn, and have a comment or two...
> >
> > > From the site, with comments parenthetically inserted inline:
> >
> > _________________________
> >
> > I already have a spam filter/blocker, why do I need KnujOn?
> >
> > Filters and blockers stop spam from reaching mailboxes but do
> not
> > actually stop the flow of spam. The messages pile up and must be
> > reviewed and deleted. Would it not be nice to just dump all the
> > messages in a program and have them returned to the sender?
> > (Collecting and bouncing back all of the spam certainly does not
> > block the flow of Spam either...in fact, you just doubled the
> > traffic and if the actual sender is a bot'd machine, all you are
> > doing is needlessly conjesting the 'net and not doing anything
> to
> > the spammer.)
> >
> > How is KnujOn different from current anti-spam programs?
> >
> > Filters and blockers search emails for keywords and other
> content
> > that flag messages as possible junk mail and then divert the
> email
> > to a quarantine area for review or deletion. KnujOn takes junk
> > email and returns it to the sender.  (Sooooooooooooo, you have.a
> > bounceback routine when you find a forged sender....see
> > above....returning to sender is bad, Bob.  A better approach
> would
> > be traffic shaping, which of course is already being done
> elsewhere
> > by others, which throttles the spam and forces it to time out.
> Of
> > course, just nuking the stuff before it hits the mail gateways
> is a
> > tried and true approach as well)
> >
> > What does KnujOn do?
> >
> > KnujOn has a special algorithm that finds out where the email is
> > really coming from and then returns the email to the sender.
> KunjOn
> > also collects information about junk mailers and detects
> fraudulent
> > Internet activity, alerting possible victims before damage is
> done.
> > (So, you use the same [or similar] algortithm that has been
> > employed by Spamcop and Co. for some time now to validate the
> > header information and then, when you find a forged sender, you
> > clog the internet with useless bouncebacks to machines that are
> > likely not owned by the spammer you want to harm.)
> > ___________________________
> >
> > Looks to me like a) nothing new from a technology perspective,
> b)
> > something we would NOT want to see done vis-a-vis rampant
> > bouncebacks, and c) something that does nothing like SpamCop
> does
> > to inform ISPs and other interested parties of the spam that is
> > occuring.  In short, IMHO, this is a bad idea.
> >
> > Cheers
> >
> > Bart
> >
> > On Thu, 10 Nov 2005 06:35:23 -0800 bruen () coldrain net wrote:
> > > If you would like an alternative, you can sign up for a beta
> test
> > > at
> > > www.KnujOn.com. All you will have to do is forward your spam to

> an
> > > email
> > > address which you will be given. Everything else is taken care
> of.
> > > The
> > > signup is free and easy but limited. Click the Personal tab...
> > >
> > >           cheers, bob
> > >
> > > On Thu, 10 Nov 2005, Aditya Deshmukh wrote:
> > >
> > > > > Has anyone got a automated spamcop reporting script?
> > > > >
> > > > >
> > > > > Thanks in advance if you can send in .txt format
> > > > > preferably offlist.
> > > >
> > > > I hit the send before I could explain what I wanted to do...
> > > > I have a spamcop account - and I managed to get the spamcop
> > > > Url with the reportID to a file using fetchmail + grep
> > > > Combination.
> > > >
> > > > But there is some thing I cannot get working with the
> > > > Spamcop spam submission form used to complete the spam
> > > > Reporting. Has anyone made something like this before ?
> > >
> > > _______________________________________________
> > > Full-Disclosure - We believe in it.
> > > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > > Hosted and sponsored by Secunia - http://secunia.com/
> > -----BEGIN PGP SIGNATURE-----
> > Note: This signature can be verified at
> https://www.hushtools.com/verify
> > Version: Hush 2.4
> wkYEARECAAYFAkNzbocACgkQfw4CJpLBxON27ACfXqaV3eHVQaE7M6NfJAEmTeWLaMQ

> A
> > oLtdPV5aAyBILH77oJuTrKQuiFbE
> > =34E4
> > -----END PGP SIGNATURE-----
> >
> >
> >
> >
> > Concerned about your privacy? Instantly send FREE secure email,
> no account required
> > http://www.hushmail.com/send?l=480
> >
> > Get the best prices on SSL certificates from Hushmail
> > https://www.hushssl.com?l=485
>
> --
> Dr. Robert Bruen
> Cold Rain Technologies
> http://coldrain.net
> +1.802.579.6288
-----BEGIN PGP SIGNATURE-----
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 2.4

wkYEARECAAYFAkNzyKoACgkQfw4CJpLBxOMWWwCcD31Gg8PJCOlFltQvEbXAhNNdM4sA
n3rYCm9rMvjZz2ykusmIx9vlxVwz
=ubo6
-----END PGP SIGNATURE-----




Concerned about your privacy? Instantly send FREE secure email, no account required
http://www.hushmail.com/send?l=480

Get the best prices on SSL certificates from Hushmail
https://www.hushssl.com?l=485

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/