Open Response To Roarunner
Brian K. O'Neill
concerning a Usenet abuse issue.
I have been complaining to Roadrunner about a chronic Usenet spammer
AVS-Store.com for many months without any change in their activities. This
led me to create a "bitch list" to send reports to which included sending
them a fax of the complaint. This is my last complaint [Subject: Roadrunner
Still Ignores Spam Reports] ---
> Yet another Usenet spam run from the same customer.
> 1,750+ Usenet posts saying the same thing.
> Multiple complaints from me alone yet he is still spamming.
>
> How many complaints must be made before Roadrunner enforces their AUP?
>
> Sent via fax and to several other addresses at Roadrunner
> since ab...@rr.com is completely unresponsive to numerous complaints.
>
> The oh.* newsgroups are for things pertaining to Ohio.
> Not some schmuck in New York with a website.
>
> Check the Net Abuse FAQ on the subject here:
> http://www.cybernothing.org/faqs/net-abuse-faq.html#3.20
>
> This user is spamming every Usenet group he can.
> 1,750+ Usenet posts and counting despite numerous complaints
> thanks to Roadrunner's complete inaction! See his Usenet
> posting history here: http://snipurl.com/4ixg
>
> Even if the posts were on topic (which they're not)
> excessively cross-posting and multi-posting the same message
> is the very definition of spam! Kindly discipline your customer.
The spam is snipped, but can be found here:
Message-ID: <nm9kc.123388$M3.1...@twister.nyroc.rr.com>
I never received any response at all when I emailed just the Roadrunner
abuse address. Since I have started with the "bitch list," I have received
the following response two times:
> -----Original Message-----
> From: Road Runner Abuse ab...@rr.com
> Sent: Saturday, May 01, 2004 12:59 AM
> To: x
> Subject: Re: Roadrunner Still Ignores Spam Reports
>
> Hello,
>
> As stated in our autoresponder, "...although it is not always
> possible
> for us to provide a direct human response to your complaint, we do
> investigate *all* complaints. As such, please do not
> interpret a lack of response as a lack of action taken. If we
> find that a customer is in
> violation of our policies, we will take the necessary action
> to stop the activity in question."
>
> Road Runner is unable to release any specific customer information,
> including action taken against an account, without a court
> order. Please be aware the depending on the situation,
> actions can be up to and
> including account termination. Should you require specific
> information
> on where to send a court order, you may call the Road Runner Network
> Operations Center at 703-345-3416.
>
>
> Thank you for taking the time to contact Road Runner.
>
> - Road Runner Abuse [MW]
This is my response to them. I took the liberty of speaking for many of us.
> > please do not
> > interpret a lack of response as a lack of action taken
> Your inaction is not judged through your lack of personal responses.
>
> Your inaction is judged by the continued spamming of Roadrunner customers.
> Your inaction is judged by the failure to close open relays and proxies.
> Your inaction is judged by your inability to handle customers with
> compromised computers.
> Your inaction is judged by an internet community sick of Roadrunner's
> incompetence.
>
> Your inaction is judged by me because this is the second time you sent me
> this same response to my spam complaint for the same infraction from the
> same spamming customer.
>
> Your inaction is costing you your mail being delivered to many places who
> have blackholed your entire networks because of the above infractions.
>
> Your inaction is costing me as a customer, someone who once used
Roadrunner
> for his broadband needs and someone who could go back to Roadrunner. Your
> inaction also keeps me from using Time-Warner cable as well.
>
> I don't give a damn about a personal "response," and neither does the
great
> many responsible netizens who are sick of bearing the costs due to your
> incompetence, an incompetence that borders on arrogance when coupled with
> your overwhelming zeal to sign up even more customers when it is obvious
to
> all that you cannot handle abuse issues with the load you currently have.
>
> All we (TINW) give a damn about is that the spamming stops, the proxies
are
> closed, customers infected with malicious Trojans are shut down until they
> are educated about these issues and Roadrunner actually enforces their AUP
> in a timely manner. Communication with the victims of your incompetence
> would be nice, but really, as long as the abuse stops, nobody cares about
a
> "personal response" and I for one never asked for one.
>
> I asked for the spam to stop. It hasn't.
>
> That's what you are being judged for and all you will ever be judged for.
> And you are being judged as ignoring abuse reports.
> And that will remain until the spamming stops, the proxies are closed, and
> your customers are educated.
>
> And my spam reports will continue to be "shotgunned" to all of these
address
> and faxed to your corporate offices - and even more addresses and to more
> fax numbers if I find them - until these many problems are addressed.
I would hope that any movements for the UDP, nominations to blacklists or
the like would take note of this case in particular and Roadrunner's sorry
track record in general. This post is to add to the evidence of their
complete incompetence with regard to abuse issues.
Doug Jacobs
> This is not an exclusively Usenet issue though my response to Roadrunner is
> concerning a Usenet abuse issue.
I'm not sure what effect you hoped this would have.. This is nanaEMAIL,
not usenet. And we(TINW) already know about roadrunner's roguish behavior.
> I have been complaining to Roadrunner about a chronic Usenet spammer
> AVS-Store.com for many months without any change in their activities. This
> led me to create a "bitch list" to send reports to which included sending
> them a fax of the complaint. This is my last complaint [Subject: Roadrunner
> Still Ignores Spam Reports] ---
[snippo]
Roadrunner fails to act on complaints about viruses spewing from their
customers, which arguably makes them guilty of knowingly spreading viruses
- a federal offense. Yet RR does nothing.
Roadrunner's network is largely made up of zombies that spew spam, viruses
and other forms of abuse onto the internet. Yet RR does nothing.
At one point, RR was sending this huge stupid disclaimer about how their
mailservers had detected an infected message being sent by one of their
users, and how they deleted the virus. However, they then asked that YOU
contact the user about this problem because THEY weren't going to be
bothered.
I suspect that many on usenet are already aware of rr's problem, and are
already canceling said posts. You might do well to use such a server that
listens to those cancels.
Plasma
IP address: 24.95.159.70
Host name: mail.avs-store.com
Alias:
rrcs-nys-24-95-159-70.biz.rr.com
Why don't you just KillFile the return address or create a rule to
automatically delete "avs-store.com"?
"Brian K. O'Neill" <do...@spam.me> wrote in message
news:chslc.701$dd....@newssvr33.news.prodigy.com...
Scott Dorsey
>I think your complaint is about:
>IP address: 24.95.159.70
>Host name: mail.avs-store.com
>Alias:
>rrcs-nys-24-95-159-70.biz.rr.com
>
>Why don't you just KillFile the return address or create a rule to
>automatically delete "avs-store.com"?
We do better than that here. We just block ALL roadrunner traffic. If
the ISP is so incompetent as to allow this sort of thing to go on, I don't
want packets from them.
I can block this address... then later next week when they have another
spammer, I can block another one... then another one. It's a lot easier
just to block it all until they get their act together and fix their
massive spam problem.
--scott
--
"C'est un Nagra. C'est suisse, et tres, tres precis."
Lee Smallbone
<snip>
> I would hope that any movements for the UDP, nominations to blacklists or
> the like would take note of this case in particular and Roadrunner's sorry
> track record in general. This post is to add to the evidence of their
> complete incompetence with regard to abuse issues.
I'd sponsor a UDP for this (and may I suggest Comcast at the same
time?). Both networks are permabanned from exchanging ANY packets with
mine.
Lee.
Leythos
na...@spam-trap.net says...
I can only suggest that you are careful in your wide sweeping ban, there
are also business accounts on RR that are not infected/spammers - I know
of at least 60+ businesses in Ohio that use them for VPN connections
between their offices.
--
--
spamf...@rrohio.com
(Remove 999 to reply to me)
Jay Stuler
"Leythos" <vo...@nowhere.com> wrote in message
news:MPG.1b0092e4e...@news-server.columbus.rr.com...
I think he should be careful to include them.
RR stinks.
I say that as a RR customer.
Block me and everyone on RR, it's a worthless company.
Maybe if everyone blocked them, they would get off their asses and be a
decent netizen.
Spambo
> [snip]
>
> I can only suggest that you are careful in your wide sweeping ban, there
> are also business accounts on RR that are not infected/spammers - I know
> of at least 60+ businesses in Ohio that use them for VPN connections
> between their offices.
Maybe those businesses calling up RR and threatening to find a more
responsible providers, who aren't being blocked due to ineffective abuse
policies, is just what is needed to get the RR admins off their lazy
butts.
axlq in California
Leythos <vo...@nowhere.com> wrote:
>> I'd sponsor a UDP for this (and may I suggest Comcast at the same
>> time?). Both networks are permabanned from exchanging ANY packets with
>> mine.
>
>I can only suggest that you are careful in your wide sweeping ban, there
>are also business accounts on RR that are not infected/spammers - I know
>of at least 60+ businesses in Ohio that use them for VPN connections
>between their offices.
This is a UDP he's talking about, not an IDP. That's USENET Death
Penalty, not Internet Death Penalty. It will only affect those
customers who post articles on usenet, which is the point --
the bulk of usenet postings coming out of RoadRunner are likely
spam, and should be blocked. It won't interfere with business
communications or email, just RR's NNTP.
-A
-= Hawk =-
<usenetj...@yahoo.com> scribbled:
Nukez teh roadrunnah!!
http://s90011794.onlinehome.us/stuff/ntr.jpg
--
'What Profiteth It A Kingdom If The Oxen Be Deflated?'
Riddles II, v3
- T. Pratchett
-= Hawk =-
scribbled:
One problem is the admins that DO act are blathering incompetents.
The repeatedly accuse people of doing things they've not done. They
can't read headers, often DON'T read headers. I once reported another
RR user for spamming and the next day I got an email accusing ME
of doing the spamming including the headers with a completely different
IP from another region of RR entirely!
Tero Paananen
> I think your complaint is about:
> IP address: 24.95.159.70
> Host name: mail.avs-store.com
> Alias:
> rrcs-nys-24-95-159-70.biz.rr.com
>
> Why don't you just KillFile the return address or create a rule to
> automatically delete "avs-store.com"?
Because that's not the way you reduce spam. You reduce
spam by STOPPING the spam, not by hiding from it.
As a RoadRunner customer, I certainly wish the network
security and abuse staff at RoadRunner would start
DOING something about the rampant spam and virus/trojan
problem within RoadRunner. It's ridiculous, and WAY
worse than, for example, on cox.net (the broadband
provider I was using just a month and a half back).
-TPP
--
Q: "What do the FBI and convicted criminals have in common?"
A: "Both don't give a damn about the laws."
ArchieLeach
news:c76r1o$h23$1...@charm.magnus.acs.ohio-state.edu:
> I've been accused of spamming 5 times by RR. I have also been accused
> of having an insecure, infected, and otherwise Swiss cheese of a
> machine. Let's hypothetically suppose that RR is completely right.
> Then why am I still connected?
I can think of 45 reasons...
Steven M (remove cola to reply)
<usenetj...@yahoo.com> wrote:
>I've been accused of spamming 5 times by RR. I have also been accused of
>having an insecure, infected, and otherwise Swiss cheese of a machine.
>Let's hypothetically suppose that RR is completely right. Then why am I
>still connected?
Um ... because you're not a spammer and because your machine is not
infected?
I have been accused of spam three times by Road Runner. One time I
actually spoke to them, they explained their "system". They got a
complaint, traced my IP number, and sent me a warning. But they
wouldn't actually cut me off; nobody would actually do anything unless
they received more complaints, then at that time, a tech would look at
the complaints more closely and decide whether to do the cutoff.
In my case, the first one was a clumsy joe-job, the second was a
bitch-list recipient at Level 3 who reported my email as spam, and I
never found out what the third one was about.
My impression was that this region (Texas) believed that it was quick
to move against spammers and infected machines. However, other parts
of the company are not near as fast. These techs knew this and they
can't do much about it.
I explained that this is going to create problems because there is a
lot of abuse from those other networks, and that it sometimes causes
my email to get blocked.
--
Steve M - uns...@houston.rrdirt.com (remove dirt for reply)
"I do not feel obliged to believe that the same God who has endowed
us with sense, reason, and intellect has intended us to forgo
its use." -- Galileo
Rich Clark, aka The Left Reverend Egg Plant, ULC, CotSG
<chslc.701$dd....@newssvr33.news.prodigy.com>:
> This is not an exclusively Usenet issue though my response to Roadrunner
> is concerning a Usenet abuse issue.
>
So, tell us all, what the flying fuck does this have to do with
news.admin.net-abuse.EMAIL?? Note, there's a group called
news.admin.net-abuse.USENET, where this post would be much more
appropriate.
Rich
--
"Normally, supporting your company in public is a perfectly
respectable pastime, but when you're trying to build a house
of cards, the last thing you should do is blow hard and wave
your hands like a madman."
Rupert Goodwins, ZDNET UK, 4/22/2004, on SCO Group CEO Darl McBride
TINLC Unit #2309 - Death to all spammer accounts. - WWSB?
Buss Error
server.columbus.rr.com:
> I can only suggest that you are careful in your wide sweeping ban, there
> are also business accounts on RR that are not infected/spammers - I know
> of at least 60+ businesses in Ohio that use them for VPN connections
> between their offices.
Then those businesses will need to seek other connectivity if they need to
connect to networks that won't put up with a company that can't manage
their network. I am, quite frankly, FED UP! with RoachRunner and their
inabillity to deficate or evacuate the chamber.
I had to spend quite a bit of time Saturday and again Sunday freeing up
disk space on my web & mail servers because of RoachRunner virus infected
computers. I object to giving up my weekend to clean up a situation that
RoachRunner allowed to develop because their profits are more important
than properly managing their network.
I don't have a problem with RoachRunner making a profit, just to them
making a profit at my expense. They can fully fund managing their network,
or the can be blocked on mine.
Their choice.
--
"I got more room in iptables then they got ip allocations :)"
Some Bastard, NANAE - 2004.02.13
Agent_C
wrote:
>I'd sponsor a UDP for this
The RR news admins are so clueless, they may not even know one was in
force, or what to do about it.
A_C
Inigo Montoya
>This is not an exclusively Usenet issue though my response to Roadrunner is
>concerning a Usenet abuse issue.
>
>I have been complaining to Roadrunner about a chronic Usenet spammer
>AVS-Store.com for many months without any change in their activities.
Advanced Video Systems has been spamming for longer than months. Try more
than 5 years. I've got files on them going back to January of 1999. (They
were ADVANCEDVI...@prodigy.net back then.) They started using
advancedvideosystems.com by June of that year. They've also used hydef.com,
but that appears to be in the hands of a speculator now.
The first complaint to Road Runner about them was back in January of 2001.
Road Runner is going to do precisely dick about their pet spammer. I double
dog dare them to prove me wrong.
I say IDP them until at least the year 2030, and that's being generous.
--
My name is Inigo Montoya. You spammed my father. Prepare to die.
Everything I need to know about life, I learned from my cats.
- Morely Dotes
Inigo Montoya
>This is a UDP he's talking about, not an IDP. That's USENET Death
>Penalty, not Internet Death Penalty. It will only affect those
>customers who post articles on usenet, which is the point --
>the bulk of usenet postings coming out of RoadRunner are likely
>spam, and should be blocked. It won't interfere with business
>communications or email, just RR's NNTP.
Of course, if such businesses wanted reliable connectivity they'd get the
hell off RR anyway.
Never anonymous Bud
(Inigo Montoya) scribbled:
>>I have been complaining to Roadrunner about a chronic Usenet spammer
>>AVS-Store.com for many months without any change in their activities.
>
>Advanced Video Systems has been spamming for longer than months. Try more
>than 5 years. I've got files on them going back to January of 1999. (They
>were ADVANCEDVI...@prodigy.net back then.) They started using
>advancedvideosystems.com by June of that year.
Domain Name: ADVANCEDVIDEOSYSTEMS.COM
Registrar: NETWORK SOLUTIONS, INC.
Whois Server: whois.networksolutions.com
Referral URL: http://www.networksolutions.com
Name Server: NS1.BIZ.RR.COM
Name Server: NS2.BIZ.RR.COM
Status: ACTIVE
Updated Date: 28-mar-2002
Creation Date: 20-mar-1998
Expiration Date: 19-mar-2005
To reply by email, remove the XYZ.
Lumber Cartel (tinlc) #2063. Spam this account at your own risk.
This sig censored by the Office of Home and Land Insecurity....
Leythos
buss_...@yahoo.com says...
> I had to spend quite a bit of time Saturday and again Sunday freeing up
> disk space on my web & mail servers because of RoachRunner virus infected
> computers.
I have a number of web and email servers on a RR connection and I'm not
sure about the web server part - what could they do that caused you to
use Web space? As for email, are you not using a RBL or at least
something like Symantec SBE with Exchange Filter (there are non-ms
filters out there). We get about 2500 spams a day and filter over 99.9%
of them without a problem. I'm still unsure about your web problem, what
happened?
Leythos
Inigo....@The.Princess.Bride says...
> Of course, if such businesses wanted reliable connectivity they'd get the
> hell off RR anyway.
5 years with only 1 instance of down time, over 3mbps down (even during
peak hours, 1.5mpbs up (even during peak) and under $250/month. Sounds
reliable to me.
Uncle StoatWarbler
>> I'd sponsor a UDP for this (and may I suggest Comcast at the same
>> time?). Both networks are permabanned from exchanging ANY packets with
>> mine.
>
> I can only suggest that you are careful in your wide sweeping ban, there
> are also business accounts on RR that are not infected/spammers
So? Unless RR/COmcats feel the pain of accounts being closed they won't
take any action.
> - I know
> of at least 60+ businesses in Ohio that use them for VPN connections
> between their offices.
Oh dear, how sad, sucks to be them.
Uncle StoatWarbler
>> Of course, if such businesses wanted reliable connectivity they'd get the
>> hell off RR anyway.
>
> 5 years with only 1 instance of down time, over 3mbps down (even during
> peak hours, 1.5mpbs up (even during peak) and under $250/month. Sounds
> reliable to me.
So being widely firewalled is reliable connectivity?
There is far more to reliability than how often your signal's carrier goes
down.
Leythos
alanb+...@google5.manawatu.net.nz says...
You said "reliable connectivity" and the connectivity is reliable for
Business Class customers. In all of the time I've been on RR I've only
found two instances where our email server was blocked - and it was due
to a problem with our domain name which we changed.
Services that block ALL connections from an ISP are just lame, it's very
easy to tell what IP they come from and block those IP. Most of the RR
Biz plans include a fixed IP range for the duration of the contract. On
the other hand, blocking from a DHCP group is very advisable as it
limits the chance of getting mail from infected users computers.
McWebber
>
> Services that block ALL connections from an ISP are just lame, it's very
> easy to tell what IP they come from and block those IP. Most of the RR
> Biz plans include a fixed IP range for the duration of the contract. On
> the other hand, blocking from a DHCP group is very advisable as it
> limits the chance of getting mail from infected users computers.
>
By the time you block the IP the damage is done. It's why my sendmail access
file contains listings such as:
dsl.akrnoh.ameritech.net REJECT
dsl.applwi.ameritech.net REJECT
dsl.bcvloh.ameritech.net REJECT
dsl.clevoh.ameritech.net REJECT
dsl.chmpil.ameritech.net REJECT
dsl.chcgil.ameritech.net REJECT
dsl.covlil.ameritech.net REJECT
dsl.dytnoh.ameritech.net REJECT
etc.
I'm sure there are legit users in there but the thousands to one signal to
noise from those makes it too much trouble. If, however, those users get
proper rDNS so their IP doesn't resolve to dsl.foo.bar then they won't get
blocked by me.
--
McWebber
"Richter points to the lack of legal action against his company as proof
that he's operating appropriately."
Information Week, November 10, 2003
Steven M (remove cola to reply)
(Inigo Montoya) wrote:
>axlq in California wrote:
>
>>This is a UDP he's talking about, not an IDP. That's USENET Death
>>Penalty, not Internet Death Penalty. It will only affect those
>>customers who post articles on usenet, which is the point --
>>the bulk of usenet postings coming out of RoadRunner are likely
>>spam, and should be blocked. It won't interfere with business
>>communications or email, just RR's NNTP.
>
>Of course, if such businesses wanted reliable connectivity they'd get the
>hell off RR anyway.
I run my small business at home, with a RR personal account. I also
use a third party email provider and web site.
My connectivity is great. *EXCEPT* for:
(a) writing to some NANAE regulars.
(b) complaining to certain ISP's about the spam that they send, and
they respond with brain-dead message about relaying.
Wm James
Filtering? It's more simple and to the point to just block the whole
thing and let roadrunner explain it to their users. They are getting
paid for it, after all. And they aren't sharing their profits with
their victims. Why should everyone else on the internet work extra to
insure the service provided by roadrunner when roadrunner doesn't care
and doesn't pay everyone to do that work?
William R. James
nurfuer
John Oliver
And that's just this month!
--
* John Oliver http://www.john-oliver.net/ *
* California gun owners - protect your rights and join the CRPA today! *
* http://www.crpa.org/ Free 3 month trial membership available *
* San Diego shooters come to http://groups.yahoo.com/group/sdshooting/ *
Norman L. DeForest
On Mon, 3 May 2004, Doug Jacobs wrote:
[snip]
> Roadrunner fails to act on complaints about viruses spewing from their
> customers, which arguably makes them guilty of knowingly spreading viruses
> - a federal offense. Yet RR does nothing.
>
> Roadrunner's network is largely made up of zombies that spew spam, viruses
> and other forms of abuse onto the internet. Yet RR does nothing.
>
> At one point, RR was sending this huge stupid disclaimer about how their
> mailservers had detected an infected message being sent by one of their
> users, and how they deleted the virus. However, they then asked that YOU
> contact the user about this problem because THEY weren't going to be
> bothered.
"At one point"? They are *still* doing that. The first of two received
yesterday:
: From [snip]@ec.rr.com Mon May 3 01:16:38 2004
: Received: from lich.chebucto.ns.Ca ([192.75.95.79]:60397 "EHLO
: lich.chebucto.ns.ca") by halifax.chebucto.ns.ca with ESMTP
: id S122245AbUECEO2 (ORCPT <rfc822;af...@chebucto.ns.ca>);
: Mon, 3 May 2004 01:14:28 -0300
: Received: from ms-smtp-04-lbl.southeast.rr.com ([24.25.9.103]:27366 "EHLO
: ms-smtp-04-eri0.southeast.rr.com") by lich.chebucto.ns.ca with ESMTP
: id <S423236AbUECEOZ>; Mon, 3 May 2004 01:14:25 -0300
: Received: from esrseasw (ilm74-237-134.ec.rr.com [24.74.237.134])
: by ms-smtp-04-eri0.southeast.rr.com (8.12.10/8.12.7) with SMTP id i434ApC8004499;
: Mon, 3 May 2004 00:10:51 -0400 (EDT)
: Date: Mon, 3 May 2004 00:10:51 -0400 (EDT)
: Message-Id: <200405030410....@ms-smtp-04-eri0.southeast.rr.com>
: FROM: "MS Security Bulletin" <nnhsot...@updates.microsoft.net>
: TO: "Commercial Partner" <qvl...@updates.microsoft.net>
: SUBJECT: Current Net Patch
: X-ID: 177381531721
: Mime-Version: 1.0
: Content-Type: multipart/mixed; boundary="ifirqgufgpkxkw"
: X-Virus-Scanned: Symantec AntiVirus Scan Engine
: X-Virus-Scan-Result: Repaired 34162 W32.Swen.A@mm
: Return-Path: <[snip]@ec.rr.com>
:
[snip boundary dividers]
:
: ALERT!
:
: This e-mail, in its original form, contained one or more attached files that were infected with a virus, worm, or other type of security threat. This e-mail was sent from a Road Runner IP address. As part of our continuing initiative to stop the spread of
: malicious viruses, Road Runner scans all outbound e-mail attachments. If a virus, worm, or other security threat is found, Road Runner cleans or deletes the infected attachments as necessary, but continues to send the original message content to the recipient. Further information on this initiative can be found at http://help.rr.com/faqs/e_mgsp.html.
: Please be advised that Road Runner does not contact the original sender of the e-mail as part of the scanning process. Road Runner recommends that if the sender is known to you, you contact them directly and advise them of their issue. If you do not know
: the sender, we advise you to forward this message in its entirety (including full headers) to the Road Runner Abuse Department, at ab...@rr.com.
:
[snip Swen]
How can the sender be known to me when I *know* the worm forges the
sender? Even if (or especially if) the "From:" header contains the
address of a correspondent of mine, I still don't know who the actual
sender is because the worm forges the "From:" address to someone else's
address.
--
Norman De Forest http://www.chebucto.ns.ca/~af380/Profile.html
af...@chebucto.ns.ca [=||=] (A Speech Friendly Site)
"One suspects that by now even *Nigerians* have Nigeria blacklisted ;)."
-- Jim Seymour on 419 scams, news.admin.net-abuse.email, Tue, Nov 19, 2002
Spam Reporter
> > This is not an exclusively Usenet issue though my response to Roadrunner
> > is concerning a Usenet abuse issue.
> So, tell us all, what the flying fuck does this have to do with
> news.admin.net-abuse.EMAIL?? Note, there's a group called
> news.admin.net-abuse.USENET, where this post would be much more
> appropriate.
The open letter calls Roadrunner out on *all* of their well-documented
abuse including their army opf Zombified machines spewing spam and
viruses that never get shut down and proxies that spam gets sent
through that never get closed.
Even what you posted says it all: A Usenet incident initiated the
letter but the letter addresses all of Roadrunner's cluelessness, much
of which includes email... Or do I have to go EMAIL like you did?
Godwin Stewart
-0300:
> How can the sender be known to me when I *know* the worm forges the
> sender? Even if (or especially if) the "From:" header contains the
> address of a correspondent of mine, I still don't know who the actual
> sender is because the worm forges the "From:" address to someone else's
> address.
Actually, SWEN is one of the rare exceptions IIRC. The "From:" header *is*
the sender in this case.
--
G. Stewart -- Remove digits and punctuation from my username
---------------------------------------------------------------
Stupidity is NOT a handicap. Park elsewhere!
Inigo Montoya
>Services that block ALL connections from an ISP are just lame, it's very
>easy to tell what IP they come from and block those IP.
Block by single IP? Are you insane or just inexperienced?
As McWebber said, closing the barn door after the horses are gone does
little. Road Runner has repeatedly demonstrated that they don't give a damn
about abuse coming from their network. Competent sysadmins have the
responsibility to protect themselves and their users from incompetent ones.
If RR becomes responsible, then I'm fairly confident most of the blocks will
be lifted.
Inigo Montoya
>I run my small business at home, with a RR personal account. I also
>use a third party email provider and web site.
>
>My connectivity is great. *EXCEPT* for:
>
>(a) writing to some NANAE regulars.
>(b) complaining to certain ISP's about the spam that they send, and
>they respond with brain-dead message about relaying.
Can I assume that you use RR's servers for outbound mail? Without that,
there's no There there.
About what percentage of outgoing mail would you say is blocked?
Inigo Montoya
>So? Unless RR/COmcats feel the pain of accounts being closed they won't
>take any action.
I think you're mixing up your Borgs. Road Runner is a Time Warner entity.
(Think of the bird from the Warner Bros Looney Tunes.) TCI/AT&T/Comcastoffs
was @Home, wasn't it?
Steven M (remove cola to reply)
(Inigo Montoya) wrote:
>Steven M (remove cola to reply) wrote:
>
>>I run my small business at home, with a RR personal account. I also
>>use a third party email provider and web site.
>>
>>My connectivity is great. *EXCEPT* for:
>>
>>(a) writing to some NANAE regulars.
>>(b) complaining to certain ISP's about the spam that they send, and
>>they respond with brain-dead message about relaying.
>
>Can I assume that you use RR's servers for outbound mail? Without that,
>there's no There there.
I have a third party email provider for my business. I mostly use it
to send to customers, and it has never been blocked by any of them.
It was only blocked once, by a college in Canada, that wouldn't take
an abuse report any way I tried to send it.
>About what percentage of outgoing mail would you say is blocked?
I have only written to 6-8 NANAE regulars in the past year, and most
of those blocked me because of RR. I'm not complaining, they have
their reasons.
As for rejecting LARTS, it happens something like one time in 15-20,
or 5-7%? Very rough figure. Those especially piss me off, because
they are the systems that sent me spam or hosted a spammer's site.
Other than the above, I can only remember a couple of instances where
my email was blocked this year. The last one was because of SpamCop,
it only lasted a few hours, and I haven't kept track of any other
blocked emails.
Steven M (remove cola to reply)
(Inigo Montoya) wrote:
>Uncle StoatWarbler wrote:
>
>>So? Unless RR/COmcats feel the pain of accounts being closed they won't
>>take any action.
>
>I think you're mixing up your Borgs. Road Runner is a Time Warner entity.
>(Think of the bird from the Warner Bros Looney Tunes.) TCI/AT&T/Comcastoffs
>was @Home, wasn't it?
The Borgs are already mixed up, it's not just the dear readers:
http://zdnet.com.com/2110-1103_2-5204677.html
Time Warner, Comcast complete cable shuffle
By Jim Hu
CNET News.com
May 3, 2004, 11:13 AM PT
Time Warner Cable and Comcast on Monday closed a previously announced
deal to restructure their joint ownership of cable systems in Kansas
City, Mo., and Texas. As agreed last December, the two systems will be
merged, and each company will own half of the combined entity. Time
Warner Cable will manage the combined system.
http://zdnet.com.com/2100-1104-5112405.html?tag=nl
Time Warner, Comcast restructure cable deals
By Jim Hu
CNET News.com
December 1, 2003, 3:41 PM PT
Time Warner and Comcast on Monday restructured ownership terms for a
pair of cable systems jointly owned by both companies.
The companies agreed to merge their joint venture cable systems in
Kansas City, Mo., and Texas into one centrally run business for the
next two years. Both companies will own 50 percent of the combined
cable network, and Time Warner Cable will continue to run the
business' daily operations.
...
Now that issues regarding these joint ventures have been temporarily
resolved, Time Warner is expected to try to unravel Comcast's 21
percent ownership of Time Warner Cable, according to public
statements.
Inigo Montoya
>I have a third party email provider for my business. I mostly use it
>to send to customers, and it has never been blocked by any of them.
>It was only blocked once, by a college in Canada, that wouldn't take
>an abuse report any way I tried to send it.
What this tells me is that the server that you're using for web and email
isn't blocking your IP. It doesn't sound like you have any idea what kind
of connectivity you have as far as your RR account itself is concerned,
based on very little data. Regardless, this is probably a good move.
Leythos
Inigo....@The.Princess.Bride says...
> Leythos wrote:
>
> >Services that block ALL connections from an ISP are just lame, it's very
> >easy to tell what IP they come from and block those IP.
>
> Block by single IP? Are you insane or just inexperienced?
>
> As McWebber said, closing the barn door after the horses are gone does
> little. Road Runner has repeatedly demonstrated that they don't give a damn
> about abuse coming from their network. Competent sysadmins have the
> responsibility to protect themselves and their users from incompetent ones.
> If RR becomes responsible, then I'm fairly confident most of the blocks will
> be lifted.
Actually, I've found that if you block an ISP's DHCP addresses and then
block the few ones on their Biz service that are spammers that you can
still work with the reputable ones without problem. There are some nice
RBL lists that work on almost all DHCP addresses for the major ISP's,
and the few biz customers that spam are easy to handle too.
McWebber
Some time back RR sent me what they said were their DHCP IP blocks and a
list of valid SMTP IP blocks. Only problem was they changed things. A DNSBL
I had given a copy of this supposedly official list found they got
complaints down the road from RR that they were blocking legit traffic. RR
called Comcast and told them I was posting proprietary data and got Comcast
to remove the file from my web space even though they didn't ask me not to
post it and sent it to me with zero restrictions.
I haven't been able to get a response from them recently to get a new list.
Buss Error
news:MPG.1b01439eb...@news-server.columbus.rr.com:
> In article <Xns94DEDD95452C4bu...@130.133.1.4>,
> buss_...@yahoo.com says...
>> I had to spend quite a bit of time Saturday and again Sunday freeing
>> up disk space on my web & mail servers because of RoachRunner virus
>> infected computers.
>
> I have a number of web and email servers on a RR connection and I'm
> not sure about the web server part - what could they do that caused
> you to use Web space?
Fill the web server logs with crap from infected dsl/cable users. 5,000
of them doing it all at the same time is vexing.
>As for email, are you not using a RBL or at
> least something like Symantec SBE with Exchange Filter (there are
> non-ms filters out there).
I use 7 different RBLs. I don't use those products, but I do use
something. However, I also have to archive all email.
> We get about 2500 spams a day and filter
> over 99.9% of them without a problem. I'm still unsure about your web
> problem, what happened?
>
My spam and virus loads are an orders of magnitude higher than that.
Sadly, my filter rates on spam are not that good[1]. However, after
looking at Symantec's product, I don't think it will scale for my
installation in a way that I can get funded for. While I won't say that I
don't think their product will scale to my needs, I do have reservations.
I do have time scheduled to build a pool of boxes to throw four times our
expected email traffic at the Symantec solution for testing. I am working
out the details with the sales clot.
[1] Mainly because I don't have any resources to allocate to fixing
the situation. If I wanted to spend my off time doing it, I could, but
frankly, the management team has squandered my loyality in that area.
They pay for 8 hours, they get 8 hours plus service down emergencies. Not
extra work that should be done during normal hours.
--
"I got more room in iptables then they got ip allocations :)"
Some Bastard, NANAE - 2004.02.13
Leythos
buss_...@yahoo.com says...
> >As for email, are you not using a RBL or at
> > least something like Symantec SBE with Exchange Filter (there are
> > non-ms filters out there).
>
> I use 7 different RBLs. I don't use those products, but I do use
> something. However, I also have to archive all email.
ORFilter, while not providing AV, does provide a lot of features for
other email server platforms. I used it before switching to NAV SBE and
was getting about 95% accuracy.
What mail app are you running if you don't mind my asking?
Thanks,
Mark
Inigo Montoya
>Actually, I've found that if you block an ISP's DHCP addresses and then
>block the few ones on their Biz service that are spammers that you can
>still work with the reputable ones without problem.
A) Why do you want to do all that work?
B) How can you be sure what you're blocking
C) That doesn't help the "human shields" that blackhats use
Most importantly,
D) There's no incentive for the blackhat to change. If there's a sh!thead
of a provider that's causing me grief, I have no problems in blocking all of
it. If a legitimate customer wants to get to something I control, they have
to stop aiding and abetting the abusing organization. Collateral damage is
intentional. Yes I realize that's extreme and yes I realize that not
everyone can do that. I wish more would though.
Leythos
Inigo....@The.Princess.Bride says...
> Most importantly,
> D) There's no incentive for the blackhat to change. If there's a sh!thead
> of a provider that's causing me grief, I have no problems in blocking all of
> it. If a legitimate customer wants to get to something I control, they have
> to stop aiding and abetting the abusing organization. Collateral damage is
> intentional. Yes I realize that's extreme and yes I realize that not
> everyone can do that. I wish more would though.
Not everyone has a choice when it comes to an ISP, in fact, most only
have a choice of 1 cable provider or DSL and DSL is iffy at best. A T1
is going to cost more than most people can afford, so we're back to what
can people afford and who can provide it.
If your only source of food was the democratic party would you still buy
from them? You don't have much choice, hate their ways, don't want to
support them, but you have to have their food.
Same for RR. In many cases, esp in my hick town, we only had RR for a
long time, DSL is out - to far, T1 is about $1500/month, RR Biz 3/1.5 is
only $212....
NormanM
vo...@nowhere.com says...
I am not sure that I understand why your problem should be anybody else's
concern. Of course, I don't provide a mail service, myself; I run my MTA so
that I can exercise better control over the incoming email, instead of
relying on SBC Global. My problem is wanton neglect by certain providers,
allowing their users to abuse my email addresses. So, by running my own MTA,
I can implement what one idiot calls, "Lazy, Draconian measures" to limit
the spam I get. I do block wide ranges of APNIC, all of LACNIC, and some
smaller U.S. entities from which I have received only spam. Whatever works
for me.
I understand that you may be in business, and probably don't spam, but I
won't be a door mat to spammers for your sake.
--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint
NormanM
vo...@nowhere.com says...
> In article <Xns94DEDD95452C4bu...@130.133.1.4>,
> buss_...@yahoo.com says...
> > I had to spend quite a bit of time Saturday and again Sunday freeing up
> > disk space on my web & mail servers because of RoachRunner virus infected
> > computers.
> I have a number of web and email servers on a RR connection and I'm not
> sure about the web server part - what could they do that caused you to
> use Web space? As for email, are you not using a RBL or at least
> something like Symantec SBE with Exchange Filter (there are non-ms
> filters out there). We get about 2500 spams a day and filter over 99.9%
> of them without a problem. I'm still unsure about your web problem, what
> happened?
I assume he is referring to the disk space taken up by spam and viral
messages sent to his mail servers; possibly mail and web services are on the
same HDD? RBLs are often reactive, thus not listing all possible sources. I
have seen the same thing on my MTA; occasional spam from a source not in
RBLs. And filters need time to tweak and train to handle "leakers". RBLs and
filters require time and effort on the recipient's end to be maintained;
time and effort incurred at the recipient's expense because Road Runner
doesn't want to put out the money from their end.
If filtering works for you, if you are willing to do the job the sending
network should be doing, fine. But you shouldn't complain about the means
that other people use to manage the problem from their end. If it is cheaper
to just dump the whole of Road Runner IP space into a hard block, that is
their choice. You will just have to live with their choice.
Leythos
tur...@blackhole.aosake.net says...
> I understand that you may be in business, and probably don't spam, but I
> won't be a door mat to spammers for your sake.
I thought this was just a discussion, I was not advocating that you
change your practices, just talking about methods and effects.
Leythos
tur...@blackhole.aosake.net says...
> If filtering works for you, if you are willing to do the job the sending
> network should be doing, fine.
I didn't see it as doing anyone's just but my own - spam is a problem
for everyone and it consumes a lot of time for many companies that still
must interact with COMCAST, AOL, RR, etc... members. In many cases,
blocking would be great, but there are a lot of businesses in those
networks that don't spam and are valid sources of revenue that one may
be working with.
> But you shouldn't complain about the means
> that other people use to manage the problem from their end.
I didn't think it was a complaint, I was asking questions, wondering,
and discussing it, not complaining.
Erik McDarby
>
> Roadrunner fails to act on complaints about viruses spewing from their
> customers, which arguably makes them guilty of knowingly spreading viruses
> - a federal offense. Yet RR does nothing.
>
> Roadrunner's network is largely made up of zombies that spew spam, viruses
> and other forms of abuse onto the internet. Yet RR does nothing.
>
> At one point, RR was sending this huge stupid disclaimer about how their
> mailservers had detected an infected message being sent by one of their
> users, and how they deleted the virus. However, they then asked that YOU
> contact the user about this problem because THEY weren't going to be
> bothered.
>
> already canceling said posts. You might do well to use such a server that
> listens to those cancels.
Oh crud, and I just sent a number of complaints to ab...@rr.com about
viral posts to a usenet newsgroup. I am already considering sending
out cancels for those viral garbage posts as well.
--
Erik McDarby
Erik McDarby
> Plasma <m...@privacy.net> wrote:
> >I think your complaint is about:
> >IP address: 24.95.159.70
> >Host name: mail.avs-store.com
> >Alias:
> >rrcs-nys-24-95-159-70.biz.rr.com
> >
> >Why don't you just KillFile the return address or create a rule to
> >automatically delete "avs-store.com"?
>
> We do better than that here. We just block ALL roadrunner traffic. If
> the ISP is so incompetent as to allow this sort of thing to go on, I don't
> want packets from them.
>
> I can block this address... then later next week when they have another
> spammer, I can block another one... then another one. It's a lot easier
> just to block it all until they get their act together and fix their
> massive spam problem.
> --scott
And while at it, you can call for a UDP on news.rr.com
--
Erik McDarby
Erik McDarby
> "Brian K. O'Neill" <do...@spam.me> wrote in message news:<chslc.701$dd....@newssvr33.news.prodigy.com>...
>
> <snip>
>
> > I would hope that any movements for the UDP, nominations to blacklists or
> > the like would take note of this case in particular and Roadrunner's sorry
> > track record in general. This post is to add to the evidence of their
> > complete incompetence with regard to abuse issues.
>
> I'd sponsor a UDP for this (and may I suggest Comcast at the same
> time?). Both networks are permabanned from exchanging ANY packets with
> mine.
Speaking of which, I sent a complaint about a usenet abuse to Comcast
and have gotten this in response.
From: <abuse-...@comcast.net>
To: mcd...@presidency.com
Subject: Re: (News Abuse) Fw: Hot Blonde and Horny
Date: Fri, 7 May 2004 23:41:14 +0000
This is an automated reply to the submission of your network abuse
incident.
Please take time to read it carefully because it provides insight to
your
reported incident and future submissions to the Comcast Network Abuse
Team.
First, we would like to thank you for bringing this matter to our
attention.
We take network abuse very seriously within the Comcast domain and we
apologize for any inconvenience this has caused you. Due to the large
number
of complaints we receive, we may not be able to respond to you again
regarding this incident. However, Comcast investigates each reported
incident of Abuse and we will take all appropriate action to warn,
suspend,
and/or terminate a subscriber that has violated Comcast's Acceptable
Use
Policy or Terms of Service. To view our Acceptable Use Policy, please
click
on the Terms of Service link at www.comcast.net and then click on the
link
for the Acceptable Use Policy.
Second, when reporting a network abuse incident to the Network Abuse
Team
you must follow the submission guidelines below to expedite the
investigation process. If you fail to follow these guidelines your
request
may not be processed or a delay may occur. We process these requests
on a
First-In-First-Out basis; prioritized by the level of network abuse a
customer is experiencing. Also, please do not submit more then one
request
per network abuse incident. This will ensure that each occurrence is
addressed in the most efficient manner possible.
Network Abuse Submission Guidelines
1.Provide a brief, general description of the network abuse incident.
2.Include all logs or information relevant to the incident, ensure the
logs
your submitting contain:
a.Date of incident
b.Time of incident and time zone
c.Source Internet protocol (IP) address or host name
d.Destination IP address or host name
e.Destination port
3.For e-mail abuse i.e. Spam, include full-unmodified header
information and
content of the email. Header information is a requirement for
reporting
e-mail abuse. Without the header information, the Abuse Team cannot
determine the true originator of the e-mail and no action will be
taken. If
you are unsure how to extract a full-unmodified header, please visit
http://spamcop.net/fom-serve/cache/19.html for instructions to support
your
mail client.
4.For alleged off topic (non-spam) or commercial Usenet postings, we
also
need full un-modified headers of the Usenet posting including the body
of
the offending message. If you are unsure how to view the
full-unmodified
headers of the Usenet post, consult the help section of your
newsreader
software or your news provider.
In closing, Comcast cannot investigate an incident of network abuse
without
the information requested above. Also, Comcast only investigates
incidents
of network abuse regarding Comcast subscribers. Non-subscribers should
be
reported to their appropriate ISP for network abuse resolution. Please
be
advised that Comcast does not disclose personally identifiable
information
about our subscribers except as may be required or permitted by law or
authorized by our subscribers. As a result, information pertaining to
particular subscriber(s) or specific actions taken in regard to Abuse
complaints may not be disclosed. However, Comcast is committed to
identifying alleged offenders and taking all appropriate action to
ensure
compliance with our Acceptable Use Policy and other Terms of Service.
Sincerely,
The Comcast Network Abuse and Observance Team
-= Hawk =-
scribbled:
Like anyone's going to pay attention to cancels from
a KotM winner, Erik.
--
'What Profiteth It A Kingdom If The Oxen Be Deflated?'
Riddles II, v3
- T. Pratchett
-= Hawk =-
scribbled:
>na...@spam-trap.net (Lee Smallbone) wrote in message news:<33a0cd5f.04050...@posting.google.com>...
>> "Brian K. O'Neill" <do...@spam.me> wrote in message news:<chslc.701$dd....@newssvr33.news.prodigy.com>...
>>
>> <snip>
>>
>> > I would hope that any movements for the UDP, nominations to blacklists or
>> > the like would take note of this case in particular and Roadrunner's sorry
>> > track record in general. This post is to add to the evidence of their
>> > complete incompetence with regard to abuse issues.
>>
>> I'd sponsor a UDP for this (and may I suggest Comcast at the same
>> time?). Both networks are permabanned from exchanging ANY packets with
>> mine.
>
>Speaking of which, I sent a complaint about a usenet abuse to Comcast
>and have gotten this in response.
You got an auto-ack, so what? Is anyone supposed to be impressed that
their automated response system responded? Crawl back in your fur suit,
Erik, this stuff's beyond you.
--
Inigo Montoya
>Not everyone has a choice when it comes to an ISP, in fact, most only
>have a choice of 1 cable provider or DSL and DSL is iffy at best. A T1
>is going to cost more than most people can afford, so we're back to what
>can people afford and who can provide it.
Cable and DSL aren't the only choices, though you're limited to what is
available in your area.
>If your only source of food was the democratic party would you still buy
>from them? You don't have much choice, hate their ways, don't want to
>support them, but you have to have their food.
First, see above.
Second, food is essential to living. Internet isn't.
If you really want to get around RR's incompetence, you could always pay a
little to an outside company that isn't blocked to hell and back. How much
you pay depends on how much mail you'd send.
Norman L. DeForest
On Fri, 7 May 2004, NormanM wrote:
> In article <MPG.1b01439eb...@news-server.columbus.rr.com>,
> vo...@nowhere.com says...
>
> > In article <Xns94DEDD95452C4bu...@130.133.1.4>,
> > buss_...@yahoo.com says...
>
> > > I had to spend quite a bit of time Saturday and again Sunday freeing up
> > > disk space on my web & mail servers because of RoachRunner virus infected
> > > computers.
>
> > I have a number of web and email servers on a RR connection and I'm not
> > sure about the web server part - what could they do that caused you to
> > use Web space? As for email, are you not using a RBL or at least
> > something like Symantec SBE with Exchange Filter (there are non-ms
> > filters out there). We get about 2500 spams a day and filter over 99.9%
> > of them without a problem. I'm still unsure about your web problem, what
> > happened?
>
> I assume he is referring to the disk space taken up by spam and viral
> messages sent to his mail servers; possibly mail and web services are on the
> same HDD? [...]
[snip]
You forget web-server logs. Some worms use horrendously-long URLs in an
attempt to exploit buffer overflows and other IIS bugs (non applicable
here but the worms still try). The "accesses by file" reports here are
very interesting at times. From one days report comes one line reporting
13 instances of:
13 /default.ida?XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX
XXXXXXXXXXXXXXXXXXXX%u9090%u6858%ucbd3%u7801%u9090%u6858%ucbd3%u7801%u9090%
u6858%ucbd3%u7801%u9090%u9090%u8190%u00c3%u0003%u8b00%u531b%u53ff%u0078%u00
00%u00=a
which is a fairly short one compared to 13 instances of the truncated (and
abbreviated here for space):
13 /\x90\x02\xb1[snip 1074 more instances of "\x02\xb1"]\x90[snip
6030 more instances of "\x90"]\x90"
(that's 32734 bytes, not counting the count and spaces at the beginning
of the line) not to mention the 7 or 8 instances each of:
8 /scripts/root.exe?
8 /d/winnt
8 /c/winnt
8 /MSADC/root.exe?
7 /scripts/..À%af..
7 /scripts/..À
7 /scripts/..\..
7 /scripts/..%c1%9c..
7 /scripts/..%c1%1c..
7 /scripts/..%%35c..
7 /scripts/..
7 /msadc/..\..
7 /_vti_bin/..\..
7 /_mem_bin/..\..
The multitude of logged attempts to send through a non-existant
FormMail.pl (or FormMail.cgi or FormMail.psp or Formmail.pl or various
other capitalisations) or Mail.(pl|cgi|psp) don't help things either.
Buss Error
news:MPG.1b05613ca...@news.sf.sbcglobal.net:
> I assume he is referring to the disk space taken up by spam and viral
> messages sent to his mail servers; possibly mail and web services are
> on the same HDD?
Not even on the same server, let alone mount point. It's just that there is
so much of it.
Lee Drake
"Erik McDarby" <mcd...@presidency.com> wrote in message
news:842a28e7.0405...@posting.google.com...
> na...@spam-trap.net (Lee Smallbone) wrote in message
news:<33a0cd5f.04050...@posting.google.com>...
> > "Brian K. O'Neill" <do...@spam.me> wrote in message
news:<chslc.701$dd....@newssvr33.news.prodigy.com>...
> >
> > <snip>
> >
> > > I would hope that any movements for the UDP, nominations to blacklists
or
> > > the like would take note of this case in particular and Roadrunner's
sorry
> > > track record in general. This post is to add to the evidence of their
> > > complete incompetence with regard to abuse issues.
> >
> > I'd sponsor a UDP for this (and may I suggest Comcast at the same
> > time?). Both networks are permabanned from exchanging ANY packets with
> > mine.
>
> Speaking of which, I sent a complaint about a usenet abuse to Comcast
> and have gotten this in response.
Comcast won't help you - I've sent numerous abuse complaints about some
joker on their net that has klez and keeps sending me the same damn virus
over and over and they do nothing. ISP's don't give a crap about it any
more and make no effort to fix something that's definitely fixable at their
end.
-= Hawk =-
<veryse...@SPAMhotmail.com> scribbled:
In Erik's case his abuse complaints are notoriously frivolous. Just
mention 'Brunswick Stew' and he'll go crying to your provider that
you're an enemy of rabbits and shouldn't be allowed to access the net.
Postman delivers
Erik,
RoadRunner just needs to be taken off the map, until corporate will get the
right staff in the right place to get their service clean up - that is my
opinion... They do not understand they need to stop the spammers when spam
complaints are justified...
JR the postman
the man who knew too much
speaking of roachrunner, does anyone here have a complete list of their
class c ip addresses.
--
It's a shame Linux has such difficulty running some of the more popular
Windows applications: Nimda, CodeRed, Klez, WPA, Swen, SoBig, ILOVEYOU,
MyDoom, Witty, Netsky, sober, Mimail, Dumaru......
Windows was created to keep idiots away from Unix.
Postman delivers
"Brian K. O'Neill" <do...@spam.me> wrote in message
news:chslc.701$dd....@newssvr33.news.prodigy.com...
is
> concerning a Usenet abuse issue.
>
> I have been complaining to Roadrunner about a chronic Usenet spammer
> AVS-Store.com for many months without any change in their activities.
This
> led me to create a "bitch list" to send reports to which included sending
> them a fax of the complaint. This is my last complaint [Subject:
Roadrunner
> Still Ignores Spam Reports] ---
>
> > Yet another Usenet spam run from the same customer.
> > 1,750+ Usenet posts saying the same thing.
> > Multiple complaints from me alone yet he is still spamming.
> >
> > How many complaints must be made before Roadrunner enforces their AUP?
> >
> > Sent via fax and to several other addresses at Roadrunner
> > since ab...@rr.com is completely unresponsive to numerous complaints.
> >
> > The oh.* newsgroups are for things pertaining to Ohio.
> > Not some schmuck in New York with a website.
> >
> > Check the Net Abuse FAQ on the subject here:
> > http://www.cybernothing.org/faqs/net-abuse-faq.html#3.20
> >
> > This user is spamming every Usenet group he can.
> > 1,750+ Usenet posts and counting despite numerous complaints
> > thanks to Roadrunner's complete inaction! See his Usenet
> > posting history here: http://snipurl.com/4ixg
> >
> > Even if the posts were on topic (which they're not)
> > excessively cross-posting and multi-posting the same message
> > is the very definition of spam! Kindly discipline your customer.
>
> The spam is snipped, but can be found here:
> Message-ID: <nm9kc.123388$M3.1...@twister.nyroc.rr.com>
>
> I never received any response at all when I emailed just the Roadrunner
> abuse address. Since I have started with the "bitch list," I have
received
> the following response two times:
>
> > -----Original Message-----
> > From: Road Runner Abuse ab...@rr.com
> > Sent: Saturday, May 01, 2004 12:59 AM
> > To: x
> > Subject: Re: Roadrunner Still Ignores Spam Reports
> >
> > Hello,
> >
> > As stated in our autoresponder, "...although it is not always
> > possible
> > for us to provide a direct human response to your complaint, we do
> > investigate *all* complaints. As such, please do not
> > interpret a lack of response as a lack of action taken. If we
> > find that a customer is in
> > violation of our policies, we will take the necessary action
> > to stop the activity in question."
> >
> > Road Runner is unable to release any specific customer information,
> > including action taken against an account, without a court
> > order. Please be aware the depending on the situation,
> > actions can be up to and
> > including account termination. Should you require specific
> > information
> > on where to send a court order, you may call the Road Runner Network
> > Operations Center at 703-345-3416.
> >
> >
> > Thank you for taking the time to contact Road Runner.
> >
> > - Road Runner Abuse [MW]
>
> This is my response to them. I took the liberty of speaking for many of
us.
>
> > > please do not
> > > interpret a lack of response as a lack of action taken
>
> > Your inaction is not judged through your lack of personal responses.
> >
> > Your inaction is judged by the continued spamming of Roadrunner
customers.
> > Your inaction is judged by the failure to close open relays and proxies.
> > Your inaction is judged by your inability to handle customers with
> > compromised computers.
> > Your inaction is judged by an internet community sick of Roadrunner's
> > incompetence.
> >
> > Your inaction is judged by me because this is the second time you sent
me
> > this same response to my spam complaint for the same infraction from the
> > same spamming customer.
> >
> > Your inaction is costing you your mail being delivered to many places
who
> > have blackholed your entire networks because of the above infractions.
> >
> > Your inaction is costing me as a customer, someone who once used
> Roadrunner
> > for his broadband needs and someone who could go back to Roadrunner.
Your
> > inaction also keeps me from using Time-Warner cable as well.
> >
> > I don't give a damn about a personal "response," and neither does the
> great
> > many responsible netizens who are sick of bearing the costs due to your
> > incompetence, an incompetence that borders on arrogance when coupled
with
> > your overwhelming zeal to sign up even more customers when it is obvious
> to
> > all that you cannot handle abuse issues with the load you currently
have.
> >
> > All we (TINW) give a damn about is that the spamming stops, the proxies
> are
> > closed, customers infected with malicious Trojans are shut down until
they
> > are educated about these issues and Roadrunner actually enforces their
AUP
> > in a timely manner. Communication with the victims of your incompetence
> > would be nice, but really, as long as the abuse stops, nobody cares
about
> a
> > "personal response" and I for one never asked for one.
> >
> > I asked for the spam to stop. It hasn't.
> >
> > That's what you are being judged for and all you will ever be judged
for.
> > And you are being judged as ignoring abuse reports.
> > And that will remain until the spamming stops, the proxies are closed,
and
> > your customers are educated.
> >
> > And my spam reports will continue to be "shotgunned" to all of these
> address
> > and faxed to your corporate offices - and even more addresses and to
more
> > fax numbers if I find them - until these many problems are addressed.
>
> I would hope that any movements for the UDP, nominations to blacklists or
> the like would take note of this case in particular and Roadrunner's sorry
> track record in general. This post is to add to the evidence of their
> complete incompetence with regard to abuse issues.
>
>
A ponzi fraud spam that appears to be from their service again
today............. posted to many newsgroups today
----- Original Newsgroups Spam Header From RR.com -----
Path:
newsspool1.news.atl.earthlink.net!stamper.news.atl.earthlink.net!elnk-atl-nf
1!newsfeed.earthlink.net!border2.nntp.ash.giganews.com!border1.nntp.ash.giga
news.com!border2.nntp.sjc.giganews.com!nntp.giganews.com!cyclone.austin.rr.c
om!fe1.texas.rr.com.POSTED!not-for-mail
From: "T W" <pphe...@satx.rr.com>
Subject: Make Money with PayPal !!!!!!!
Newsgroups: alt.binaries.photos.nude-art
Sender: T W <pphe...@satx.rr.com>
X-Priority: 3
X-Library: Indy 9.00.03-B
Lines: 120
Message-ID: <%8Dnc.74099$NR5....@fe1.texas.rr.com>
Date: Mon, 10 May 2004 04:02:03 GMT
NNTP-Posting-Host: 24.160.152.185
X-Complaints-To: ab...@rr.com
X-Trace: fe1.texas.rr.com 1084161723 24.160.152.185 (Sun, 09 May 2004
23:02:03 CDT)
NNTP-Posting-Date: Sun, 09 May 2004 23:02:03 CDT
Organization: Road Runner High Speed Online http://www.rr.com
Xref: news.earthlink.net alt.binaries.photos.nude-art:332575
X-Received-Date: Sun, 09 May 2004 21:02:07 PDT
(newsspool1.news.atl.earthlink.net)
----- Original Message -----
From: "T W" <pphe...@satx.rr.com>
Newsgroups: alt.binaries.photos.nude-art
Sent: Sunday, May 09, 2004 9:02 PM
Subject: Make Money with PayPal !!!!!!!
Etaoin Shrdlu
> In Erik's case his abuse complaints are notoriously frivolous. Just
> mention 'Brunswick Stew' and he'll go crying to your provider that
> you're an enemy of rabbits and shouldn't be allowed to access the net.
Oh, okay.
Brunswick stew.
And when my mother wants to see me go to her place, she only has to say
that she's cooking rabbit...
--
Last time someone listened to a (burning) bush,
folks wandered about the desert for 40 years.
My little NANAE hangout - http://www.spamreaper.org/etaoin
Erik McDarby
> Le 08 May 2004, -= Hawk =- <Ha...@Spam-Me-Not.cfl.rr.com> a écrit :
>
> > In Erik's case his abuse complaints are notoriously frivolous. Just
> > mention 'Brunswick Stew' and he'll go crying to your provider that
> > you're an enemy of rabbits and shouldn't be allowed to access the net.
Apparently, you don't know what I am reporting to ISP Abuse
Departments you stupid fuck. Also, you're the one that a notorious
frivolous and with a side of stupidity because you are getting
involved with a thread that has to do with a UDP against your ISP.
According to sources, your IP is 24.165.246.161 and that is a Class C
RR IP. And since it is listed in rr.blackholes.us as (24.165 rr),
there is the chance that someone that is not even me may use a cancel
bot to blackhole all your usenet posts. I am also not the one behind
the UDP against RR, that is the work of Brian K. O'Neill and thanks to
an AVS-Store.com spammer that RR's Abuse Apartment doesn't give a damn
about along with other spam complaints. All of that is at the begining
of this thread located here on Google.
Oh, and before I forget, they are calling your ISP, RoachRunner, now
as they have changed the name of the ISP due to all the spammers and
viral on it. If there is someone that is KotM material, it would be
that AVS-Store.com spammer for getting you and your ISP on the way of
being LARTed off of usenet.
> Oh, okay.
>
> Brunswick stew.
>
> And when my mother wants to see me go to her place, she only has to say
> that she's cooking rabbit...
*Rolls Eyes* Oh, shut up, you. You don't even know what you are saying
let alone know who you are responding to.
--
Erik McDarby