gmail posters
Richard Steinfeld
For example, the address-shifters hustling clothing from China. Why not
just plonk gmail altogether. I've already done this on a different NG,
and my experience is a whole lot calmer. I realize that some decent
posters use gmail too, so how would it be if they changed to a more
responsible service. I'd prefer getting posts via "real" ISPs. Failing
that, perhaps a different free webmail service.
Mike Easter
> We get quite a lot of crap here coming from people posting from gmail.
Posting with a gmail address is a different population than posting via
googlegroups with a gmail address or posting via googlegroups without a
gmail address. Many who post via googlegroups post with a gmail From
because logging into any google account logs into googlegroups.
> For example, the address-shifters hustling clothing from China. Why not
> just plonk gmail altogether. I've already done this on a different NG,
> and my experience is a whole lot calmer.
Those who compare filtering googlegroups with filtering gmail feel that
the GG filter is the better filter, if it is tempered with whitelisting of
GGers who the filterer wishes to let pass.
> I realize that some decent
> posters use gmail too, so how would it be if they changed to a more
> responsible service.
Again I argue to not confuse gmail From with GG NPH nntp posting host.
> I'd prefer getting posts via "real" ISPs. \
Gmail is not an ISP; neither is hotmail, yahoo, or .invalid.
> Failing
> that, perhaps a different free webmail service.
You are confusing gmail From with GG interface. Blinky's site^1 is noted
for addressing the issue.
http://improve-usenet.org/gmail.html While many Google Groups posters do
show gmail addresses, so do very, very many non-GG posters. [...] The
last time I did a count in a heavily-spammed newsgroup, only about perhaps
70% of the Google Groups posts showed gmail addresses.
--
Mike Easter
VanguardLH
<news:pZadnXJ9C_MgifHV...@posted.sonicnet>:
> We get quite a lot of crap here coming from people posting from gmail.
Google Groups, not Gmail. Get it straight. There are probably a lot
more Gmail users than Google Groups posters. Why? Everyone that posts
using Google Groups has to get a Google account but not all Google
users are newsgroup participants. There are a LOT of posters that have
Gmail accounts but not all of them post through Google Groups. It
isn't Gmail that is the problem here. It is Google Group posters not
only for the spam that originates through Google's newsgroups interface
but also due to the inherent idiocy that is rampant amongst Google
Groupers.
> For example, the address-shifters hustling clothing from China. Why
> not just plonk gmail altogether.
And many of use visitors do just that. You'll need to get a better
NNTP client. Both Outlook Express and your Thunderbird choice are
incapable of filtering on the headers to filter out posts where the
message-ID header contains "googlegroups.com". Use a better
newsreader, or learn how to use NewsProxy (old, dead, but still doable)
with your lackluster choice for a newsreader. I used OE for many
years, then tried using NewsProxy, still wasn't enough, and so the
boobs and spammers forced me to use a better newsreader (which took
several trials of over a dozen choices lasting over a year - and still
none of them are quite what I like).
> I've already done this on a different NG, and my experience is a whole
> lot calmer.
Yeah, by eliminating those who CLAIM that their e-mail address is at
Gmail. Some of them might be using Gmail. Some just want to put
something in the From header because their NNTP provider won't let them
use a blank string or one that isn't a validly syntaxed e-mail address
string. Again, Gmail is not Google Groups. Get it straight. Yes, it
probably did get quieter. It would become even more quiet if you
blocked every post where From contained hotmail.com, yahoo.com,
bluebottle.com, and every other domain that provides some level of a
free e-mail service.
Your experience getting calmer indicates a problem on your end. I used
OE for years and simply bypassed those posts that I obviously didn't
want to waste the bandwidth to download and time to read them. It was
doable until I figured out something better, and figured out something
better again.
> I realize that some decent posters use gmail too, so how would it be
> if they changed to a more responsible service.
The trend to filter out Google Groupers was originally initiated (by
Blinky's crusade and those that agreed) due to the high occurring
inanity of that community of posters. Only by happenstance did it then
encompass the spate of spam that originates from Google Groups due to
the claimed circumvention of the CAPTCHA security page when signing up
for a Gmail account (which gets you access to Google Groups) or, more
likely, the social engineered sites that make users enter CAPTCHAs over
and over thinking it is used for that site but, in fact, it is having
the user enter CAPTCHAs at Google during a login process (i.e., the
users at a malicious site are doing the brainwork to break the CAPTCHAs
at Google). Filtering out Google Groupers is NOT the same as filtering
out Gmail users. But then you are using a weak NNTP client that cannot
filter on anything but a few select headers, none of which includes the
Message-ID header.
Go read http://improve-usenet.org/. Filtering out on "googlegroups.com"
in the Message-ID header already has the disadvantage of filtering out
some okay or good posts, but when they're standing amongst a mob of
machinegunners firing at you then you simply seal the door on all of
them (i.e., don't sit in the bad crowd and expect to not get similarly
judged as the rest of the crowd). Filtering on Gmail e-mail users is
getting a bit too exuberant; however, because of your choice for a
newsreader, that is what you are stuck with.
> I'd prefer getting posts via "real" ISPs. Failing that, perhaps a
> different free webmail service.
I couldn't tell where you were trying to go with those statements. ISP
is not the same as a newsgroups service. Webmail doesn't have anything
to do with Usenet.
Just be forewarned that once you get rid of Google Groupers then you'll
start focusing on the other type of posts that you also want to block.
Once the loud overwhelming noise has been eliminated, you then start
hearing the next annoying and loudest noise, and so on.
Little Luke
> in the Message-ID header already has the disadvantage of filtering out
> some okay or good posts, but when they're standing amongst a mob of
> machinegunners firing at you then you simply seal the door on all of
> them (i.e., don't sit in the bad crowd and expect to not get similarly
> judged as the rest of the crowd). Filtering on Gmail e-mail users is
> getting a bit too exuberant; however, because of your choice for a
> newsreader, that is what you are stuck with.
>
> > I'd prefer getting posts via "real" ISPs. Failing that, perhaps a
> > different free webmail service.
>
> I couldn't tell where you were trying to go with those statements. ISP
> is not the same as a newsgroups service. Webmail doesn't have anything
> to do with Usenet.
>
> Just be forewarned that once you get rid of Google Groupers then you'll
> start focusing on the other type of posts that you also want to block.
> Once the loud overwhelming noise has been eliminated, you then start
> hearing the next annoying and loudest noise, and so on.
Why not get rid of you then all of us can breathe a sigh of relief.
Cyberiade.it Anonymous Remailer
<FLUSH!>
In case anyone isn't already aware, Luke here is just
another sock puppet of our troll pal "Ari".
Warm up your kill files and starve it to death.
Mike Easter
<something negative about another poster using terms like troll and
sockpuppet and posting from an anonmizing remailer>
Posting negative ad hominem things about other posters or posting from
anonymous remailers - either or both are likely to get you filtered by
some.
--
Mike Easter
VanguardLH
Luke, aka Ari, might be hiding by nymshifting (but you provide no proof
of such). You are hiding behind dizum. The difference is ... um ...
you two use a different mechanism but you're still both hiding. Ask who
is hiding and both of you point at each other.
Look, he's hiding.
Oh yeah? He's hiding, too. See, see!
Am not!
Am, too!!
A case of the pot calling the kettle ... another pot.
Ron May
As others have pointed out, it's not the "@gmail.com" From: address
that's the problem. It's the Nessage-ID line in the header that ends
with "googlegroups.com".
John Corliss occasionally posts an article on how to deal with the
issue, most recently in a thread started 5/14/08:
Things aren't always what they seem. By way of example, examining my
header will show my From: address is a Hotmail address. I posted this
through a server named news.sunsite.dk which is currently operated by
Dotsrc.org. I accessed that news server from IP 76.182.210.141, which
if you look up will resolve back to RoadRunner, which is operated by
Time Warner Cable. My Message-ID, however, ends in "4ax.com" which is
the default setting for my $ware newsreader, Forte Agent.
Why does my From: address show Hotmail? For no other reason than that
is the address I typed in when I set up the persona I wanted to use
for posting to newsgroups, I've used that address for years for
Usenet purposes and it is a real address I choose to make available to
the general public. Hotmail played absolutely no role in this message
showing up here beyond that simple choice of mine. I could have used
any number of real (or forged or munged) email addressed if I wanted
to. In much the same way, someone could decide to use a Gmail address
for the same reason, and it would actually make better sense than a
Hotmail address since Gmail's spam filters are far superior.
Good luck. If you need help sorting things out, just post back here
with NewsProxy or NFilter in the subject line and someone will help
you.
--
Ron M.
(I filter Googlespam)
alt.comp.freeware information pages:
http://www.pricelesswarehome.org/acf/Index.php
Little Luke
<anonym...@remailer.cyberiade.it> wrote:
Not getting paid is a sock puppet.
Little Luke
Look here you motherfucker, you come at me with kill in anything, I
will rip your ass out and stuff it down your GODDAMNED throat. Did I
make myself clear?
Steve Terry
"Richard Steinfeld" <rgsteinBUT...@sonicANDTHISTOO.net> wrote in
message news:pZadnXJ9C_MgifHV...@posted.sonicnet...
if you ban one mail server they'll just find another
Steve Terry
John Corliss
Ron, you make a good point in that it's easy to set up a free account
with, say, Yahoo or the like for actually providing a way to communicate
via email.
I've made my Yahoo email address public here many times, but am still
nervous about using it constantly in my headers.
--
John Corliss BS206. I use nFilter to block all crossposts and all Google
Groups posts because of Googlespam. No ad, cd, commercial, cripple,
demo, dotnet, nag, share, spy, time-limited, trial or web wares OR warez
for me, please.
Little Luke
Thank you Mike Easter I looked up anonymous remailers. This guy
doesn't want me to know who he is, good thing, i have taken clowns
like this and reached through their butt and pulled their dick inside
out. You hearing me clown? Come out clown and show your clown face,
give me an address, let's meet and kiss. You have my address Clown
come and get some of me clown.
Little Luke
> Cyberiade.it Anonymous Remailer wrote:
Who am I hiding from? You got me don't you? Nomen has my computer
address, follow it or are you THE CLOWN Cyberaide too? Come see me,
let me showq you what a tour in the Middle East will teach you.
Ron May
<jcor...@fake.invalid> wrote:
> Ron, you make a good point in that it's easy to set up a free account
> with, say, Yahoo or the like for actually providing a way to communicate
> via email.
>
> I've made my Yahoo email address public here many times, but am still
> nervous about using it constantly in my headers.
Anyone who puts a real email address in their Usenet headers
(including me) should expect to get spammed severely. On my Hotmail
address, it doesn't matter though because mail goes through several
stages of filtering.
The first is MSN/Hotmail's spam filters (not great, but better than
nothing.) The second is a domain block list on Hotmail I've built up
over the years that's almost like a hosts file in terms of
effectiveness, and it does most of the heavy lifting. Finally, on the
client side, I have Agent's Bayesian and Route by Identity (RBI) spam
filtering system. End result is that maybe 3-4 spam emails a week get
through on that address, but I still get the messages I want to get.
I can live with those kind of numbers, but I'd never risk using an
email address I really cared about on Usenet. If I had to start over
from scratch, I'd probably go with a dedicated Gmail account because
of Gmail's excellent spam filtering capabilities, and follow that up
with a good client side filter to catch what slips by.
Bear Bottoms
The Chief Instigator
I'll let my cousins in Jacksonville know about you. ;-)
--
Patrick "The Chief Instigator" Humphrey (pat...@io.com) Houston, Texas
www.io.com/~patrick/aeros.php (TCI's 2008-09 Houston Aeros) AA#2273
LAST GAME: Rockford 5, Houston 2 (April 25)
NEXT GAME: The 2008-09 season opener in early October
John Corliss
Not much slips by Yahoo either. That's why I've posted it to this group.
Joe Fretzel
> On Jul 3, 1:13=A0am, V . . V...@nguard.LH> wrote:
> > Cyberiade.it Anonymou \|||/ r wrote:
> > > Little Luke <lukeri (o o) mail.com> wrote:
> > ,--ooO--(_)-------.
> > > <FLUSH!> | Please! |
> > | Do Not Feed The |
> > > In case anyo | TROLL | Luke here is just
> > > another sock '------------Ooo--' l "Ari".
> > |__|__|
> > > Warm up your kill f || || starve it to death.
> > ooO Ooo
Anonymous Remailer
> Cyberiade.it Anonymous Remailer wrote:
>
> > Little Luke <lukeri...@gmail.com> wrote:
> >
> > <FLUSH!>
> >
> > In case anyone isn't already aware, Luke here is just
> > another sock puppet of our troll pal "Ari".
> >
> > Warm up your kill files and starve it to death.
>
> Luke, aka Ari, might be hiding by nymshifting (but you provide no proof
> of such).
Read headers. Check X-Trace and NNTP-Posting-Host, and Google's
injection info. Someone in AP outed the troll from his very first
post. Funnier than hell actually.
If you don't get the Brenda/Ari connection there's 400 or so
examples just like the one above I can start posting. And that's
just from ACF. There's probably thousands if I search across all
the groups this troll has infested.
> You are hiding behind dizum.
And YOU are hiding behind "VanguardLH". If you're going to sling
around insinuations of hypocrisy, best cure your own with a complete
profile here and now kiddo.
By the way, your email address is a violation of RFC2822. If you
want to *HIDE* behind address munging there's sanctioned TLD's with
which to do so.
And just for the record, Dizum has nothing to do with it. My strong
anonymity comes from something altogether different. Dizum adds
nothing at all to that. It's impossible for anyone to "hide" behind
that M2N service.
> The difference is ... um ...
> you two use a different mechanism but you're still both hiding. Ask who
> is hiding and both of you point at each other.
Or at you. Or anyone else who isn't posting with their full name in
the From: header and including phone and address information in
their sig, and MIME encoded nudes of themselves as attachments.
> A case of the pot calling the kettle ... another pot.
Exactly. So any time you want to apologize for sniping at others
because they're better at doing something you're doing yourself,
feel free. It would certainly be a welcome diversion from the
endless hypocrisy that seems to permeate Usenet in general.
Dave U. Random
Whatcha waitin' for mouth? Don't stand there puffin' your
chest out looking all pathetic and shit. Just do it.
>
>
> --
> Mike Easter
>
Anonymous Remailer
> On Jul 3, 1:02=A0am, Cyberiade.it An _______________
> <anonym...@remailer.cybe /| /| | |
> > Little Luke <lukeriden ||__|| | Please do |
> / O O\__ | NOT |
> > <FLUSH!> / \ | feed the |
> > / \ \ troll |
> > In case anyone isn / _ \ \ ______________|
> > another sock pupp / |\____\ \ ||
> > / | | | |\____/ ||
> > Warm up your ki / \|_|_|/ \ __|| .
> / / \ |____| ||
> Look here you m / | | /| | --| ill in anything, I
> will rip your a | | |// |____ --| AMNED throat. Did I
> make mys * _ | |_|_|_| | \-/
> *-- _--\ _ \ // |
> / _ \\ _ // | /
> * / \_ /- | - | |
> * ___ c_c_c_C/ \C_c_c_c____________
>
s|b
> Why not
> just plonk gmail altogether.
I'm quoting someone here:
"just plonk the assholes and move on with life"
Quit whining about it and just /do/ it; nobody wants to know.
FYI this whole thread is going to disappear in yet another kill filter
after I post this message.
*plonk*
--
s|b
Ron May
Love the ASCII art. Consider it SWIPED! <G>
Bear Bottoms
> On Thu, 03 Jul 2008 12:38:06 -0400, Joe Fretzel
> <jfre...@nowhere.invalid> wrote:
>
>> Little Luke wrote:
>>
>> > On Jul 3, 1:13=A0am, V . . V...@nguard.LH> wrote:
>> > > Cyberiade.it Anonymou \|||/ r wrote:
>> > > > Little Luke <lukeri (o o) mail.com> wrote:
>> > > ,--ooO--(_)-------.
>> > > > <FLUSH!> | Please! |
>> > > | Do Not Feed The |
>> > > > In case anyo | TROLL | Luke here is just
>> > > > another sock '------------Ooo--' l "Ari".
>> > > |__|__|
>> > > > Warm up your kill f || || starve it to death.
>> > > ooO Ooo
>
> Love the ASCII art. Consider it SWIPED! <G>
Hey, you know about JavE don't you? http://www.jave.de/#description
VanguardLH
> VanguardLH wrote:
>>
>> Luke, aka Ari, might be hiding by nymshifting (but you provide no proof
>> of such).
>
> Read headers. Check X-Trace and NNTP-Posting-Host, and Google's
> injection info. Someone in AP outed the troll from his very first
> post. Funnier than hell actually.
>
> http://groups.google.com/group/alt.comp.freeware/browse_thread/thread/430995a7aa28c99b/fb0672c1a232f683#fb0672c1a232f683
From that link, Little Luke posted from IP address = 76.101.10.138
(Comcast) using Google Groups. Ari didn't participate in that thread so
I searched for him/her (in this newsgroup). "Ari" was all of the
moniker that was mentioned here. One possible post was:
http://groups.google.com/group/alt.comp.freeware/msg/26d7ac03a7ee6ccf
Ari, according to the Path and Message-ID, posted through albasani.net,
not Google Groups. Albasani used an encoded value in the
NNTP-Posting-Host header (wz5ME2QgDMBB+C3tLiWhWBV7fmpKQBirmi/HELLd2z4=)
for Ari's post. Presumably only Albasani knows how to decode it, unless
you're claiming that it uses some standard encoding scheme that some
generally available and free utility can decode. So I cannot compare
Ari's IP address to Little Luke's.
Another of Ari's posts is at:
http://groups.google.com/group/alt.comp.freeware/msg/1a67eafdba0d1916
Alas, I see it went through individual.net and I already know they don't
include the sender's IP address (i.e., they are an anonymizing NNTP
host).
I went back a couple months (to almost the end of the Google Groups
search results on "Ari" in this newsgroup) to find one using "Ari
Silverstein" as the moniker, and found:
http://groups.google.com/group/alt.comp.freeware/msg/2ee9e3a05cad49e7
Nope, he was using individual.net back then, too, so no IP address
because no NNTP-Posting-Host header when using them. In another of
Ari's posts:
http://groups.google.com/group/alt.comp.freeware/msg/c1cd8a4d65fc9f3c
It looks like he went through highwinds-media from IP address
70.186.191.14 (Cox). While you can try to deduce the source from the
headers, Ari seems to be all over on multiple servers. Plus, some NNTP
hosts let the user specify their own Path header (I just found one a
couple days ago, Altopia.net) so the poster can bogify the headers with
which you are trying to identify them, allowing them to hide or better
imposter someone else. Hell, most NNTP hosts don't even override the
Message-ID header to put in their own despite whatever the user used for
a string in the one they wanted to put in their post. Look at all the
Forte Agent posters with ax.com as the domain in the Message-ID.
I then went searching on Little Luke posts in this newsgroups (26 of
them in 9 threads and only going back 2 days ago). They all went
through Google Groups from IP address 76.101.10.138 which is Comcast.
Did Ari ever post while on Comcast?
I don't see how the X-Trace header helps in identifying anyone,
especially when posting through different NNTP service providers. It is
generated when the connection is negotiated (and you have separate
connections when using NNTP for each posting) so even for the same
poster the X-Trace will vary on every connection they make to the same
NNTP host. The NSP can find out who submitted a post but that doesn't
help us figure out someone's identity. Since Little Luke is going
through Google Groups and Ari is going through multiple NNTP providers
but not Google Groups, how is an X-Trace for Ari on a non-Google
newsgroups host going to track to an X-Trace for Little Luke on a Google
host? Even within the same thread and with Ari both times using
Albasani to post through:
http://groups.google.com/group/alt.comp.freeware/msg/3f16f840c8b32bdb
http://groups.google.com/group/alt.comp.freeware/msg/26d7ac03a7ee6ccf
The X-Trace value is different. Same user, very probably using the same
computer, through the same NSP yet the X-Trace will be different on
every post.
From your link, I see the link between Little Luke and Brenda ...
possibly. It requires that Little Luke's dynamic IP address didn't
change because it's lease expired and Little Luke rebooted or power
cycled his host to get a new IP address which then happened to be the
dynamic IP address that Brenda was using before. Going by IP address
only works when looking over a very short interval. Dial-up users
ALWAYS get a different IP address everytime they connect to their ISP.
Cable/DSL users often get reassigned their same IP address when the
current one expires. The IP address, even after it expires, remains
assigned until the user restarts their OS or terminates their network
interface. So, and only for a broadband user (or someone that pays for
a static IP address), you have to be careful to check the IP address
over both a short and long interval to see how consistent it remains
with a poster. I think mine has changed a few times this year and I use
broadband. Sometimes it was because of an outage with my ISP so
everyone got new IP addresses when they came back up. Sometimes it
expired, I had rebooted, and found I had a new IP address. Twice over
several years I got stuck with an IP address that had been abused by a
spammer or infected user and had to request getting off the SORBS
blacklist. The IP address is not permanent. With such a short history
of posting here under the Little Luke moniker, I can't say that he
didn't possible end up getting assigned Brenda's IP address when it
expired for her.
> If you don't get the Brenda/Ari connection there's 400 or so
Cyberiade's post equated Little Luke to Ari. It wasn't about equating
Ari to Brenda. The link you gave claimed a link between Little Luke and
Brenda. I didn't waste my time looking at Brenda's posts to check for a
hookup there between one or both of the other two. I cannot come to the
same conclusion as did you using the headers available in those posts.
But then I naturally distrust posters that hide behind remailers. Hell,
you could be me pretending to be someone else while arguing with myself
to continue besmirching others while trying to continue the arguments.
Little Luke
> Anonymous Remailer wrote:
> > VanguardLH wrote:
>
> >> Luke, aka Ari, might be hiding by nymshifting (but you provide no proof
> >> of such).
>
> > Read headers. Check X-Trace and NNTP-Posting-Host, and Google's
> > injection info. Someone in AP outed the troll from his very first
> > post. Funnier than hell actually.
>
blah blah blah fuck you in your nose.
Little Luke
> On Thu, 3 Jul 2008 07:35:26 -0700 (PDT), Little Luke <lukeridenh...@gmail.com> wrote:
> > On Jul 3, 12:53 am, "Mike Easter" <Mi...@ster.invalid> wrote:
> >> Cyberiade.it Anonymous Remailer wrote:
>
> >> <something negative about another poster using terms like troll and
> >> sockpuppet and posting from an anonmizing remailer>
>
> >> Posting negative ad hominem things about other posters or posting from
> >> anonymous remailers - either or both are likely to get you filtered by
> >> some.
>
> >> --
> >> Mike Easter
>
> > Thank you Mike Easter I looked up anonymous remailers. This guy
> > doesn't want me to know who he is, good thing, i have taken clowns
> > like this and reached through their butt and pulled their dick inside
> > out. You hearing me clown? Come out clown and show your clown face,
> > give me an address, let's meet and kiss. You have my address Clown
> > come and get some of me clown.
>
> I'll let my cousins in Jacksonville know about you. ;-)
>
> --
> www.io.com/~patrick/aeros.php (TCI's 2008-09 Houston Aeros) AA#2273
> LAST GAME: Rockford 5, Houston 2 (April 25)
> NEXT GAME: The 2008-09 season opener in early October
You do that. NAS JAX boys?
Little Luke
> > Little Luke <lukeridenh...@gmail.com> wrote:
>
> > <FLUSH!>
>
> > In case anyone isn't already aware, Luke here is just
> > another sock puppet of our troll pal "Ari".
>
> > Warm up your kill files and starve it to death.
>
> Luke, aka Ari,
Vangaurd aka Dick in his mouth (indian tribal homosexual camp leader)
smilie
VanguardLH
When I used a true e-mail address in my posts, I also included a
signature. It stated that a passcode string must be added to the
Subject header to bypass my automatic filter. If the passcode wasn't in
the Subject header, and since that account was only used for
newsgroup-initiated e-mails, only humans sent e-mails there. Spambots
don't know how to read instructions. What they harvest doesn't include
the instructions. Their harvest is not reviewed by a spammer. The
spammer uses bulk mailing programs that will insert a Subject line based
on their criteria, not mine.
Malcontents that put my passcode in the Subject or body of their posts
still did not get it harvested by the spambots. They might've gotten my
e-mail address harvested by spambots but any spam to that account was
immediately deleted upon arrival unless it contained the passcode.
Malcontents that might've submitted my e-mail address to register or
record my e-mail address at a spam-friendly or spam-sourcing site still
wouldn't get past my filter since they won't have the passcode in the
Subject. If the account ever did get spammed, changing the passcode in
the filter and in my signature was easy and immediate.
I didn't need to munge my e-mail address. This causes problems for some
users of various e-mail clients when they tried to edit the To field in
their e-mail client. As soon as they tried to edit the string, it got
wiped and the user would have to enter it all manually. It did require
that they add the passcode somewhere within the Subject header. The
passcode was a scramble of alphanumeric characters, including one or two
non-alphanumerics, no spaces, but usually limited to 4 or 5 characters
maximum length. It was unique enough that it never appeared in spam
e-mails. It was equivalent to a strong password within that
deliberately short length (since I didn't want to overly encumber the
human sender).
I first started with the munged e-mail address. Then I went to a munged
e-mail address with the passcoded Subject header. After a while of
checking that no spam got through the passcoded newsgroups-only e-mail
account, I removed the munge. I didn't get any spams into that special
account when using a true e-mail address that required the passcoded
Subject.
Eventually I abandoned having an e-mail account dedicated for
newsgroup-related e-mails. I want the discussion to remain in the
thread in Usenet, not get disconnected by someone taking it offline via
e-mail. I don't participate in any newsgroups where the discussion is
sensitive or for some reason needs to be taken away from the newsgroup
discussion. In only a couple cases where I needed to take the
discussion offline, I used a disposable account or e-mail alias that
self-expired and required specific headers or content from the sender.
In 99.99% of the discussions, I don't want it going offline via e-mail.
In fact, in the signature that mentioned what passcode had to be added
when sending e-mail, I also specified that replies should be to the
newsgroup to share with others. I'm speaking in public and intend to
keep that discussion in public. (And since Usenet is a public
communication venue, I also have a strong dislike against the use of the
X-No-Archive header but those who want to punch holes in the thread.)
Most NSPs do not require a valid e-mail address in the From header in
posts submitted through them. That is evident by using munged e-mail
addresses or using .invalid as the TLD. Some do want a validly syntaxed
e-mail address string in the From header. I've even ran into one that
required the From value be a validly syntaxed e-mail address and that it
match the e-mail address recorded for my account registered for use of
that NSP. In the last case, I would go back to the passcoded Subject
and a special account used only for newsgroup-initiated e-mails.
Spambots can go on harvesting it and malcontents can go on posting it
but the spam gets immediately discard upon arrival so I never see it.
The Chief Instigator
> On Jul 3, 11:15 am, The Chief Instigator <patr...@io.com> wrote:
>> On Thu, 3 Jul 2008 07:35:26 -0700 (PDT), Little Luke <lukeridenh...@gmail.com> wrote:
>> > On Jul 3, 12:53 am, "Mike Easter" <Mi...@ster.invalid> wrote:
>> >> Cyberiade.it Anonymous Remailer wrote:
>>
>> >> <something negative about another poster using terms like troll and
>> >> sockpuppet and posting from an anonmizing remailer>
>>
>> >> Posting negative ad hominem things about other posters or posting from
>> >> anonymous remailers - either or both are likely to get you filtered by
>> >> some.
>>
>> >> --
>> >> Mike Easter
>>
>> > Thank you Mike Easter I looked up anonymous remailers. This guy
>> > doesn't want me to know who he is, good thing, i have taken clowns
>> > like this and reached through their butt and pulled their dick inside
>> > out. You hearing me clown? Come out clown and show your clown face,
>> > give me an address, let's meet and kiss. You have my address Clown
>> > come and get some of me clown.
>>
>> I'll let my cousins in Jacksonville know about you. ;-)
>
No, just regular non-spamming civilians.
--
Patrick "The Chief Instigator" Humphrey (pat...@io.com) Houston, Texas
Bear Bottoms
> Ron May wrote:
>
>> On Thu, 03 Jul 2008 05:30:26 -0700, John Corliss
>> <jcor...@fake.invalid> wrote:
>>
>>> Ron, you make a good point in that it's easy to set up a free account
>>> with, say, Yahoo or the like for actually providing a way to
>>> communicate
>>> via email.
>>>
>>> I've made my Yahoo email address public here many times, but am still
>>> nervous about using it constantly in my headers.
>>
>> Anyone who puts a real email address in their Usenet headers
>> (including me) should expect to get spammed severely. On my Hotmail
>> address, it doesn't matter though because mail goes through several
>> stages of filtering.
I have a few old email accounts which I use for various things...an old
gmail account I use here which is munged. However, for the most part I use
alias'. I don't have to worry about them at all. If spam starts coming, I
delete the alias or route it to another account. My primary email account
never has spam in it. Of course only family and friends know it.
Using alias' specifically identifying the recipient, let's you know who
sells your email to spammers. I promptly send a scathing reply to the
offender and unsubscribe from their service.
VanguardLH
I use sneakemail.com for e-mail aliases. Like you said, by creating a
unique one and doling it to just one recipient then you can identify who
caused you to be spammed through that alias. However, an alias divulged
publicly, like in Usenet, does not identify a unique recipient of that
alias.
Ron May
> When I used a true e-mail address in my posts, I also included a
> signature. It stated that a passcode string must be added to the
> Subject header to bypass my automatic filter. If the passcode wasn't in
> the Subject header, and since that account was only used for
> newsgroup-initiated e-mails, only humans sent e-mails there.
Now that *IS* an excellent suggestion for a dedicated email account. I
know you said you used a strong passcode, but but even a simple one
would suffice. It's the CAPTCHA method without the graphic. No real
way for an automated system to put the two together, and even if some
idiot tries to sign you up for "fr33 pr0n" there's no way to get the
passcode in the subject line. OTOH, any human who could conceivably
want to contact you at that email address would already have the
passcode and know how to use it.
I love elegant solutions.
Bear Bottoms
But of course my good man. It doesn't take long for spam to roll in from
email addy's exposed to Usenet. GMail does do a good job of filtering
though. When I order online say from XYZ, I provide my email addy as
X...@domain.com. If I recieve spam from that addy, I immediately stop doing
business with that company and tell them why.
I have been asked by companies why their name is part of the email addy,
and I tell them. I rarely get spam from those.
Bear Bottoms
> On Thu, 3 Jul 2008 16:04:14 -0500, VanguardLH <V...@nguard.LH> wrote:
>
>> When I used a true e-mail address in my posts, I also included a
>> signature. It stated that a passcode string must be added to the
>> Subject header to bypass my automatic filter. If the passcode wasn't in
>> the Subject header, and since that account was only used for
>> newsgroup-initiated e-mails, only humans sent e-mails there.
>
> Now that *IS* an excellent suggestion for a dedicated email account. I
> know you said you used a strong passcode, but but even a simple one
> would suffice. It's the CAPTCHA method without the graphic. No real
> way for an automated system to put the two together, and even if some
> idiot tries to sign you up for "fr33 pr0n" there's no way to get the
> passcode in the subject line. OTOH, any human who could conceivably
> want to contact you at that email address would already have the
> passcode and know how to use it.
>
> I love elegant solutions.
>
V-What happens to the filtered emails? Do you download them and filter
them to the dustbin or do they remain on the server?
VanguardLH
If available, I define server-side rules in that special-use account to
delete any e-mail that does not include the passcode in the Subject
header. In most cases, I have no control over the retention of items in
the Trash folder, so typically they get deleted from the server in a
week. My ISP's e-mail accounts lets me configure the retention time
down to 3 days, and I can define up to 6 additional accounts besides my
primary or owner account.
I don't use IMAP to access my e-mail accounts. I only use POP. POP has
no concept of folders up on the server. It only understands a single
mailbox from which it can retrieve e-mails. Since the non-passcoded
e-mails got moved out of the Inbox into the Trash folder up on the
server, and since the POP e-mail client only sees the Inbox folder,
there is no chance that the non-passcoded e-mails will show up in my
local POP e-mail client. If I went to using IMAP, I'd have to check if
I could NOT include the Bulk/Junk and Trash folders. There would be no
point in doing the server-side spam and rules filtering to only end up
downloading the unwanted e-mails to my local e-mail client. Only in the
case where the e-mail provider doesn't let me define server-side rules
(which is the case with my ISP) then I have to use client-side rules.
However, I use Magic Mail Monitor to alert me to new e-mails rather than
leave my e-mail client running all the time. Magic lets me define
filters within it so I can have it test for the passcode but only for a
specific account (the special-use one for newsgroups) and delete from
the server any that don't have the passcode. So only the headers get
downloaded by Magic and the special-use account remains clean from
e-mails in that account that are missing the passcode.
Actually, regarding the server-side rules, and for a special-use
account, it is easier to either configure it or define a rule that
rejects ALL e-mails upon delivery *unless* they have the passcode in the
Subject. This establishes an exclusive mode for the account where only
senders in my address book will get their e-mails delivered to my Inbox
along with anyone that uses the passcode. Hotmail makes exclusive mode
easy to setup with a single configuration option, and then I define a
rule to move passcoded e-mails into the Inbox. For other accounts, I
would define a rule that deletes e-mails from everyone (this excludes
the address book) except those with the passcode. In effect, known
senders in my address book get filtered in, passcoded e-mails get
filtered in, and everything else gets filtered out. I only this
exclusive mode in a special-use account. I do filtering a bit
differently for my common-use accounts.
Dave U. Random
<snip>
Part VI
rm1ijbpx28ic.1hbo44bt6ocey$.d...@40tude.net ruzl39fix5n9.1ax89muybg8sa$.d...@40tude.net
s4ubia5gejzi.xvcew2gnq8tf$.d...@40tude.net tt7jgqb1at7i$.1akuoqug...@40tude.net
u5k1trlyrv6f$.1a8towu86ceer$.d...@40tude.net u9poylb0g4p9$.11dnu8xjnqjl$.d...@40tude.net
uj4ey625ivfm.1h...@40tude.net uteyrqjxjnfu.1oh1468sx7i65$.d...@40tude.net
uzy3o78slmn6.1wshzl2cwxdpw$.d...@40tude.net v0x6kbhkfwnl.c5we7ydmtzah$.d...@40tude.net
vmsqxexmdfwv$.1nez7869...@40tude.net vwt0j0l2d4jr$.1m1fgnxc...@40tude.net
w1trmxd18im3$.xfi8lsaklqr7$.d...@40tude.net wa1lzlre0j1j$.6pnxdxtm...@40tude.net
wbbr5q33ih7m.v...@40tude.net wns1xyz44qln.g...@40tude.net
wre1qwx6947k$.9liowkjixmmc$.d...@40tude.net x37om1rxcyrx$.1tinktypim955$.d...@40tude.net
xd148xwtcl61$.1qripwmm...@40tude.net xfh1fho6htv2.16...@40tude.net
xnnbem5v349h.1p...@40tude.net xnoai2tftf9s$.35f9036n...@40tude.net
xpcbuwsxp6nx$.h0htpcr7...@40tude.net xsbke37o9r22$.5y7refd8...@40tude.net
xu8urr1pr1qj.1n...@40tude.net xurbnu6ncmj3$.1hq7wqwa...@40tude.net
y13kpn2xkic3$.uymwqjv4evcy$.d...@40tude.net ylq57elgu0uu$.zd6cnwkr...@40tude.net
yy0q8k25etxt$.1uujmjcbjrdq9$.d...@40tude.net zkddgu5wbdvh$.sun1oqgj...@40tude.net
zpb03e9zxgxj$.1gsb063j...@40tude.net zr9g6a66wtyj.12kbyamdfokpi$.d...@40tude.net
zs1glk55trpn$.152stypx...@40tude.net g169f7$jct$1...@aioe.org g2jdha$duq$1...@aioe.org
g276fa$4tn$1...@aioe.org g2jcm3$aoe$1...@aioe.org g33jvr$5pp$1...@aioe.org g33k7s$6vc$1...@aioe.org
g35g72$vku$1...@aioe.org g35goi$20d$1...@aioe.org 15i6nrtjrb0v$.fb493fpbv06i$.d...@40tude.net
g1q261$21u$1...@aioe.org vogmk6xwcybd$.16hfutrh...@40tude.net
wx9ymgkrc0ys.7...@40tude.net g1hh5q$jt2$1...@aioe.org g1p6aq$n9v$1...@aioe.org
Enjoy!
George Orwell
<snip>
Part V
foewxi91wnt1$.c4fi4wj3opx8$.d...@40tude.net fthngg$rd1$1...@aioe.org fthnls$rnt$1...@aioe.org
fthnp0$rrh$1...@aioe.org fthnvn$so1$1...@aioe.org fthobn$tv1$1...@aioe.org fthouu$nh$1...@aioe.org
fthp0g$10l$1...@aioe.org ftjpgo$oro$1...@aioe.org ftsncv$kt7$1...@aioe.org ftsov5$rdg$1...@aioe.org
ftsp2s$rkc$1...@aioe.org ftsp3t$saf$1...@aioe.org ftspbk$soo$1...@aioe.org ftspen$tmj$1...@aioe.org
ftspko$u56$1...@aioe.org ftspo5$v0k$1...@aioe.org ftspq9$v4u$1...@aioe.org fu2301$52k$1...@aioe.org
fu231v$531$1...@aioe.org fuidjo$nsi$1...@aioe.org fuidvj$pq6$1...@aioe.org fuldn9$6bf$1...@aioe.org
fuqbaf$thu$1...@aioe.org fuqe3a$bou$1...@aioe.org fuqe49$c35$1...@aioe.org fuqed2$ed8$1...@aioe.org
fuvg0k$q3d$1...@aioe.org fuvj4i$85l$1...@aioe.org fuvj98$91p$1...@aioe.org fuvjcn$9d1$1...@aioe.org
fv52tm$vsi$1...@aioe.org fv7g35$in2$1...@aioe.org fvi1se$ttv$1...@aioe.org fvkoae$2ku$1...@aioe.org
fvkpvp$aje$1...@aioe.org fvkqgf$dej$1...@aioe.org fvkqm8$ehb$1...@aioe.org fvkqof$erk$1...@aioe.org
fzenmrd9aeqr.k...@40tude.net g0sih9$r31$1...@aioe.org g14bq0$4u0$1...@aioe.org
g167jg$9ph$1...@aioe.org g168eb$ea6$1...@aioe.org g16ps3$hdl$1...@aioe.org g190g0$39o$1...@aioe.org
g1q23j$1uu$1...@aioe.org g1q9m3$qhh$1...@aioe.org g1rsp4$839$1...@aioe.org g1s815$mm2$1...@aioe.org
g1s84c$nic$1...@aioe.org g274rt$uqg$1...@aioe.org g2bgu2$u3q$1...@aioe.org g2bhak$vhn$1...@aioe.org
g2bhdg$i3$1...@aioe.org g2eke7$jkb$1...@aioe.org g2ekge$jnd$1...@aioe.org g2ekjq$jqk$1...@aioe.org
g2en87$tgf$1...@aioe.org g2ent4$vmv$1...@aioe.org g2eog0$2d5$1...@aioe.org g2j9d7$ucg$1...@aioe.org
g2j9l3$vgh$1...@aioe.org g2jac1$25k$1...@aioe.org g2jahh$31b$1...@aioe.org g2jasu$48g$1...@aioe.org
g2jb3l$53q$1...@aioe.org g2jc6s$9bs$1...@aioe.org g2jd8f$cv0$1...@aioe.org g2jeol$i9q$1...@aioe.org
g2jf67$k86$1...@aioe.org g2jhfo$sr3$1...@aioe.org g2ji65$v5b$1...@aioe.org g2jkj0$7vv$1...@aioe.org
g2tseu$qev$1...@aioe.org g35djn$mvq$1...@aioe.org g35dml$n3l$1...@aioe.org
g3ao7w0diavl.a...@40tude.net ga6vlej9c600$.1r0hdqfb5fqmw$.d...@40tude.net
h1pl8y268ayr.4v3zpxy4itjk$.d...@40tude.net h9ge5y53np90.2...@40tude.net
hewrhbc5s2hi.iljhx1ztgoff$.d...@40tude.net htmpeyhyvf4i$.vh9vn3wo1b7g$.d...@40tude.net
i0oquf1uo5hu.12...@40tude.net i0p5f7787gup$.11oji1j2...@40tude.net
i9nk9amq31q8.2...@40tude.net iaql4u23ldhd$.148td6dzbfbqh$.d...@40tude.net
if36vjl37b4p.7vrudhz7c5ok$.d...@40tude.net in7ogfa53d2d$.c728pbbg2h6x$.d...@40tude.net
iptt25h6pge9$.3mh56eel5fnv$.d...@40tude.net ivyo28ynm8nv$.1dxsw3ns...@40tude.net
iyj3z28tle7m.tox3u9ukkk1p$.d...@40tude.net jm1xupegv4eh$.11pmf6zr...@40tude.net
jmviuhcy8c63.1u1lg2iezbq48$.d...@40tude.net jn481x874pki$.d4pk3bzd...@40tude.net
kabc95vh7oe6.1gjsg1rwy3e6b$.d...@40tude.net kdk9gmf8jupn$.atw555g7uh99$.d...@40tude.net
kyjvrbxml3p3.cvduafe1ls13$.d...@40tude.net lcrlwro2el80.3...@40tude.net
li2wyy3xyrfk$.168gx1vb...@40tude.net ltbnevw4eceb.w...@40tude.net
m40n6z3z0z7s$.1q4ueqfcfc8xr$.d...@40tude.net myd45htvp4er$.fh0x6njx...@40tude.net
mzxqh0iz5ff0$.mm9iz909t8ni$.d...@40tude.net n420clqo2rck.1e8vxoiokfvhe$.d...@40tude.net
n48u9zjbq0th.2brppe3f47c$.d...@40tude.net nct5lg7vxbd8.8...@40tude.net
ncxck5ncmngw$.4naywoxi...@40tude.net nhjwknbtojv5.1w...@40tude.net
nio4g2swv9hv$.1s5a33lm...@40tude.net o4pcsuozkv8y.5...@40tude.net
p0rs9lk9lxxi.ycvth3xmvyll$.d...@40tude.net p76h64h1a9ha$.1tdl0ts3...@40tude.net
p7mhpshohz74.bwgg6nbalzgu$.d...@40tude.net p96au9eg2n1d.sdavvrtssq4t$.d...@40tude.net
pwn7hrntwbd8$.1xik5ots...@40tude.net pyruvxaiuqn5.14...@40tude.net
q3v9n0x9ln2r$.nn3ggm15rmal$.d...@40tude.net qmbqqh8lf1s3$.dogatyl0p8d8$.d...@40tude.net
Il mittente di questo messaggio|The sender address of this
non corrisponde ad un utente |message is not related to a real
reale ma all'indirizzo fittizio|person but to a fake address of an
di un sistema anonimizzatore |anonymous system
Per maggiori informazioni |For more info
https://www.mixmaster.it
Bear Bottoms
There is an abandoned freeware program called SpamAid (which I have a copy
of). It allows you to set a subject passcode and dumps those with out it
to the dustbin. Very easy to use, but a rather radical approach. I used to
use it a long time ago and I never ever got spam. You can also tell it to
just allow email from those in your contact list. Very easy to use and
does about the same thing.
Non scrivetemi
anon...@remailer.hastio.org
I do, but that's not a JavE job there. I wrote a Python script and
used my news client's hooks so that I can press a button, type the
name of the "brand" I want to use, and it does all the formatting
and quoting for me.
>
~~~~~~~~~~~~~~~~~~~~~
This message was posted via one or more anonymous remailing services.
The original sender is unknown. Any address shown in the From header
is unverified.
Bear Bottoms
>> Hey, you know about JavE don't you? http://www.jave.de/#description
>
> I do, but that's not a JavE job there. I wrote a Python script and
> used my news client's hooks so that I can press a button, type the
> name of the "brand" I want to use, and it does all the formatting
> and quoting for me.
>
Nice
George Orwell
<snip>
Part IV
1vjysh26cszkc$.1r6qxqe7kpkfh$.d...@40tude.net 1vpvbt4xbk50v.z...@40tude.net
1vqucee8w85mz.16fy663wtc76k$.d...@40tude.net 1w01gicuxrbud$.uhgkhx8g...@40tude.net
1w3kkl4l4wecw$.pvte7q0v...@40tude.net 1wsh64vg9r5on$.513fk320...@40tude.net
1wu9uxm7rb5yf.1...@40tude.net 1xcuuktwwe3kp$.12yk1t71kieb0$.d...@40tude.net
1xutw538r65wl.16sexmxzccxcb$.d...@40tude.net 1xxytw2w1njt9.n...@40tude.net
200tlplcgm5t.2...@40tude.net 22c9epfeouov$.1txoycg6yi0h0$.d...@40tude.net
2b0cgd1ovj80$.9wxz8npv...@40tude.net 2i58tdl3h51r.16eab4bd2bobf$.d...@40tude.net
2ps7arphnme1.1rf99c9ebzude$.d...@40tude.net 2ufaf3g93vvz$.15pfc9bk...@40tude.net
3hopirbeh5u9.53v5n8piqx82$.d...@40tude.net 3z4qvm2viyll.1t...@40tude.net
45w5dirgnq6f$.gw3b6e4ysmk9$.d...@40tude.net 46kvof1zi5i1$.7gwvjvixgmlu$.d...@40tude.net
4erqftc3umrr.e...@40tude.net 4s13q1a9mlzg$.1bnlj8tsyrcgs$.d...@40tude.net
54vvrq1xuycg.p...@40tude.net 5f3bw3si2txn.wa3ksbo01nde$.d...@40tude.net
5nwoubmtxpqc.ru1zywxkqt7s$.d...@40tude.net 5oh2byln1vwc.j903v0dj60he$.d...@40tude.net
5rv5ueqsadba.3...@40tude.net 5vpambjn15hn$.fb9qcdskgji7$.d...@40tude.net
5wwzdyai4q9t.18uzg4kttysjm$.d...@40tude.net 62mnntzulrbd$.hcumqvrp...@40tude.net
6492geocfzd0.1q...@40tude.net 6jhglngzq72z.1q...@40tude.net
6ph2wenruj4w.1yx2ctsgqql2$.d...@40tude.net 7k9o55ew5ll3.1t...@40tude.net
7nufvqfceynv.1jtt2qvo1noub$.d...@40tude.net 7p135pavonr5.1caizb4kpe9ag$.d...@40tude.net
7tfc6f6pq7c6$.1nvg240i...@40tude.net 7y00ugn93e6y.1ufbf0n0ae6aw$.d...@40tude.net
8adgg8catylv$.q501woxps5tw$.d...@40tude.net 8b13nq1v6oqb.xd87a3jaihmu$.d...@40tude.net
8bkd13xsvk60.r...@40tude.net 9mzchzgrgnce$.f6hm65dlyap5$.d...@40tude.net
9p94p19kp916$.r36owran...@40tude.net 9u2pc6l4gdii.1si9otj6g7j0q$.d...@40tude.net
9ua9wk5n5rbn$.1rvcitwsov50l$.d...@40tude.net a1rqz153p3gt.jbkc4lfyutoz$.d...@40tude.net
aam3yynfe1qn.124suzqz7gcib$.d...@40tude.net au9ug157fcdf$.1c8jgy8r...@40tude.net
awuz2tq4mggn$.m3mx49dg...@40tude.net b9he3xxv25j2.10...@40tude.net
ba08cgh48r6i.a...@40tude.net bfesqkz6yzzg$.ljm30zyf...@40tude.net
c52ko5r5p1iv$.mvi1cz0qnt3i$.d...@40tude.net cjxegjwzunj.j5...@40tude.net
ct1wa4ikn6h3$.msa4dyhh...@40tude.net cv5lcdacyj3c$.18o7e8wb...@40tude.net
cvsj2jkxrmfs.7...@40tude.net dxssg3cssfh7$.1bjl33tlh1cce$.d...@40tude.net
dy1pc9l4mksr$.1pk3ukhk...@40tude.net e6chtwchgddj.1ee7jgx3q60p1$.d...@40tude.net
eagukvxg6gee.11uatzcb8712$.d...@40tude.net ehbpfv5o0f2f$.3r81f0y54mf3$.d...@40tude.net
eq47br59occd$.1xscplwi...@40tude.net f939xejeu5s6.16...@40tude.net
fcliqdqi32g2.1i...@40tude.net fe85xire9rd5$.odwca0622vv2$.d...@40tude.net
George Orwell
<snip>
Part I
g1p6q1$opj$1...@aioe.org fuqa22$odc$1...@aioe.org g0sj7b$tl0$1...@aioe.org g12c9j$iim$1...@aioe.org
g12cc0$ili$1...@aioe.org g14bu9$56e$1...@aioe.org g14r0k$789$1...@aioe.org g167fd$8ph$1...@aioe.org
g168c3$dfu$1...@aioe.org g16e69$kqj$1...@aioe.org g1rtic$b5m$1...@aioe.org g1s8ri$q0p$1...@aioe.org
g1sa2q$unp$1...@aioe.org g1ukkr$q79$1...@aioe.org g1ukld$q7s$1...@aioe.org g21lmj$lk6$1...@aioe.org
g21lrv$mgs$1...@aioe.org g21m1h$mnb$1...@aioe.org g273u9$rjb$1...@aioe.org g282sn$877$1...@aioe.org
g283ji$b12$1...@aioe.org g2bdkj$hm6$1...@aioe.org g2ejf7$fj2$1...@aioe.org g2jdlf$eoi$1...@aioe.org
g2je2l$g19$1...@aioe.org g2jehe$i01$1...@aioe.org g2jk8m$6vc$1...@aioe.org g2jl1g$9r1$1...@aioe.org
g2jl5o$a0i$1...@aioe.org g2jmna$g2i$1...@aioe.org g2jmq6$g6j$1...@aioe.org g2jo3b$kh1$1...@aioe.org
g2joig$mf2$1...@aioe.org g2jp7d$ome$1...@aioe.org g2jqh9$tio$1...@aioe.org g2mfq0$qr7$1...@aioe.org
g2mgl1$tvs$1...@aioe.org g2mh4l$vg2$1...@aioe.org g2mhao$o9$1...@aioe.org g2mvb4$old$1...@aioe.org
g2mvh2$p0f$1...@aioe.org g2mvkb$pog$1...@aioe.org g2n09a$s5c$1...@aioe.org g2n0m6$tdr$1...@aioe.org
g2n14q$vam$1...@aioe.org g2n1in$17h$1...@aioe.org g2n1n1$214$1...@aioe.org g2pt33$mu3$1...@aioe.org
g2pu6f$q36$1...@aioe.org g2puhn$rro$1...@aioe.org g2put6$svb$1...@aioe.org g2pv3v$tut$1...@aioe.org
g2pvft$uu9$1...@aioe.org g2pvkr$v78$1...@aioe.org g2pvmr$vs7$1...@aioe.org g2pvrc$bd$1...@aioe.org
g2q03n$1ir$1...@aioe.org g2q0he$2mr$1...@aioe.org g2r5fp$5ld$1...@aioe.org g2r5s3$6v0$1...@aioe.org
g2r5vg$747$1...@aioe.org g2r64c$7ug$1...@aioe.org g2r6ro$a7p$1...@aioe.org g2r7ej$cce$1...@aioe.org
g2r7g0$cji$1...@aioe.org g2r7he$d90$1...@aioe.org g2r7jb$dbb$1...@aioe.org g2r81s$ehi$1...@aioe.org
g2r82g$eml$1...@aioe.org g2r830$en5$1...@aioe.org g2roar$cdr$1...@aioe.org g2ron1$dmq$1...@aioe.org
g2tpak$f6o$1...@aioe.org g2tpbh$f7p$1...@aioe.org g2trqv$o79$1...@aioe.org g2tsbp$qb1$1...@aioe.org
g2tsl1$rep$1...@aioe.org g2u04q$912$1...@aioe.org g2u08d$95p$1...@aioe.org g2u0kp$b3t$1...@aioe.org
g2u0nk$b7n$1...@aioe.org g2u0uu$c7c$1...@aioe.org g2u17t$dc0$1...@aioe.org g2u1lb$ei6$1...@aioe.org
g2u2cb$hnb$1...@aioe.org g2u2i8$hve$1...@aioe.org g2u2m4$ip2$1...@aioe.org g2u2pj$it5$1...@aioe.org
g2u3c4$l1b$1...@aioe.org g2u3ii$m11$1...@aioe.org g2u46j$o8n$1...@aioe.org g301qp$cps$1...@aioe.org
g302os$h25$1...@aioe.org g302u1$jh6$1...@aioe.org g302vq$jjb$1...@aioe.org g3033b$kb1$1...@aioe.org
g30hij$8u6$1...@aioe.org g30iea$btv$1...@aioe.org g30ikj$cnh$1...@aioe.org g30ipp$d27$1...@aioe.org
g30j5o$e3l$1...@aioe.org g30jj2$fup$1...@aioe.org g33ihp$vq2$1...@aioe.org g35et8$rc5$1...@aioe.org
g35f0q$rfp$1...@aioe.org g35f67$sa9$1...@aioe.org g35fin$tkn$1...@aioe.org g35fpl$uej$1...@aioe.org
g35fs3$ulb$1...@aioe.org g35gfi$123$1...@aioe.org g35sjn$ehl$1...@aioe.org
Joe Fretzel
Anonymous
<snip>
Part II
zz8v9v3gccme.1g...@40tude.net g2ipvj$4qe$1...@aioe.org
ys6g6n5rwcyj.1kx3wkvye7mf3$.d...@40tude.net 9mxeznj78das$.1bsdzhe8...@40tude.net
g11t9d$ne7$1...@aioe.org 1ctzdsxmgkv6c$.1qm4yjwp8rdhu$.d...@40tude.net g1p702$pl0$1...@aioe.org
g1hh28$ji6$1...@aioe.org g1jclq$qqh$1...@aioe.org 15jm04gmk6asa$.sa5jwsao...@40tude.net
1end152c4c7fs$.1r1i47o0zfa6z$.d...@40tude.net 1f5v6jvip1jwk.rq6rvxq1gq3i$.d...@40tude.net
1ubqr0bijhtuh.8...@40tude.net pyoqa6ce9j6l.89g6hukjh70b$.d...@40tude.net
sbygirs0on01.r...@40tude.net 1065h3y9ay9tn.pamhhuvpvit$.d...@40tude.net
10c1gy0j1tt6t.1...@40tude.net 1136tw7tt7c3l$.1javvpqwvt7wx$.d...@40tude.net
114y0cjcotaaw.ze0wfcdemtjp$.d...@40tude.net 1171ysl4igaqk$.gwybemevmga8$.d...@40tude.net
11ezb8qbvwmbm$.1mxxw1yg...@40tude.net 11liqz92w3355.j...@40tude.net
11tpikwf7y3k4.n...@40tude.net 11xk1ti7xh5us$.1x3y1p2z...@40tude.net
122qg32ew6a0f.1...@40tude.net 1281xle5v8xzb$.8vxtyblm...@40tude.net
129v2z3kt21ak.c0haox3xv0cx$.d...@40tude.net 12a53h4r7cejs.1...@40tude.net
12bs03e3chwqs$.1uil8z3t...@40tude.net 12cpha4y75s70.1...@40tude.net
12h44y949n4xl$.1lc06fury92tt$.d...@40tude.net 12nisv9r643fc.1...@40tude.net
12prwk04orbvp$.jq3o1w8t...@40tude.net 12r2eubbrhuzr$.kf33vv8zpeb7$.d...@40tude.net
131ke843je5a9.s...@40tude.net 132pzmnswwpmo$.1nb4n31p6nk7t$.d...@40tude.net
13bp7tus4d34d.1...@40tude.net 13kmhvdn1xhhd.q...@40tude.net
13nbtx3r1gvk3$.pizxjki8...@40tude.net 143vcnm0nb7fo$.3nqzxac2...@40tude.net
14hpy2ckxm29n.1bn6cm19je62n$.d...@40tude.net 14phk5ew1ht9p.6...@40tude.net
14r7jzuytpeyg$.1dfis3i5...@40tude.net 14rbbx8z1cmsl.124o00ve6x2li$.d...@40tude.net
14yrwwawrla97$.h2rrfgci46th$.d...@40tude.net 15sz5udzibs8z$.jwkb3lz2g8d1$.d...@40tude.net
15u4a6bh61asv.7zn8r40m8eyw$.d...@40tude.net 166hf2fan75ob.1...@40tude.net
16m5t55w3rdmr$.1uex2lw7...@40tude.net 16wbs1e5fv9xu$.1vxwmu77...@40tude.net
172cw4udkmxlf$.14vov4sjl6qfh$.d...@40tude.net 1795dyjiq7uom$.jayo6cezbbi4$.d...@40tude.net
17bf0sz14pwvs$.tobzao9w...@40tude.net 17fl82rnq904l.d...@40tude.net
17iaq61so5buc$.fufdnmlqdzgz$.d...@40tude.net 17rer6xpz5ds2.1...@40tude.net
180d3klon08kc.1q3hqi7k3b6td$.d...@40tude.net 180irgcsk8xm2.8damozcxs404$.d...@40tude.net
18cgyxf2ytasi$.1qihjus6ckwex$.d...@40tude.net 18kynxtvydxfi.dpcbjsvwbawc$.d...@40tude.net
18v07nge80b5.1f...@40tude.net 18wansmmwov0o$.1hfd7thnsnm4$.d...@40tude.net
1911okvypwgss$.oxy4o5wtgm9m$.d...@40tude.net 197g8dky13lhh$.9i9wlqwj...@40tude.net
197ox2d8qgcez$.16aghgqq0j35a$.d...@40tude.net 198t0ztwb98ul.mghyihj1v1yk$.d...@40tude.net
19f1jw41ja0am$.km3ar160mian$.d...@40tude.net 19ns794ewqb4e.1hr23benewfpp$.d...@40tude.net
VanguardLH
Not sure why I need software to define a rule and add a comment in a
signature.
Dave U. Random
> > http://groups.google.com/group/alt.comp.freeware/browse_thread/thread/430995a7aa28c99b/fb0672c1a232f683#fb0672c1a232f683
>
> From that link, Little Luke posted from IP address = 76.101.10.138
<discarded unread>
Good lord you're one willfully ignorant SOB. First of all, nice
snip and run from the fact that you're whining about people
"hiding" when you're exactly as guilty of it as everyone you're
whining about.
Second of all, I'll re-post the same huge list of message ID's that
someone posted here just a while ago broken up in chunks, because
apparently you were napping. Check every damned one if you like,
they're all from the exact same IP address. It's hashed, but every
one is identical. The troll your ignorant ass is defending uses
dozens of nyms and every free server he can abuse. In fact the
troll managed to get kicked off two of them already. Maybe more,
since the fucker is now playing his nymhopping games via Google.
Take your time, hypocrite hiding behind a false identity, but if
you don't "get it" from the info I'm providing *again* don't waste
my time any more. You're beyond help.
Anonymous
Anonymous Remailer
VanguardLH
And your repeated but unidentified point was? That Brenda posts through
AIOE (from checking some of the few posts from your links) and where
AIOE also doesn't show the sender's IP address? That she consistently
posts using 40tude Dialog and through AIOE? How does that equate her to
Little Luke or to Ari?
You need to provide the technical proof of your claim, not a list of
posts hoping someone gets snowballed by the list and accedes to your
claim.
Sparky
Hash: RIPEMD160
VanguardLH wrote:
>
>
> Anonymous Remailer wrote:
>
>> VanguardLH wrote:
>>>
>>> Luke, aka Ari, might be hiding by nymshifting (but you provide no proof
>>> of such).
>>
>> Read headers. Check X-Trace and NNTP-Posting-Host, and Google's
>> injection info. Someone in AP outed the troll from his very first
>> post. Funnier than hell actually.
>>
>> http://groups.google.com/group/alt.comp.freeware/browse_thread/thread/430995a7aa28c99b/fb0672c1a232f683#fb0672c1a232f683
>
> From that link, Little Luke posted from IP address = 76.101.10.138
I think that's the point. It's the same IP address Ari, Brenda, Luke,
Fred Sanders, John M. Martin, Loverly Vagina, Pus Pockets, Mxsmanic,
Tim Blite, Ron Rechtum, Ronnie Rataj, Ted Sherman, Madhav, and about two
dozen "other people" use. Hell, even Bear Bottoms and Hummingbird seem
to have posted from there on occasion. Ye's he's not just a troll, he's
a forger.
Anonymous is right. This "person" is nothing but net scum. Its sole
reason or existing is to cross post and flame, just to cause trouble.
> http://groups.google.com/group/alt.comp.freeware/msg/26d7ac03a7ee6ccf
>
> Ari, according to the Path and Message-ID, posted through albasani.net,
> not Google Groups. Albasani used an encoded value in the
> NNTP-Posting-Host header (wz5ME2QgDMBB+C3tLiWhWBV7fmpKQBirmi/HELLd2z4=)
> for Ari's post. Presumably only Albasani knows how to decode it, unless
We've already established the fact that Ari and Brenda, and the dozens
of other troll nyms, all post from the same IP. We got confirmation from
the admins of one of the servers it abused that the encoded values all
pointed to the exact same place. None of that is in question. Nor is the
obvious childishness and vulgarity the troll uses in every permutation.
> you're claiming that it uses some standard encoding scheme that some
> generally available and free utility can decode. So I cannot compare
> Ari's IP address to Little Luke's.
Some do, some don't. Or rather, the tool they use is standard because
it's a hash function, but some include a "password" in the hashed text,
or the time/date/MID/etc so that each hash is different all the time.
Some simply hash the IP itself, and those will all be the same even if
you can't "decode" them.
This particular troll was nailed right here in this group, by
Hummingbird I believe. Or at least he got the ball rolling. An anonymous
poster did the rest.
The server that nailed him was AIOE, which hashes the IP or IP+password
so every NNTP-Posting-Host is consistent. And the anonymous poster
relayed an email flatly stating that the IP had been banned from that
server. That's what started the Albasani and Individual.net phase. And
now, probably due to the numbers of complaints being made, the troll has
turned to Google but apparently didn't realize Google forwards your IP
with every post.
> Another of Ari's posts is at:
>
> http://groups.google.com/group/alt.comp.freeware/msg/1a67eafdba0d1916
>
> Alas, I see it went through individual.net and I already know they don't
> include the sender's IP address (i.e., they are an anonymizing NNTP
> host).
They're not, they simply mask a poster's IP address. They have the
ability to know what IP address each post came from.
> http://groups.google.com/group/alt.comp.freeware/msg/c1cd8a4d65fc9f3c
>
> It looks like he went through highwinds-media from IP address
> 70.186.191.14 (Cox). While you can try to deduce the source from the
That post was from Bear Bottoms.
Are you trying to pull something here?
> headers, Ari seems to be all over on multiple servers. Plus, some NNTP
Yes. He absolutely is "all over on multiple servers". That too is the
point. His abuse probably extends far beyond even the notably large
amount he's subject this group to.
> hosts let the user specify their own Path header (I just found one a
That's why I never pay attention to path headers. :)
Ironically enough though, "Ari" has tried to forge path headers and been
caught.
> couple days ago, Altopia.net) so the poster can bogify the headers with
> which you are trying to identify them, allowing them to hide or better
> imposter someone else. Hell, most NNTP hosts don't even override the
> Message-ID header to put in their own despite whatever the user used for
What does message ID have to do with it? We're all aware they're
optionally generated by the client most of the time.
> I then went searching on Little Luke posts in this newsgroups (26 of
> them in 9 threads and only going back 2 days ago). They all went
Right about the time "Ari" seemed to disappear. Immediately after
someone made a post suggesting they were going to forward all the trolls
abuse to the two servers he stated using after he was thrown off AIOE.
> through Google Groups from IP address 76.101.10.138 which is Comcast.
> Did Ari ever post while on Comcast?
Yes. Using multiple identities.
> The X-Trace value is different. Same user, very probably using the same
> computer, through the same NSP yet the X-Trace will be different on
> every post.
That's because X-Trace contains different information than posting host
headers.
> From your link, I see the link between Little Luke and Brenda ...
> possibly. It requires that Little Luke's dynamic IP address didn't
> change because it's lease expired and Little Luke rebooted or power
They've all been using the same IP address for what seems like years.
And the very first post "Luke" made, was about "Ari and Brenda". It's
the one that outed him that was referenced above.
A dynamic IP address reassigned to a user who happens to know the
previous owner? And also reads Usenet let alone posts to the same
newsgroups... *about* that previous owner??
Puhlease...
How thin would you like to try and stretch things here, guy? ;)
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAkhtrEMACgkQUZCI41IC43jJpQCfSmV1HpQaCOoU4HlztBBmvfQw
E9UAn3Mt2K2xF7QwApeVsjzBtU8lCX3d
=Uv6n
-----END PGP SIGNATURE-----
Sparky
Hash: RIPEMD160
VanguardLH wrote:
List snipped...
> And your repeated but unidentified point was? That Brenda posts through
> AIOE (from checking some of the few posts from your links) and where
> AIOE also doesn't show the sender's IP address? That she consistently
> posts using 40tude Dialog and through AIOE? How does that equate her to
> Little Luke or to Ari?
Check the posting host headers from some of those posts. They're all the
same.
> You need to provide the technical proof of your claim, not a list of
> posts hoping someone gets snowballed by the list and accedes to your
> claim.
The flood of message ID's was a bit excessive, but it really is the
technical proof you're looking for.
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAkhtt4UACgkQUZCI41IC43jOcgCfUTCXDMy/hFnSGsjTPMzI1VpH
RxoAoKbxefIfiCp2fcUFIdujYYF6FFAS
=N0rr
-----END PGP SIGNATURE-----
VanguardLH
> VanguardLH wrote:
>
> List snipped...
>
>> And your repeated but unidentified point was? That Brenda posts through
>> AIOE (from checking some of the few posts from your links) and where
>> AIOE also doesn't show the sender's IP address? That she consistently
>> posts using 40tude Dialog and through AIOE? How does that equate her to
>> Little Luke or to Ari?
>
> Check the posting host headers from some of those posts. They're all the
> same.
>
>> You need to provide the technical proof of your claim, not a list of
>> posts hoping someone gets snowballed by the list and accedes to your
>> claim.
>
> The flood of message ID's was a bit excessive, but it really is the
> technical proof you're looking for.
Yes, I already said that I saw (from a partial selection of the provided
links) that the posts were made by someone using the name Brenda, that
Brenda posted through AIOE, and that AIOE doesn't include an IP address
in the NNTP-Posting-Host header (if the header is even present). I
noticed but didn't mentioned that Brenda always shows a Gmail addy in
the From header.
And that shows that Brenda is Little Luke and/or Ari how? If Anonymous
and you can't come right out and stipulate what you claim is the proof
from all those posts as to the nymshifting then you don't have any
substantiation of your claim. Come on, come right out, and overtly
state what you claim of the headers proves Brenda is Little Luke is Ari
Silverstein.
Just what is that magical tie between these 3 that YOU see in those
headers. Stop with the "go look at the headers". State what is YOUR
analysis of them. YOU are the ones claiming the 3 are the same. So
prove it with what YOU claim is proof by whatever is YOUR analysis of
all that data. Facts are indisputable but facts are not truth. Truth
is the interpretation of the facts but you've provided no insight on
what truth was made by your interpretation of the facts.
I see a consistent poster that uses the same name and same NNTP service.
They don't match up with the other identities. Does that prove that
they are not the same person? No. Does it prove they are the same
person? Not thoroughly possible in Usenet when there are NNTP providers
that won't show the IP address of the sender. I cannot prove that they
are different posters but only state that your implied but never
explained proof can't show they are the same poster. There is
insufficient evidence to see they are the same poster but you claim
there is evidence. You present the data but without any analysis or
what is the basis of your proof by that analysis.
hummingbird
On Thu, 3 Jul 2008 15:06:23 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
--snip--
'VanguardLH', to add to Sparky's and Anonymous's post on this,
here's some more from a recent post I made in:
MID: <b711b7e16a322e28...@localhost.127.0.0.1>
======================================================
"There are lots of nyms all using the same AIOE posting host:
"NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org"
Which means they all come from the same IP Address...
Here's a list of nyms used over the past month or so
on <alt.comp.freeware>:
-Mxsmanic
-Krazee Brenda <brenda...@gmail.com>
-Ari <arisilv...@yahoo.com>
-"Madhav \"Mr. Nepal\" Acharya" <mach...@tampabay.rr.com>
-Help! I Need SomeBooty! <efacs...@gmail.com>
-I Poked Fuckahontas <Ipoke...@thecasino.com>
-Tim Blite <tmb...@yahoo.com>
-Ted Sherman <tedsherm...@yahoo.com>
-Highest Quality Squack <lylemc...@onr.com>
-"John M. Martin Jr." <jo...@prairieinet.net>"
======================================================
I might also add that during the sporge era (Sep/2007-Feb/2008)
I was lurking on several other groups where it was being debated
daily. 'Ari' was posting on a.p.a-s and getting a lot of stick.
Afaik sci.crypt was the first group to get hit with sporge and
received masses of it...much more than ACF. On one day alone
it was hit with 20,000 sporge posts.
I have no conclusive evidence of this but I had the strong feeling
at the time that Ari was responsible for the sporge ...or at least
involved in it. Given his big fall-out on sci.crypt over barcoding
encryption and given his track record on ACF recently, that view
remains.
--
"All truth passes through three stages.
First, it is ridiculed, second it is violently opposed,
and third, it is accepted as self-evident"
(Arthur Schopenhauer)
Sparky
Hash: RIPEMD160
VanguardLH wrote:
>> Check the posting host headers from some of those posts. They're all the
>> same.
>>
>>> You need to provide the technical proof of your claim, not a list of
>>> posts hoping someone gets snowballed by the list and accedes to your
>>> claim.
>>
>> The flood of message ID's was a bit excessive, but it really is the
>> technical proof you're looking for.
>
> Yes, I already said that I saw (from a partial selection of the provided
> links) that the posts were made by someone using the name Brenda, that
> Brenda posted through AIOE, and that AIOE doesn't include an IP address
> in the NNTP-Posting-Host header (if the header is even present). I
> noticed but didn't mentioned that Brenda always shows a Gmail addy in
> the From header.
You're confused. AIOE certainly does include an NNTP-Posting-Host
header in posts made through that service, and that header includes all
the information needed to identify posters from the same IP address.
- From headers have nothing to do with it beyond being a record of all the
abusive nyms the troll has used.
> And that shows that Brenda is Little Luke and/or Ari how? If Anonymous
> and you can't come right out and stipulate what you claim is the proof
> from all those posts as to the nymshifting then you don't have any
> substantiation of your claim. Come on, come right out, and overtly
> state what you claim of the headers proves Brenda is Little Luke is Ari
> Silverstein.
If you'd be so kind as to let go of your arrogance for just long enough
to reread the very first sentence I typed in the message you just
replied to, the 14 simple English words quoted above, you'll have your
answer.
> Just what is that magical tie between these 3 that YOU see in those
> headers. Stop with the "go look at the headers". State what is YOUR
The tie is the fact that they all came from the same IP address. And a
host lookup will show that it's from a pool of residential addresses.
> analysis of them. YOU are the ones claiming the 3 are the same. So
Those three, and many more. Just in this group alone. Lord knows how
many other troll identities this sociopath has used to molest other
groups.
> prove it with what YOU claim is proof by whatever is YOUR analysis of
> all that data. Facts are indisputable but facts are not truth. Truth
> is the interpretation of the facts but you've provided no insight on
> what truth was made by your interpretation of the facts.
What "insight"? It doesn't take a rocket scientist to figure out what
"NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" being 100%
consistent throughout hundreds of posts means.
> I see a consistent poster that uses the same name and same NNTP service.
> They don't match up with the other identities. Does that prove that
You're apparently seeing only what you want to see, not what's actually
there.
> they are not the same person? No. Does it prove they are the same
> person? Not thoroughly possible in Usenet when there are NNTP providers
> that won't show the IP address of the sender. I cannot prove that they
> are different posters but only state that your implied but never
> explained proof can't show they are the same poster. There is
Baloney.
Message-ID: <g4ka91$o74$1...@news.mixmin.net>
> insufficient evidence to see they are the same poster but you claim
> there is evidence. You present the data but without any analysis or
> what is the basis of your proof by that analysis.
What "analysis"? The posts all came from the exact same IP address.
Period. That much is self evident. You don't have to ponder it, there's
nothing to calculate, it's right there in every single message like a
bright red flashing neon sign. Even if the owner of AIOE.org himself
hadn't confirmed it, it would be an undeniable fact.
What is it that's befuddling you so badly here?
-----BEGIN PGP SIGNATURE-----
iEYEAREDAAYFAkht5xcACgkQUZCI41IC43i5RgCfVca7PeXGgIiXR3fPKKCn0vMr
ZLgAn3L5BiOan+17fa4sgat92CGjYOyE
=hrNq
-----END PGP SIGNATURE-----
hummingbird
On Fri, 4 Jul 2008 02:41:11 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
>Yes, I already said that I saw (from a partial selection of the provided
>links) that the posts were made by someone using the name Brenda, that
>Brenda posted through AIOE, and that AIOE doesn't include an IP address
>in the NNTP-Posting-Host header (if the header is even present). I
>noticed but didn't mentioned that Brenda always shows a Gmail addy in
>the From header.
Some explanation...
I was the person who first blew the whistle on the AIOE game
by Brenda/Ari et al.
AIOE *does* add the header "NNTP-Posting-Host:* which contains
a hash of the users actual IP Address. That's how Paulo was able
to easily block that IP when someone complained.
>And that shows that Brenda is Little Luke and/or Ari how?
None of the evidence presented so far (afaik) categorically ties
all these nyms to being the same physical person. What it does do
is tie them all to the same IP Address. That probably means they
are in the same residence.
My guess is there's 1-4 people sharing a local LAN and they're
all posting to ACF and other newsgroups under different nyms
and changing their nyms frequently. I already posted a list of
nyms used on ACF up to early June through AIOE, since then
the number has increased a lot thru other servers.
(Comments above exclude that someone might be forging headers)
hummingbird
On Thu, 03 Jul 2008 20:51:20 -0500 'Bear Bottoms'
wrote this on alt.comp.freeware:
>There is an abandoned freeware program called SpamAid (which I have a copy
>of). It allows you to set a subject passcode and dumps those with out it
>to the dustbin. Very easy to use, but a rather radical approach. I used to
>use it a long time ago and I never ever got spam. You can also tell it to
>just allow email from those in your contact list. Very easy to use and
>does about the same thing.
Magic Mail Monitor can do all that too.
As you say, Subject password codes are a bit radical...
Bear Bottoms
wrote:
> Magic Mail Monitor
Checking it out.
SSL support for gmail, yahoo etc.
Optional settings storage in ini file - create magic.ini file to activate
it;
Protected messages could not be deleted;
New filter actions: protect and friend-like;
Optional protection of messages from friends;
Message viewer can be selected;
"Jump to end" option for header view
Most important changes, made since last official version 2.9:
Filters!
Friends list
read/unread logic
Multilanguage interface
Ability to download just first N KB of message for preview
Ability to display raw headers in Mail properties
Support for KOI8 and UTF8 encodings
Little Luke
> On Thu, 3 Jul 2008 13:38:27 -0700 (PDT), Little Luke <fjcam...@gmail.com> wrote:
> > On Jul 3, 11:15 am, The Chief Instigator <patr...@io.com> wrote:
> >> On Thu, 3 Jul 2008 07:35:26 -0700 (PDT), Little Luke <lukeridenh...@gmail.com> wrote:
> >> > On Jul 3, 12:53 am, "Mike Easter" <Mi...@ster.invalid> wrote:
> >> >> Cyberiade.it Anonymous Remailer wrote:
>
> >> >> <something negative about another poster using terms like troll and
> >> >> sockpuppet and posting from an anonmizing remailer>
>
> >> >> Posting negative ad hominem things about other posters or posting from
> >> >> anonymous remailers - either or both are likely to get you filtered by
> >> >> some.
>
> >> >> --
> >> >> Mike Easter
>
> >> > Thank you Mike Easter I looked up anonymous remailers. This guy
> >> > doesn't want me to know who he is, good thing, i have taken clowns
> >> > like this and reached through their butt and pulled their dick inside
> >> > out. You hearing me clown? Come out clown and show your clown face,
> >> > give me an address, let's meet and kiss. You have my address Clown
> >> > come and get some of me clown.
>
> >> I'll let my cousins in Jacksonville know about you. ;-)
>
> > You do that. NAS JAX boys?
>
> No, just regular non-spamming civilians.
>
> --
> Patrick "The Chief Instigator" Humphrey (patr...@io.com) Houston, Texas
> www.io.com/~patrick/aeros.php (TCI's 2008-09 Houston Aeros) AA#2273
> LAST GAME: Rockford 5, Houston 2 (April 25)
> NEXT GAME: The 2008-09 season opener in early October- Hide quoted text -
>
> - Show quoted text -
I live out in Ponte Vedra, if they are in the neighborhood....
hummingbird
On Fri, 04 Jul 2008 09:12:16 -0500 'Bear Bottoms'
wrote this on alt.comp.freeware:
>On Fri, 04 Jul 2008 08:57:22 -0500, hummingbird <hummi...@127.0.0.1>
>wrote:
>
>> Magic Mail Monitor
Yep, it's a good program and I cut my regex teeth on it.
It also supports having FreePops plugged into it for handling
webmail accounts (hotmail/yahoo/gmail et al).
Little Luke
> Bear Bottoms wrote:
> > On Thu, 03 Jul 2008 13:47:42 -0500, Ron May <may...@hotmail.com> wrote:
>
> > > On Thu, 03 Jul 2008 12:38:06 -0400, Joe Fretzel
> > > <jfret...@nowhere.invalid> wrote:
>
> > >> Little Luke wrote:
>
> > >> > On Jul 3, 1:13=A0am, V . . V...@nguard.LH> wrote:
> > >> > > Cyberiade.it Anonymou \|||/ r wrote:
> > >> > > > Little Luke <lukeri (o o) mail.com> wrote:
> > >> > > ,--ooO--(_)-------.
> > >> > > > <FLUSH!> | Please! |
> > >> > > | Do Not Feed The |
> > >> > > > In case anyo | TROLL | Luke here is just
> > >> > > > another sock '------------Ooo--' l "Ari".
> > >> > > |__|__|
> > >> > > > Warm up your kill f || || starve it to death.
> > >> > > ooO Ooo
>
> > > Love the ASCII art. Consider it SWIPED! <G>
>
>
> I do, but that's not a JavE job there. I wrote a Python script and
> used my news client's hooks so that I can press a button, type the
> name of the "brand" I want to use, and it does all the formatting
> and quoting for me.
>
>
>
> ~~~~~~~~~~~~~~~~~~~~~
> This message was posted via one or more anonymous remailing services.
> The original sender is unknown. Any address shown in the From header
>
> - Show quoted text -
Then you jack off to pictures and watch reruns of The Geek Show,
whatalife smilies
Little Luke
hummingbird
On Fri, 4 Jul 2008 09:14:23 -0700 (PDT) 'Little Luke'
wrote this on alt.comp.freeware:
Sorry, I never hit such undisclosed links.
VanguardLH
> You're confused. AIOE certainly does include an NNTP-Posting-Host
> header in posts made through that service, and that header includes all
> the information needed to identify posters from the same IP address.
I saw:
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
Doesn't look like anything that would identify a particular poster.
However, based on your clue that this does identify the poster, I went
back to the list of message-IDs provided by Anonymous and sampled 5 of
them. While this header's value is not an IP address (or an IP name, or
both), it does seem to remain unique to an AIOE poster - but *only* to
an AIOE poster. Finding the encrypted value for the NNTP-Posting-Host
added by AIOE remains the same for a poster only further proves Brenda
is always posting through AIOE, something that I already conceded but
didn't find of value in equating her to Little Luke or Ari.
Okay, so this encrypted header remains the same for a poster through
AIOE. I already mentioned that it looked like Brenda was always posting
through AIOE. This header's value is not an IP address or IP name, so
how does that let me equate this AIOE poster to some other poster using
a *different* NNTP service that does show the IP address, like for
Little Luke's post through Comcast that show the IP address, or for a
*different* NNTP service that also uses their own uniquely generated
scrambled value in the NNTP-Posting-Host header? How do I convert
AIOE's encrypted NNTP-Posting-Host value to the IP address, IP name, or
scrambled value shown in this same header by *other* NSPs so I can see
the AIOE poster is the same as, say, a Comcast or Albasani poster?
> From headers have nothing to do with it beyond being a record of all the
> abusive nyms the troll has used.
Since the NNTP-Posting-Host didn't look, to me, to be useful because it
was encrypted and only really identified the poster to AIOE, and because
Anonymous didn't bother to say that it was this header he was using to
base his conclusion, I didn't go try tracking on this encrypted string.
If indeed it does remain consistent to a poster despite its encryption
then, yes, it is possible to track a poster using it but only for
posters using the *same* NNTP service.
The problem now becomes on how to search for posts where the value of
the NNTP-Posting-Host header has the same specified value. I don't keep
a personal archive of old posts. I don't waste time downloading all
really old posts since I won't be reading them. You can't search Google
Groups on the value of any header other than From and Message-ID. A
Google Groups search on "RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" only
turns up those posts where this string is in the body of the post, not
in the headers.
Based on the claim that Brenda is Ari [Silverstein], I search on Ari's
posts in this newsgroup. Ari posted through individual.net and those
posts have no NNTP-Posting-Host header. Ari posted through
highwinds-media.net (Cox) which does have that header but its value is
an IP address (and obviously they wouldn't generate the same encrypted
value for this header as does AIOE if Cox did use an encrypted value).
Ari posted through Albasani.net which adds an X-NNTP-Posting-Host header
but is encrypted and is unique to Albasani so it cannot be equated to
the encrypted value used by AIOE. I went back to posts where he used
"Ari Silverstein" as his moniker. One was him posting through
bellsouth.net but, alas, no NNTP-Posting-Host header.
Because all of Brenda's posts were through AIOE, and because an
encrypted value is used by AIOE in the NNTP-Posting-Host header (which
is, I assume, unique to AIOE since they generated the value), I would
have to find a post by Ari that went through AIOE to see his
NNTP-Posting-Host header matched on Brenda's. Got a post by Ari that
went through AIOE?
The scrambled value generated by AIOE for Brenda cannot be equated to
the scrambled value for Ari generated by Albasani or the IP address
shown by Cox (or to the IP address for Little Luke at Comcast). I'd
have to find a post by Ari that went through AIOE to see if his
NNTP-Posting-Host header's scrambled value matched up with Brenda's
posts that all go through AIOE.
> If you'd be so kind as to let go of your arrogance for just long enough
> to reread the very first sentence I typed in the message you just
> replied to, the 14 simple English words quoted above, you'll have your
> answer.
Anonymous shoved a bunch of data at me as though that would make me come
to whatever conclusion was based on this data. I could shove a handful
of sand in your face and say it was from the shores of the state of
Maine but that doesn't explain why that is so. Data is not truth.
Making a claim but being too lazy to prove it or explain your conclusion
means no one is going to bother accepting your claim.
> The tie is the fact that they all came from the same IP address. And a
> host lookup will show that it's from a pool of residential addresses.
Um, how do you convert the scrambled value in the NNTP-Posting-Host
header added by AIOE to equate it to:
- The scrambled value in the NNTP-Posting-Host header added by Albasani
for Ari's posts?
- The IP address shown in the NNTP-Posting-Host header added by Cox for
Ari's posts?
- The different IP address in the NNTP-Posting-Host header added by
Comcast for Little Luke's posts (and which was different that the IP
address for Ari)?
[X-]NNTP-Posting-Host header values:
Brenda via AIOE = RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
Ari via Albasani = VL3YzPDvYGUe7M36F4vAN7sKwEhNfo1N2r9HpS+i5s=
Ari via individual.net = <no header>
Ari via Highwinds/Cox = <some IP address> (can't find the post again)
Ari via bellsouth = <no header>
How do I convert the scrambled value to an IP address? How to I convert
the IP address to a scrambled value? Why would the scrambled value be
the same for different NSPs? If none of that is possible, where is a
post from Ari that went through AIOE?
> What "insight"? It doesn't take a rocket scientist to figure out what
> "NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" being 100%
> consistent throughout hundreds of posts means.
Please show a post by Ari that went through AIOE to show that unique
scrambled value added by AIOE. The Google Groups search on this value:
http://groups.google.com/groups?scoring=d&q=group:alt.comp.freeware+"RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org"
returns 4 results, none of which will have that string as a value of a
header (since Google Groups won't search there). Through which
newsgroups archive are you searching that lets you search on the value
of the NNTP-Posting-Host header - and which is also available to me - to
find all posts with that value in this header?
VanguardLH
Assuming that the *dynamic* IP address assigned to someone doesn't get
released after it has expired and they end up getting assigned a
different one, and one that was previously used by the "abuser". Even
broadband users occasionally end up with a different IP address when
they renegotiate their session. I have cable and am now on my 3rd
different IP address this year and the year is only half over. You
might renegotiate the IP lease with the DHCP server to get the same IP
address from their pool but there's no guarantee that you'll get the
same one. Dial-up users always get a different dynamic IP address in a
new session.
Since the scrambled value in AIOE's NNTP-Posting-Host header for Brenda
remained the same (in my sampling of the posts listed by Anonymous), she
probably has an always-on (broadband) connection. Ari is bouncing
between multiple NSPs, none of which that I could find were AIOE, so I
could not equate their scrambled mess with AIOE's scrambled mess or
equate their IP address to AIOE's scrambled mess. I'd have to see a
post by Ari that went through AIOE to see the scrambled mess in his
NNTP-Posting-Host header matched up with Brenda's who posts through
AIOE.
Or is there some way to descramble AIOE's NNTP-Posting-Host header to
determine the IP address of the poster so it could be matched up with
the descrambled or IP address in that header on other NSPs?
Google Groups searching won't look in but the From and Message-ID
headers. I cannot search on Brenda's value in the NNTP-Posting-Host
header to then go see who else is using that same value in their
NNTP-Posting-Header. How did you do a search to find everyone using the
same scrambled value from AIOE in the NNTP-Posting-Header? Did you
search your own local archive to search on a value in that header?
Since NNTP-Posting-Host is not included in the set of overview headers,
all posts would have to be downloaded to get at that header in each post
and that would probably consume all my monthly quota although I only
subscribe to text groups.
iNcReDuLoUs
> Since the scrambled value in AIOE's NNTP-Posting-Host header for Brenda
> remained the same (in my sampling of the posts listed by Anonymous), she
> probably has an always-on (broadband) connection. Ari is bouncing
> between multiple NSPs, none of which that I could find were AIOE, so I
> could not equate their scrambled mess with AIOE's scrambled mess or
> equate their IP address to AIOE's scrambled mess. I'd have to see a
> post by Ari that went through AIOE to see the scrambled mess in his
> NNTP-Posting-Host header matched up with Brenda's who posts through
> AIOE.
Fyi, and note the dates:
ari
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
MID: <g33ihp$vq2$1...@aioe.org>
http://preview.tinyurl.com/69ou5o
krazee brenda
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
MID: <g35djn$mvq$1...@aioe.org>
http://preview.tinyurl.com/5jtroq
ari
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
MID: <g35sjn$ehl$1...@aioe.org>
http://preview.tinyurl.com/5lpxjs
By the way:
NNTP-Posting-Host: 4EWbcYEJ25dHs/2NQA5EzA.user.aioe.org
http://preview.tinyurl.com/6mlrxm
http://preview.tinyurl.com/yuqmxk
http://preview.tinyurl.com/3dqtca
And finally:
http://preview.tinyurl.com/6pjt94
--
I lurk, therefore I am. If I post, I am iNcReDuLoUs.
hummingbird
On Fri, 4 Jul 2008 16:02:57 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
Not exactly sure what you mean above...
Afaik when a dynamic addy is released, it goes back into the pool
for reallocation within seconds/minutes (most UK ISPs do this).
But I have no info whether the IP addy involved is dynamic or not.
All I know is that it is the same one because the AIOE hash was
the same.
The chances of the same IP addy being assigned to different
posters on ACF is pretty slim. Add to that the content of the
posts were in exactly the same vein. That points to it being the
same person -or- same group of likeminded people following the
same agenda. But I never discount any possibility.
>Even
>broadband users occasionally end up with a different IP address when
>they renegotiate their session.
Not in my case. But I guess it does happen for people who have
dynamic addies. I have always on ADSL.
>I have cable and am now on my 3rd
>different IP address this year and the year is only half over. You
>might renegotiate the IP lease with the DHCP server to get the same IP
>address from their pool but there's no guarantee that you'll get the
>same one. Dial-up users always get a different dynamic IP address in a
>new session.
>
>Since the scrambled value in AIOE's NNTP-Posting-Host header for Brenda
>remained the same (in my sampling of the posts listed by Anonymous), she
>probably has an always-on (broadband) connection.
That's my guess too.
>Ari is bouncing
>between multiple NSPs, none of which that I could find were AIOE,
In another post, I gave you MIDs showing that Ari had used *the
same* AIOE hashed posting addy as Brenda and also a bunch of
other nyms. Therefore they all came from the same IP addy.
>so I
>could not equate their scrambled mess with AIOE's scrambled mess or
>equate their IP address to AIOE's scrambled mess. I'd have to see a
>post by Ari that went through AIOE to see the scrambled mess in his
>NNTP-Posting-Host header matched up with Brenda's who posts through
>AIOE.
See at another post of mine to you which I posted earlier today.
I listed the MIDs from Ari and all the others which came through
AIOE using the same IP addy.
>Or is there some way to descramble AIOE's NNTP-Posting-Host header to
>determine the IP address of the poster so it could be matched up with
>the descrambled or IP address in that header on other NSPs?
Well, the NSP here is AIOE and Paulo can obviously unscramble
the hash to ID the IP addy.
>Google Groups searching won't look in but the From and Message-ID
>headers. I cannot search on Brenda's value in the NNTP-Posting-Host
>header to then go see who else is using that same value in their
>NNTP-Posting-Header.
I can, and I did do that. I have a ACF messagebase of ~174,000
articles going back 12-18 months or more and I searched the whole
lot to produce the list I posted. The first post using that AIOE
posting host was a few months ago and quite a few since using
different nyms.
>How did you do a search to find everyone using the
>same scrambled value from AIOE in the NNTP-Posting-Header?
Agent global search on: NNTP-Posting-Host:
>Did you
>search your own local archive to search on a value in that header?
Yep.
>Since NNTP-Posting-Host is not included in the set of overview headers,
>all posts would have to be downloaded to get at that header in each post
>and that would probably consume all my monthly quota although I only
>subscribe to text groups.
Yep, see above, I have 174,000 messages on my system.
There are some gaps in it due to killfiles.
VanguardLH
Ah, thanks. That's what evidence I wanted to see. I noted in my other
post:
http://groups.google.com/group/alt.comp.freeware/msg/295dbf664a7d6a20
that I couldn't equate Ari's post on other NSPs using AIOE's scrambled
value in the NNTP-Posting-Host. So how do I search to find a particular
value for the NNTP-Posting-Host?
I had to find a post by Ari that went through AIOE to match up on the
NNTP-Post-Host header's value. I canot see a way to search Google
Groups to find past posts with a particular value in this particular
header. How did you find those old posts of Ari's that had this value
for that header?
I'd like to do the same analysis on Little Luke that Cyberiade claimed
is a sockpuppet for Ari aka Brenda aka Kazee but would need to find his
posts that also matched on the value of the NNTP-Posting-Host header.
I'd have to search on the "RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" value
in the NNTP-Posting-Host header to see if Little Luke ever posted
through AIOE and had that value in that header. It seems odd that Ari
would have a conversation with himself through the persona of Little
Luke, as in:
A Google Groups search in this newsgroup found 44 posts from Little Luke
but who posts through Google Groups from Comcast (IP = 76.101.10.138).
So I cannot equate their IP address to the scrambled value in AIOE's
NNTP-Posting-Host header.
VanguardLH
> On Thu, 03 Jul 2008 20:51:20 -0500 'Bear Bottoms'
> wrote this on alt.comp.freeware:
>
>>There is an abandoned freeware program called SpamAid (which I have a copy
>>of). It allows you to set a subject passcode and dumps those with out it
>>to the dustbin. Very easy to use, but a rather radical approach. I used to
>>use it a long time ago and I never ever got spam. You can also tell it to
>>just allow email from those in your contact list. Very easy to use and
>>does about the same thing.
>
> Magic Mail Monitor can do all that too.
> As you say, Subject password codes are a bit radical...
Magic is what I use rather than leave my e-mail client always running
(Outlook).
Outlook has the nasty behavior that it downloads an e-mail *before* it
exercises any rules against it. I don't want to waste the bandwidth and
disk space on e-mails that the rules are going to delete based solely on
their headers. Magic, like Outlook Express and other personal e-mail
clients, let you download just the headers and exercise your rules on
them, so you can delete from server without downloading the body.
Another defect of Outlook is that it will popup the progress window when
there is a mail session error although I've configured it to not show
the progress window. If there is an error, it shows the progress window
despite the configuration. I'm still using OL2002 (no bang-for-the-buck
for me to get OL2003/2007). Magic may also have mail session errors but
it doesn't popup to get in my way. With 144 mail sessions per day
(every 10 minutes), I could care less if a dozen, or two, spread out or
altogether in a day failed to handshake properly. So I use Magic
because it stays out the way and gives me the headers-only download with
delete-at-server rule.
My guess is that SpamAid might generate a new passcode for each
recipient so that a particular recipient must use a unique passcode to
get their e-mails past your filtering. That's okay but a bit more
excessive than my needs. I only need a single passcode because the
account has a specific use: only for e-mails initiated from newsgroups
discussions. Everyone there will see the passcode so I only need one
passcode. Changing it in the rule and signature is very easy should
someone decide to somehow get me spammed that includes the passcode in
the Subject (which is not very likely). I haven't looked at SpamAid yet
to see just what exactly it does.
VanguardLH
Another good e-mail monitor with rules (that support regex) is PopTray
except for one failing: it doesn't support SSL connects. It has a
module that you supposedly install to add SSL support but I never got it
working. SSL is demanded by Gmail to connect to those e-mail accounts.
Magic added SSL support in the latest version.
I'm using YahooPOPs to access my freebie Yahoo Mail accounts (through
Magic, Outlook, or any POP3 e-mail client). I remember trying FreePOPs
but had problems with it (can't remember them). What I recollect what
that FreePOPs was flaky (sometimes went unresponsive or continually
failed to establish a mail session) and that, at the time, it did not
support Windows Live Hotmail accounts (for either the classic or full
interface) and only the classic MSN Hotmail interface. Maybe the
Hotmail module has been updated since then.
I also have Hotmail accounts. Will FreePOPs still work with Hotmail
accounts whenever Microsoft decides to disable WebDAV support for the
free Hotmail accounts and switch to Deltasync? Does FreePOPs even use
WebDAV? Does FreePOPs work with the newer Windows Live Hotmail webmail
interface?
VanguardLH
> My guess is that SpamAid might generate a new passcode for each
> recipient so that a particular recipient must use a unique passcode to
> get their e-mails past your filtering. That's okay but a bit more
> excessive than my needs. I only need a single passcode because the
> account has a specific use: only for e-mails initiated from newsgroups
> discussions. Everyone there will see the passcode so I only need one
> passcode. Changing it in the rule and signature is very easy should
> someone decide to somehow get me spammed that includes the passcode in
> the Subject (which is not very likely). I haven't looked at SpamAid yet
> to see just what exactly it does.
Uh oh, an update after finding more about SpamAid. It is an add-on for
Outlook. Although I use Outlook, I don't want a client-side anti-spam
solution that is effective in only one e-mail client. That's why I use
SpamPal which runs as a local proxy to tag the suspect e-mails (and then
I decide via rules in whatever e-mail client that I choose to use as to
what to do with those tagged e-mails).
http://www.spamaid.com/
"SpamAid 4.0 is an easy-to-use Microsoft Outlook® add-on ..."
It mentions only using Bayesian filtering. That's only one method of
detecting spam - and should be the last or catch-all method. SpamPal
also has a Bayes add-on which I use. Some argue against using the
guessing scheme and some like it. I'm on the fence as it really hasn't
helped much but hasn't hurt much, either. The blacklists and other
schemes find all the spamso very little is left to leak past to get
caught by the Bayes filter. In SpamPal, you can option the Bayes
plug-in to learn from the other detection schemes; i.e., its database
will get update to reflect the good/bad e-mail decisions by the other
anti-spam schemes employed in SpamPal. This helps in updating your
local Bayes database.
As I recall, SpamBayes (at sourceforge.net), also a Bayes-only filter,
can run as both an Outlook plug-in and also as a local proxy. So you
could add it to just Outlook or you could have it available to any
e-mail client that you might use by using SpamBayes as a local proxy.
The add-in is probably easier to setup versus having to configure the
e-mail clients to connect to whatever is the listening port for the
proxy and encode the targeted mail host in one of the e-mail fields,
like the username field normally used for login. It is not that hard to
setup using the proxy but many users just want an install-and-go
solution (and then come to newsgroups asking why it isn't working).
For me, SpamAid is a bit too narrow as to what e-mail clients are
supported (just Outlook) and too narrow regarding what anti-spam schemes
it employs (just Bayes). They also mention non-English character set
blocking (but I do that with rules) and a whitelist (which can be done
in almost any e-mail client via rules, address books, or safe sender
lists).
I was thinking that SpamAid did something with passcodes since that was
this subthread's discussion but, nope, it just does Bayes filtering and
works only as an Outlook add-on.
iNcReDuLoUs
> I canot see a way to search Google Groups to find past posts with a
> particular value in this particular header. How did you find those
> old posts of Ari's that had this value for that header?
I searched a local acf archive.
> A Google Groups search in this newsgroup found 44 posts from Little
> Luke but who posts through Google Groups from Comcast (IP =
> 76.101.10.138). So I cannot equate their IP address to the scrambled
> value in AIOE's NNTP-Posting-Host header.
Note the dates:
NNTP-Posting-Host: 76.101.10.138 <-- December
http://preview.tinyurl.com/6rykmm
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org <-- December
http://preview.tinyurl.com/5q3x2u
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org <-- June
http://preview.tinyurl.com/6xgng5
NNTP-Posting-Host: 76.101.10.138 <--July
http://preview.tinyurl.com/56uhua
hummingbird
On 04 Jul 2008 21:54:33 GMT 'iNcReDuLoUs'
wrote this on alt.comp.freeware:
>VanguardLH <V...@nguard.LH> wrote:
>
>> Since the scrambled value in AIOE's NNTP-Posting-Host header for Brenda
>> remained the same (in my sampling of the posts listed by Anonymous), she
>> probably has an always-on (broadband) connection. Ari is bouncing
>> between multiple NSPs, none of which that I could find were AIOE, so I
>> could not equate their scrambled mess with AIOE's scrambled mess or
>> equate their IP address to AIOE's scrambled mess. I'd have to see a
>> post by Ari that went through AIOE to see the scrambled mess in his
>> NNTP-Posting-Host header matched up with Brenda's who posts through
>> AIOE.
>
>Fyi, and note the dates:
Hello weenie,
I thought for one awful moment you were posting about freeware.
No such luck.
However, this one is interesting, looks like Mystic Meg was spot
on providing you do so before year end:
>http://preview.tinyurl.com/3dqtca
"iNcReDuLoUs--will finally post something, anything that has to do
with FREEWARE. It will only have taken him seven years to achieve
this milestone."
--
"If The Big Boys Can Fake Nyms Why Not Us Weenies"
...iNcReDuLoUs, <alt.test> 17-Aug-2006
iNcReDuLoUs exposed as an Internet Stalker:
http://groups.google.co.uk/group/alt.comp.freeware/msg/7289956d4abbd325
hummingbird
On Fri, 4 Jul 2008 18:02:25 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
>hummingbird wrote:
Yes, FreePops is now working well in its very latest v2.7. Earlier
snags with hotmail were caused by Hotmail making endless changes
to their logon procedure. Cynics think that might have been
deliberate to force users to use a web browser, thereby getting
hit with commercial ad slime.
I use it for 6 Hotmail accounts, one Yahoo and one Libero plus
all my Pop3 accounts.
>I also have Hotmail accounts. Will FreePOPs still work with Hotmail
>accounts whenever Microsoft decides to disable WebDAV support for the
>free Hotmail accounts and switch to Deltasync?
Dunno what webdav is, so I haven't got a clue but whatever
changes, the F/P guys issue a new Hotmail.lua to sort it out.
>Does FreePOPs even use
>WebDAV? Does FreePOPs work with the newer Windows Live Hotmail webmail
>interface?
Live Hotmail = Yes.
hummingbird
On Fri, 4 Jul 2008 17:55:01 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
>hummingbird wrote:
I just think using passcodes for me is excessive. Currently, I
just download all the e-mail headers and scan down them using
the glorious Del key for those I don't want! Works well :-)
hummingbird
On Fri, 4 Jul 2008 17:46:18 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
>I'd like to do the same analysis on Little Luke that Cyberiade claimed
>is a sockpuppet for Ari aka Brenda aka Kazee but would need to find his
>posts that also matched on the value of the NNTP-Posting-Host header.
>I'd have to search on the "RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" value
>in the NNTP-Posting-Host header to see if Little Luke ever posted
>through AIOE and had that value in that header. It seems odd that Ari
>would have a conversation with himself through the persona of Little
>Luke, as in:
They could all be the same barmy person although I think it is
unlikely. It's more likely IMV that they're a small group who all
speak the same slang language and hang out together. The obtuse
posts between Ari and Luke earlier about flying is probably flight
simulator ... another one of the crew, Mxsmanic is into that.
>http://groups.google.com/group/alt.comp.freeware/tree/browse_frm/thread/1691f57bb49a2f58/c896a1b695853ea5
>
>A Google Groups search in this newsgroup found 44 posts from Little Luke
>but who posts through Google Groups from Comcast (IP = 76.101.10.138).
>So I cannot equate their IP address to the scrambled value in AIOE's
>NNTP-Posting-Host header.
No, but you have evidence that Luke has also used the AIOE
posting host. Right? So you know there's a close connection.
John Fitzsimons
>Bear Bottoms wrote:
< snip >
>> There is an abandoned freeware program
Doesn't look very "abandoned" to me ;
>> called SpamAid (which I have a copy
>> of). It allows you to set a subject passcode and dumps those with out it
>> to the dustbin. Very easy to use, but a rather radical approach. I used to
>> use it a long time ago and I never ever got spam. You can also tell it to
>> just allow email from those in your contact list. Very easy to use and
>> does about the same thing.
>Not sure why I need software to define a rule and add a comment in a
>signature.
Not sure why you would want a payware solution either. It doesn't look
like SpamAid was ever freeware.
Bear Bottoms
OMG...somebody pulled it out of the trashpile and is now selling it...of
course that doesn't sound like the SpamAid of old...it basically allowed
only your contacts or required a subject passcode...otherwise you never
saw it.
Nomen Nescio
>> >> What "insight"? It doesn't take a rocket scientist to figure out what
>> >> "NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org" being 100%
>> >> consistent throughout hundreds of posts means.
>
>Please show a post by Ari that went through AIOE to show that unique
>scrambled value added by AIOE.
You're either artfully ignorant, willfully blind or a lazy prick. Here's just one:
From - Mon Apr 07 17:37:02 2008
X-Mozilla-Status: 0001
X-Mozilla-Status2: 00000000
From: Ari <arisilv...@yahoo.com>
Newsgroups: alt.comp.freeware
Subject: Re: Why? Why? Why?
Date: Mon, 7 Apr 2008 14:47:09 -0400
Organization: Joose On The Loose
Lines: 28
Message-ID: <zz8v9v3gccme.1g...@40tude.net>
References: <4htwniwsf8w9.2...@40tude.net> <qfmdnbCZ8uDU2Wfa...@pipex.net> <b0WzoRAY...@nospam.demon.co.uk> <b9bb8a886ecae1ad...@localhost.127.0.0.1> <Rl$h8LA90...@nospam.demon.co.uk>
Reply-To: arisilv...@yahoo.com
NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
X-Complaints-To: ab...@aioe.org
Bytes: 1995
On Mon, 7 Apr 2008 18:43:25 +0100, Roger Hunt wrote:
> In article <b9bb8a886ecae1ad...@localhost.127.0.0.1>,
> hummingbird <hummi...@127.0.0.1> writes
>>On Mon, 7 Apr 2008 17:38:48 +0100 'Roger Hunt'
>>wrote this on alt.comp.freeware:
>>>In article <qfmdnbCZ8uDU2Wfa...@pipex.net>, John Stubbings
>>><anna.riceD...@virgin.net> writes
>>>>"Krazee Brenda" <brenda...@gmail.com> wrote in message
>>>>news:4htwniwsf8w9.2...@40tude.net...
>>>>>I want to be accepted, like my new friend, John Corliss, who loves me
>>>>> and respects me and doesn't call me a troll and responds to my posts and
>>>>> 'Bird who is very very nice to me and OH I ramble, sorry.
>>>>>
>>>>> I have so much mote to say but I have thus kat in my lap...
>>>>> --
>>>>Let's have a vote...
>>>>
>>>Yeah! KB for Mayor of London.
>>
>>Perhaps do a duo with Boris?
>>
> The Krazees - Boris and Brenda. They could not fail.
Excuse me.....
--
An Explanation Of The Need To Be "Anonymous"
http://www.penny-arcade.com/comic/2004/03/19
VanguardLH
> VanguardLH <V...@nguard.LH> wrote:
>
>> I canot see a way to search Google Groups to find past posts with a
>> particular value in this particular header. How did you find those
>> old posts of Ari's that had this value for that header?
>
> I searched a local acf archive.
I'll have to disable my rule to delete posts over a week old and then
reset the newsgroup to download all headers, so it could be awhile
depending on the retention actually exercised by Giganews. Headers
don't count against my monthly bandwidth quota.
(Oops, that won't help me. See 3rd to last paragraph.)
>> A Google Groups search in this newsgroup found 44 posts from Little
>> Luke but who posts through Google Groups from Comcast (IP =
>> 76.101.10.138). So I cannot equate their IP address to the scrambled
>> value in AIOE's NNTP-Posting-Host header.
Using Little Luke's IP address that he has now of 76.101.10.138:
> NNTP-Posting-Host: 76.101.10.138 <-- December
> http://preview.tinyurl.com/6rykmm
On Dec 23, 2007, Kazee Brenda was using Comcast and had an IP address of
76.101.10.138.
> NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org <-- December
> http://preview.tinyurl.com/5q3x2u
On Dec 24, 2007 (23 hours later), Kazee Brenda posts through AIOE. IP
address unknown. It might be 76.101.10.138.
> NNTP-Posting-Host: RgfXpB6aZYrDTuodi/Ad0w.user.aioe.org <-- June
> http://preview.tinyurl.com/6xgng5
On Jun 18, 2008 (just shy of 6 months later), Kazee Brenda posts through
AIOE and gets the same scrambled value for NNTP-Posting-Host as she got
6 months earlier. If this scrambled value includes the IP address, then
she has the same IP address as she had 6 months earlier, and that
*might* be 76.101.10.138.
> NNTP-Posting-Host: 76.101.10.138 <--July
> http://preview.tinyurl.com/56uhua
On July 1, 2008 (13 days later), Little Lukes posts through Comcast
using the IP address of 76.101.10.138.
Yes, there is indication that Little Luke is Brenda but in the US the
window for opportunity for the dynamic IP address to have changed in the
23 hours between Brenda's first 2 posts listed above and again the
window of opportunity for the change in dynamic IP address during the
13-day lapse so Little Luke could end up with it would support the
beyond a shadow of doubt requirement if this were in criminal court. It
might suffice in conciliatory court.
The first 2 cases provide a stronger case that Brenda was on Comcast and
using 76.101.10.138 at the time she started posting through AIOE and
thereafter. The 13-day lapse is just too big considering both are
highly likely to be using dynamic IP addresses.
Tightening up those endpoints (where Brenda went from posting through
Comcast and then through AIOE, and again where she last used AIOE and
then Luke posted with that IP address) would make the argument much
stronger. It's a good argument but not airtight. Moving Brenda's first
post to AIOE closer to when when she posted through Comcast, and moving
Luke's first post after the closest post from Brenda through AIOE would
tighten up the match between them.
I was thinking of downloading all the headers for this newsgroup (by
resetting my newsreader and downloading all headers again) except that
the NNTP-Posting-Host is not included in the overview headers for me
test against. I'm not going to download all the bodies to also get all
the other headers. One, there are over 300K messages in the newsgroups
and the download, including the bodies, would just take too long for me
to bother waiting. Two, although I moved away from OE to 40tude Dialog,
a huge number of posts within a newsgroup severely slows 40tude Dialog
to almost become unusable (and during the course of downloading or
exercising rules, it keeps saying that it has become unresponsive and
asks if I want to continue or abort, but continuing progresses no
further). So I'm not really going to build my own archive of old posts
that include the bodies of all posts (so all headers are available,
including the NNTP-Posting-Host header). It's not worth the effort to
find out for myself if Little Luke is Brenda beyond what you indicated
so far.
At this point, and only to monitor their posts in the future, I've added
a scoring rule to colorize any posts with that IP address and that
specific scrambled value from AIOE in the NNTP-Posting-Host header.
Then if I see the same-named poster switch from the IP address to the
scrambled AIOE value within an even shorter interval than noted above,
especially shorter than the 13-day lapse, then I'll have even more
evidence to support your claim.
This has been a very interesting subthread.
hummingbird
On Sat, 5 Jul 2008 01:56:28 -0500 'VanguardLH'
wrote this on alt.comp.freeware:
--snip--
VanguardLH,
I admire your efforts to dig out irrefutable evidence before
making allegations against these people; it's a pity others on ACF
don't do the same thing occasionally. For them, finding a single
matching header is enough to prove guilt! iNcReDuLoUs himself
is guilty of doing exactly that. Law of the jungle comes to mind.
However, you are trying to find irrefutable evidence that Brenda,
Ari, Mxsmanic and Luke and a whole list of other nyms are all the
same physical person. That is the essence of your investigations
AIUI.
There is much circumstantial evidence to point in that direction:
AIOE Posting-Host, IP Addresses, writing style, timing of posts,
bizarre content, constant nym-shifting etc etc.
However, I do not think you will find what you are looking for,
and you can't discount the possibility that headers are forged
as we saw during the sporge attacks. (btw: a similar thing is
now going on again on NSR).
The best you will find is that all these nyms post through the
same IP Address (assuming they aren't forged), and often thru
different servers. But that does not mean it's the same person,
only the same IP Addy.
As I said previously, IMHO they are probably 1-4 people using
a domestic LAN and all going out thru the same IP Addy. That
is what makes most sense to me. They could be friends sharing
the same home, visiting friends or neighbours. Take your pick.
HTH.
Franklin
>
> Google Groups searching won't look in but the From and Message-ID
> headers. I cannot search on Brenda's value in the
> NNTP-Posting-Host header to then go see who else is using that
> same value in their NNTP-Posting-Header. How did you do a search
> to find everyone using the same scrambled value from AIOE in the
> NNTP-Posting-Header? Did you search your own local archive to
> search on a value in that header? Since NNTP-Posting-Host is not
> included in the set of overview headers, all posts would have to
> be downloaded to get at that header in each post and that would
> probably consume all my monthly quota although I only subscribe to
> text groups.
Hello VanguardLH
You may not realize it from the somewhat coy way Hummingbird posts
but he is ACF's greatest stalker. Hummingbird actually goes so far
as to maintains a database of posts on his PC which he has described
here in the past. With this database he can search on fields which
Google does not usually bother with.
One reason Hummingbird searches his stalking database is to
antagonize other people or get even with those who have revealed his
sockpuppets. Another reason is to keep track of those sockpuppet
postings which can be remarkably abusive. There used to be large
numbers of his sockpuppets in ACF at any one time and Hummingbird
needed to take care he knew which was which. Interestingly he
carefully maintains a written style or the sockpuppets which are
consistently different to his normal written style.
'Incredulous' and others (including myself) have found several of
his sockpuppets and this has annoyed Hummingbird beyond all measure
to the point now where he will attacks these posters without warning
just because they revealed the duplicity of his complaints abut
others using a change of name yet all the while Hummingbird was
posting using the proxy server to change the headers to make his
hostility as covert as possible.
You can see an intemperate post from Hummingbird to Incredulous in
which Hummingbird refers to on of his own sockpuppets and one which
Incredulous has listed in the past, Mystic Meg.
I'm quite sure Hummingbird has a very different interpretation and
will seek to use every one of the k00k tricks he can muster to try
and denigrate the truth of what I have posted here. If you are not
sure who to believe then keep a close eye on Hummingbird and you
will see he demands one type of behavior from others while doing the
exact opposite himself.
Franklin
Little Luke
Three days later and geek shitheads are trying to prove that I am
Brenda, Ari, Jesus and or who else? I larf at these womenless gaybies.
Ari
> Based on the claim that Brenda is Ari [Silverstein], I search on Ari's
> posts in this newsgroup. Ari posted through individual.net and those
> posts have no NNTP-Posting-Host header. Ari posted through
> highwinds-media.net (Cox)
Bzzzzzzzzt, wrongo, now go suck the claspers of Nazi Shark.
Krazee Brenda
> Because all of Brenda's posts were through AIOE,
No they don't and no they didn't.
LiarWare
--
See Brenda's UniWorldWare
http://tinyurl.com/nm2yt
Ari
> Dial-up users always get a different dynamic IP address in a
> new session.
No they don't. Idiot.
Ari
> Since the scrambled value in AIOE's NNTP-Posting-Host header for Brenda
> remained the same (in my sampling of the posts listed by Anonymous), she
> probably has an always-on (broadband) connection
Bzzzzt, wrongo MoRon. Suck, claspers, hard. Repeat.
Ari
Unreal. It's unbelievable that anyone would waste valuable...there it
is, valuable, there time isn't. lol
Ari
> This particular troll was nailed right here in this group, by
> Hummingbird I believe. Or at least he got the ball rolling. An anonymous
> poster did the rest.
>
> The server that nailed him was AIOE, which hashes the IP or IP+password
> so every NNTP-Posting-Host is consistent. And the anonymous poster
> relayed an email flatly stating that the IP had been banned from that
> server.
Nope, it hasn't. Tuff shitties on you, SparkAss.
Nicodemus
@mid.individual.net:
> On Fri, 4 Jul 2008 15:46:29 -0500, VanguardLH wrote:
> You never did
>> Based on the claim that Brenda is Ari [Silverstein], I search on Ari's
>> posts in this newsgroup. Ari posted through individual.net and those
>> posts have no NNTP-Posting-Host header. Ari posted through
>> highwinds-media.net (Cox)
>
> Bzzzzzzzzt, wrongo, now go suck the claspers of Nazi Shark.
You never answered my question aRi, do have a religion?
** Posted from http://www.teranews.com **
Roger Hunt
<brenda...@gmail.com> writes
>On Fri, 4 Jul 2008 15:46:29 -0500, VanguardLH wrote:
>
>> Because all of Brenda's posts were through AIOE,
>
>No they don't and no they didn't.
>
>LiarWare
If you were using liarware you should say yes they do and yes they did.
Would you like a copy of Liarliarpantsonfire v2.0, which is bug-free?
(The author claims it is, but he might be lying.)
--
Roger Hunt
Krazee Brenda
>>> Because all of Brenda's posts were through AIOE,
>>
>>No they don't and no they didn't.
>>
>>LiarWare
>
> If you were using liarware you should say yes they do and yes they did.
>
> Would you like a copy of Liarliarpantsonfire v2.0, which is bug-free?
> (The author claims it is, but he might be lying.)
> --
> Roger Hunt
Thank you, Roger, yes would you send it to Ari's house? No, send it by
youSendIt, well, maybe it's really MeSendIt since you are..
<blink>
<blink>
GOTOHELLHUNT
Ari
I'm Joose. You?
Ari
> On Fri, 4 Jul 2008 09:14:23 -0700 (PDT) 'Little Luke'
> wrote this on alt.comp.freeware:
>
>>http://tinyurl.com/6jdbd4
>
> Sorry, I never hit such undisclosed links.
http://www.zenvironments.com/Illustration/puppeteer.jpg
There you go, Feathers. lol
hummingbird
> I might also add that during the sporge era (Sep/2007-Feb/2008)
> I was lurking on several other groups where it was being debated
> daily. 'Ari' was posting on a.p.a-s and getting a lot of stick.
>
> Afaik sci.crypt was the first group to get hit with sporge and
> received masses of it...much more than ACF. On one day alone
> it was hit with 20,000 sporge posts.
>
> I have no conclusive evidence of this but I had the strong feeling
> at the time that Ari was responsible for the sporge ...or at least
> involved in it. Given his big fall-out on sci.crypt over barcoding
> encryption and given his track record on ACF recently, that view
> remains.
>
> --
> "All truth passes through three stages.
> First, it is ridiculed, second it is violently opposed,
> and third, it is accepted as self-evident"
> (Arthur Schopenhauer)
I want to add that I now have conclusive evidence that Ari killed Jesus
Christ. It is as conclusive as the evidence above.
Bear Bottoms
> On Fri, 04 Jul 2008 09:27:48 +0100, hummingbird wrote:
>
>> I might also add that during the sporge era (Sep/2007-Feb/2008)
>> I was lurking on several other groups where it was being debated
>> daily. 'Ari' was posting on a.p.a-s and getting a lot of stick.
>>
>> Afaik sci.crypt was the first group to get hit with sporge and
>> received masses of it...much more than ACF. On one day alone
>> it was hit with 20,000 sporge posts.
>>
>> I have no conclusive evidence of this but I had the strong feeling
>> at the time that Ari was responsible for the sporge ...or at least
>> involved in it. Given his big fall-out on sci.crypt over barcoding
>> encryption and given his track record on ACF recently, that view
>> remains.
>>
>> --
>> "All truth passes through three stages.
>> First, it is ridiculed, second it is violently opposed,
>> and third, it is accepted as self-evident"
>> (Arthur Schopenhauer)
>
> I want to add that I now have conclusive evidence that Ari killed Jesus
> Christ. It is as conclusive as the evidence above.
Good job!
--
Bear Bottoms
website: http://bearware.com
hummingbird
On Thu, 10 Jul 2008 22:38:05 -0400
--snip rubbish--
......oooh there's nothng left.
--
Whilst Franklin and friends are busy forging and sporging on ACF and other
newsgroups, it's useful to know how to identify genuine posts from me.
1.genuine posts from the real hummingbird (me) contain a header EXACTLY thus:
X-Trace: individual.net iaL95HLEW93snMwF3sa7wgz39JzidDo0dpvDmWMC+23sFlRovK
Note:posts containing the same NIN hash code with a different X-xxx header
are cut/paste forgeries. eg:
X-Info-Trace: individual.net iaL95HLEW93snMwF3sa7wgz39JzidDo0dpvDmWMC+23sFlRovK
2.posts from the real hummingbird contain MIDs in the following format:
Message-ID: <g50vu9...@localhost.127.0.0.1>
NB:posts containing different format MIDs (eg xxx@astraweb) are forgeries.
There are some other major differences to the headers of genuine posts from me.
-hope that helps-