30 days with PSI, the habitual Spamhaus (or: CFD UDP PSI)
Lysander Spooner
This document is a quick compilation and analysis of the daily "Top
100" spam reports from the Newsguy Spam Hippo. For full details see
the newsgroup news.admin.net-abuse.bulletins or the website
http://www.spamhippo.com.
The dates given in these entries refer to the date on which the report
was posted. Each report summarizes the spam totals of the previous
day. The range of dates covered is 26-Sept-1998 to 25-Oct-1998.
INTRODUCTION
The history of Usenet abuse and PSI goes something like this:
-=-=-
PSI customers trash Usenet
PSI does nothing (except cash the spammers' checks....)
Despammers threaten to impose a Usenet Death Penalty
PSI disables their Abuse department's access to the Quake server
The PSI abuse-droids do the _bare minimum_ of TOS enforcement
necessary to avoid the UDP; spam stats drop slightly
PSI makes a public statement lying about their anti-spam resolve
PSI makes foolish legal threats regarding the UDP they just dodged
Consensus for UDP doesn't materialize; Despammers move on to other
problems
PSI restores Quake access to Abuse dept.
PSI customers resume trashing Usenet; PSI resumes cashing checks
Repeat until disgusted.
-=-=-
This cycle must STOP!
Sections 1 & 2 below document the present (unacceptable) level of
abuse, and IMO justify the strongest of responses against PSI.
I hereby call for discussion on the following:
-=-=-
~ Proposed ~
that a "Five-day UDP Notice" be issued to PSI as soon as possible,
with the UDP to take place unless there is a _drastic_ decrease in
spam-output (from the pubxfer server -and- epecially the PSI POPs), as
well as a public commitment to _keep_ the problem under control
that in light of past performance, we should place PSI on an automatic
6-month "Double-Secret-Probation" should they avoid the UDP once again
that during this probationary period, if the abuse rises to anywhere
-near- the current levels (for three consecutive days, or for a total
of any three days in a ten day period,) the full active UDP will
begin immediately -- no discussion, no warning, no appeal.
-=-=-
Suggestions regarding specific criteria are solicited.
On with the evidence...
PART ONE -- The Server
This is the less serious of the two problems, so let's cover it first.
>Date Rank Server Total Spam %Spam
>
>9/26/98 15 pubxfer.news.psi.net 4,138 3,153 76.00
>9/27/98 33 pubxfer.news.psi.net 1,649 1,159 70.00
>9/28/98 35 pubxfer.news.psi.net 896 896 100.00
>9/29/98 8 pubxfer.news.psi.net 3,768 3,340 89.00
>9/30/98 9 pubxfer.news.psi.net 6,646 5,330 80.00
>10/1/98 11 pubxfer.news.psi.net 5,986 3,662 61.00
>10/2/98 11 pubxfer.news.psi.net 4,174 3,198 77.00
>10/3/98 30 pubxfer.news.psi.net 1,946 1,128 58.00
>10/4/98 2 pubxfer.news.psi.net 9,941 7,788 78.00
>10/5/98 35 pubxfer.news.psi.net 922 858 93.00
>10/6/98 11 pubxfer.news.psi.net 4,203 2,960 70.00
>10/7/98 11 pubxfer.news.psi.net 3,323 2,460 74.00
>10/8/98 5 pubxfer.news.psi.net 8,468 5,554 66.00
>10/9/98 10 pubxfer.news.psi.net 3,338 2,704 81.00
>10/10/98 2 pubxfer.news.psi.net 7,634 5,429 71.00
>10/11/98 3 pubxfer.news.psi.net 5,659 5,303 94.00
>10/12/98 5 pubxfer.news.psi.net 5,571 5,571 100.00
>10/13/98 5 pubxfer.news.psi.net 4,885 3,657 75.00
>10/14/98 3 pubxfer.news.psi.net 6,161 4,901 80.00
>10/15/98 17 pubxfer.news.psi.net 3,227 1,829 57.00
>10/16/98 5 pubxfer.news.psi.net 6,041 5,023 83.00
>10/17/98 23 pubxfer.news.psi.net 3,343 1,537 46.00
>10/18/98 8 pubxfer.news.psi.net 3,922 3,564 91.00
>10/19/98 6 pubxfer.news.psi.net 4,909 4,180 85.00
>10/20/98 3 pubxfer.news.psi.net 6,201 5,337 86.00
>10/22/98 2 pubxfer.news.psi.net 18,282 16,018 88.00
>10/23/98 13 pubxfer.news.psi.net 4,280 2,488 58.00
>10/24/98 7 pubxfer.news.psi.net 5,460 3,879 71.00
>10/25/98 2 pubxfer.news.psi.net 9,283 9,283 100.00
>
>Avg Rank 11
>Total Articles 154,256
>Total Spam 122,189
>Avg %Spam 79.21
Roughly 80% spam from their own server.
Disgraceful. This justifies a UDP all by itself, and as I said, it's
by far the lesser of their problems.
PART TWO -- The Posting Hosts
Here's where the real damage is coming from -- the pub-ip dial-up
POPs. I've broken down the entries by geographic region, and added
an indication of the location to all the numeric address host IDs.
A - Fort Worth / Dallas Texas
>Date Rank Posting Host Total Spam %Spam
>
>9/27/98 20 38.11.197.0 (Ft. Worth, TX) 1,456 1,456 100.00
>9/30/98 28 38.11.197.0 (Ft. Worth, TX) 1,128 1,128 100.00
>10/10/98 22 38.11.197.0 (Ft. Worth, TX) 1,157 1,157 100.00
>10/11/98 15 38.11.197.0 (Ft. Worth, TX) 1,486 1,486 100.00
>10/12/98 15 38.11.197.0 (Ft. Worth, TX) 1,684 1,684 100.00
>10/13/98 17 38.11.197.0 (Ft. Worth, TX) 948 948 100.00
>10/14/98 2 38.11.197.0 (Ft. Worth, TX) 3,103 3,103 100.00
>10/16/98 27 38.11.197.0 (Ft. Worth, TX) 924 924 100.00
>10/17/98 15 38.11.197.0 (Ft. Worth, TX) 1,666 1,666 100.00
>10/18/98 14 38.11.197.0 (Ft. Worth, TX) 1,446 1,446 100.00
>10/20/98 7 38.11.197.0 (Ft. Worth, TX) 2,665 2,665 100.00
>10/22/98 6 38.11.197.0 (Ft. Worth, TX) 3,794 3,794 100.00
>10/23/98 6 38.11.197.0 (Ft. Worth, TX) 2,730 2,730 100.00
>10/25/98 10 38.11.197.0 (Ft. Worth, TX) 2,941 2,941 100.00
>9/26/98 42 38.27.164.0 (Dallas, TX) 587 587 100.00
>9/27/98 86 38.27.164.0 (Dallas, TX) 276 276 100.00
>9/30/98 86 38.27.164.0 (Dallas, TX) 297 297 100.00
>10/2/98 26 38.27.164.0 (Dallas, TX) 843 843 100.00
>9/26/98 21 fort-worth.tx.pub-ip.psi.net 1,599 1,416 89.00
>9/27/98 2 fort-worth.tx.pub-ip.psi.net 7,041 7,041 100.00
>9/28/98 18 fort-worth.tx.pub-ip.psi.net 1,632 1,598 98.00
>9/29/98 55 fort-worth.tx.pub-ip.psi.net 477 464 97.00
>9/30/98 11 fort-worth.tx.pub-ip.psi.net 2,910 2,910 100.00
>10/1/98 23 fort-worth.tx.pub-ip.psi.net 1,393 1,296 93.00
>10/10/98 2 fort-worth.tx.pub-ip.psi.net 12,123 9,366 77.00
>10/11/98 2 fort-worth.tx.pub-ip.psi.net 9,178 9,178 100.00
>10/12/98 2 fort-worth.tx.pub-ip.psi.net 8,537 8,537 100.00
>10/13/98 1 fort-worth.tx.pub-ip.psi.net 10,750 8,970 83.00
>10/14/98 1 fort-worth.tx.pub-ip.psi.net 9,900 9,900 100.00
>10/16/98 1 fort-worth.tx.pub-ip.psi.net 8,735 8,735 100.00
>10/17/98 9 fort-worth.tx.pub-ip.psi.net 3,356 3,356 100.00
>10/18/98 2 fort-worth.tx.pub-ip.psi.net 10,395 10,395 100.00
>10/20/98 2 fort-worth.tx.pub-ip.psi.net 9,213 9,202 100.00
>10/22/98 3 fort-worth.tx.pub-ip.psi.net 11,641 11,641 100.00
>10/23/98 1 fort-worth.tx.pub-ip.psi.net 13,669 11,163 82.00
>10/24/98 8 fort-worth.tx.pub-ip.psi.net 2,835 2,835 100.00
>10/25/98 1 fort-worth.tx.pub-ip.psi.net 16,213 16,213 100.00
>Total Articles 170,728
>Total Spam 163,347
>Average %Spam 95.68
Ninety five percent spam! From one bank of dial-up ports! And PSI
is unwilling or unable to deal with it. This is not complicated --
trying to find spam from the Fort Worth POP is like looking for _hay_
in a haystack!
These 163,000 spamules were brought to you by Tom Gartman. Yes, he's
back at PSI, despite single-handedly dragging them to the brink of a
UDP a coupla months ago.
Remember, it's not just 163,000 spams. Every one of them requires a
cancel message, which adds to the overhead caused by this parasitic
thief.
B- The Rest of Texas
>9/26/98 48 tx.pub-ip.psi.net 650 547 84.00
>9/29/98 62 tx.pub-ip.psi.net 616 398 65.00
>9/30/98 10 tx.pub-ip.psi.net 3,145 3,145 100.00
>10/1/98 4 tx.pub-ip.psi.net 8,162 5,684 70.00
>10/2/98 3 tx.pub-ip.psi.net 7,452 7,452 100.00
>10/4/98 55 tx.pub-ip.psi.net 490 364 74.00
>10/6/98 77 tx.pub-ip.psi.net 397 332 84.00
>10/7/98 55 tx.pub-ip.psi.net 493 398 81.00
>10/10/98 39 tx.pub-ip.psi.net 696 553 79.00
>Total 22,101 18,873
>Average %Spam 85.39
Eighty five percent. Probably still mostly Gartman.
C - New York (Primarily Syracuse)
>9/29/98 29 38.26.155.0 (Syracuse, NY) 831 831 100.00
>9/30/98 37 38.26.155.0 (Syracuse, NY) 881 881 100.00
>10/1/98 65 38.26.155.0 (Syracuse, NY) 343 343 100.00
>10/2/98 36 38.26.155.0 (Syracuse, NY) 639 639 100.00
>10/4/98 41 38.26.155.0 (Syracuse, NY) 560 560 100.00
>10/5/98 13 38.26.155.0 (Syracuse, NY) 2,036 2,036 100.00
>10/6/98 57 38.26.155.0 (Syracuse, NY) 470 470 100.00
>10/7/98 35 38.26.155.0 (Syracuse, NY) 623 623 100.00
>10/8/98 30 38.26.155.0 (Syracuse, NY) 1,002 1,002 100.00
>10/10/98 25 38.26.155.0 (Syracuse, NY) 938 938 100.00
>10/11/98 33 38.26.155.0 (Syracuse, NY) 656 656 100.00
>10/12/98 39 38.26.155.0 (Syracuse, NY) 876 876 100.00
>10/13/98 14 38.26.155.0 (Syracuse, NY) 1,070 1,070 100.00
>10/15/98 11 38.26.155.0 (Syracuse, NY) 2,039 2,039 100.00
>10/16/98 30 38.26.155.0 (Syracuse, NY) 813 813 100.00
>10/17/98 30 38.26.155.0 (Syracuse, NY) 920 920 100.00
>10/18/98 42 38.26.155.0 (Syracuse, NY) 525 525 100.00
>10/19/98 30 38.26.155.0 (Syracuse, NY) 826 826 100.00
>10/20/98 63 38.26.155.0 (Syracuse, NY) 447 447 100.00
>10/21/98 2 38.26.155.0 (Syracuse, NY) 5,134 5,134 100.00
>10/22/98 7 38.26.155.0 (Syracuse, NY) 3,779 3,779 100.00
>10/23/98 10 38.26.155.0 (Syracuse, NY) 2,069 2,069 100.00
>9/26/98 5 ny.pub-ip.psi.net 3,890 3,890 100.00
>9/27/98 13 ny.pub-ip.psi.net 2,966 2,966 100.00
>9/28/98 6 ny.pub-ip.psi.net 3,617 3,617 100.00
>9/29/98 12 ny.pub-ip.psi.net 2,428 2,428 100.00
>9/30/98 9 ny.pub-ip.psi.net 3,592 3,592 100.00
>10/1/98 10 ny.pub-ip.psi.net 3,118 3,118 100.00
>10/2/98 17 ny.pub-ip.psi.net 1,108 1,108 100.00
>10/3/98 15 ny.pub-ip.psi.net 1,915 1,746 91.00
>10/4/98 9 ny.pub-ip.psi.net 3,711 3,711 100.00
>10/5/98 20 ny.pub-ip.psi.net 1,342 1,208 90.00
>10/6/98 9 ny.pub-ip.psi.net 3,072 3,072 100.00
>10/7/98 6 ny.pub-ip.psi.net 3,033 3,033 100.00
>10/8/98 14 ny.pub-ip.psi.net 2,437 2,437 100.00
>10/9/98 11 ny.pub-ip.psi.net 2,796 2,796 100.00
>10/10/98 10 ny.pub-ip.psi.net 2,425 2,214 91.00
>10/11/98 7 ny.pub-ip.psi.net 3,200 3,200 100.00
>10/12/98 7 ny.pub-ip.psi.net 4,332 4,332 100.00
>10/13/98 5 ny.pub-ip.psi.net 3,500 3,500 100.00
>10/14/98 3 ny.pub-ip.psi.net 3,010 3,010 100.00
>10/15/98 5 ny.pub-ip.psi.net 2,809 2,809 100.00
>10/16/98 6 ny.pub-ip.psi.net 3,483 3,483 100.00
>10/17/98 7 ny.pub-ip.psi.net 4,164 4,164 100.00
>10/18/98 7 ny.pub-ip.psi.net 3,021 3,021 100.00
>10/19/98 5 ny.pub-ip.psi.net 4,905 4,905 100.00
>10/20/98 3 ny.pub-ip.psi.net 5,733 5,733 100.00
>10/23/98 18 ny.pub-ip.psi.net 1,177 1,177 100.00
>10/24/98 5 ny.pub-ip.psi.net 3,856 3,856 100.00
>10/25/98 3 ny.pub-ip.psi.net 5,912 5,912 100.00
>10/3/98 41 rochester.ny.pub-ip.psi.net 454 454 100.00
>Total Articles 118,483
>Total Spam 117,969
>Average %Spam 99.57
That's right, 99+% spam from NY POPs, every single day of the last
month! This is not "asleep at the wheel". This is willful
negligence.
D - Florida
>9/28/98 49 38.11.73.0 (Orlando, FL) 476 476 100.00
>9/29/98 41 38.11.73.0 (Orlando, FL) 656 656 100.00
>10/2/98 61 38.11.73.0 (Orlando, FL) 327 327 100.00
>10/13/98 35 38.11.73.0 (Orlando, FL) 534 534 100.00
>10/17/98 76 38.11.73.0 (Orlando, FL) 347 347 100.00
>10/21/98 97 38.11.73.0 (Orlando, FL) 226 226 100.00
>10/24/98 32 38.11.73.0 (Orlando, FL) 715 715 100.00
>10/13/98 52 38.30.153.0 (St Petersburg, FL) 357 357 100.00
>10/14/98 10 38.30.153.0 (St Petersburg, FL) 1,848 1,848 100.00
>10/15/98 15 38.30.153.0 (St Petersburg, FL) 1,753 1,753 100.00
>10/16/98 15 38.30.153.0 (St Petersburg, FL) 1,648 1,648 100.00
>10/17/98 28 38.30.153.0 (St Petersburg, FL) 1,011 1,011 100.00
>10/18/98 30 38.30.153.0 (St Petersburg, FL) 811 811 100.00
>10/20/98 89 38.30.51.0 (Miami, FL) 266 266 100.00
>10/5/98 32 38.30.71.0 (Miami, FL) 678 678 100.00
>9/26/98 39 fl.pub-ip.psi.net 660 609 92.00
>9/27/98 55 fl.pub-ip.psi.net 566 456 81.00
>9/28/98 34 fl.pub-ip.psi.net 767 715 93.00
>9/29/98 2 fl.pub-ip.psi.net 6,269 6,194 99.00
>10/1/98 88 fl.pub-ip.psi.net 335 251 75.00
>10/2/98 50 fl.pub-ip.psi.net 518 387 75.00
>10/3/98 33 fl.pub-ip.psi.net 770 665 86.00
>10/4/98 43 fl.pub-ip.psi.net 676 553 82.00
>10/5/98 25 fl.pub-ip.psi.net 1,041 886 85.00
>10/6/98 26 fl.pub-ip.psi.net 1,203 1,094 91.00
>10/7/98 24 fl.pub-ip.psi.net 1,199 1,107 92.00
>10/8/98 80 fl.pub-ip.psi.net 394 265 67.00
>10/9/98 14 fl.pub-ip.psi.net 1,495 1,406 94.00
>10/10/98 60 fl.pub-ip.psi.net 422 367 87.00
>10/11/98 13 fl.pub-ip.psi.net 1,721 1,612 94.00
>10/12/98 28 fl.pub-ip.psi.net 1,131 1,092 97.00
>10/15/98 41 fl.pub-ip.psi.net 770 699 91.00
>10/17/98 24 fl.pub-ip.psi.net 1,199 1,156 96.00
>10/18/98 50 fl.pub-ip.psi.net 491 444 90.00
>10/19/98 64 fl.pub-ip.psi.net 410 342 83.00
>10/23/98 16 fl.pub-ip.psi.net 1,415 1,332 94.00
>10/24/98 52 fl.pub-ip.psi.net 674 460 68.00
>10/25/98 23 fl.pub-ip.psi.net 1,294 1,215 94.00
>9/26/98 29 fort-lauderdale.fl.pub-ip.psi.net 981 981 100.00
>9/30/98 30 fort-lauderdale.fl.pub-ip.psi.net 1,003 1,002 100.00
>10/2/98 44 fort-lauderdale.fl.pub-ip.psi.net 794 511 64.00
>10/20/98 20 fort-lauderdale.fl.pub-ip.psi.net 1,244 1,244 100.00
>9/27/98 36 margate.fl.pub-ip.psi.net 766 766 100.00
>10/4/98 20 margate.fl.pub-ip.psi.net 1,704 1,704 100.00
>10/8/98 37 margate.fl.pub-ip.psi.net 733 733 100.00
>10/15/98 25 margate.fl.pub-ip.psi.net 1,120 1,120 100.00
>10/16/98 31 margate.fl.pub-ip.psi.net 805 805 100.00
>10/22/98 24 margate.fl.pub-ip.psi.net 987 987 100.00
>10/24/98 43 margate.fl.pub-ip.psi.net 591 591 100.00
>9/26/98 82 orlando.fl.pub-ip.psi.net 275 275 100.00
>9/28/98 75 orlando.fl.pub-ip.psi.net 231 231 100.00
>Total 48,307 45,910
>Average %Spam 95.04
Ninety five percent spam.
E - San Francisco, CA
>9/26/98 94 38.28.60.0 (San Francisco, CA) 234 234 100.00
>9/28/98 33 38.28.60.0 (San Francisco, CA) 736 736 100.00
>10/1/98 42 38.28.60.0 (San Francisco, CA) 510 510 100.00
>10/4/98 53 38.28.60.0 (San Francisco, CA) 418 418 100.00
>10/5/98 52 38.28.60.0 (San Francisco, CA) 387 387 100.00
>10/6/98 39 38.28.60.0 (San Francisco, CA) 639 639 100.00
>10/12/98 69 38.28.60.0 (San Francisco, CA) 360 360 100.00
>10/14/98 75 38.28.60.0 (San Francisco, CA) 262 262 100.00
>10/15/98 71 38.28.60.0 (San Francisco, CA) 353 353 100.00
>9/29/98 92 38.28.61.0 (San Francisco, CA) 254 254 100.00
>9/30/98 42 38.28.61.0 (San Francisco, CA) 765 765 100.00
>10/1/98 30 38.28.61.0 (San Francisco, CA) 965 965 100.00
>10/2/98 16 38.28.61.0 (San Francisco, CA) 1,163 1,163 100.00
>10/3/98 60 38.28.61.0 (San Francisco, CA) 337 337 100.00
>10/4/98 72 38.28.61.0 (San Francisco, CA) 293 293 100.00
>10/6/98 38 38.28.61.0 (San Francisco, CA) 657 657 100.00
>10/7/98 73 38.28.61.0 (San Francisco, CA) 321 321 100.00
>10/24/98 34 38.28.61.0 (San Francisco, CA) 710 710 100.00
>10/25/98 44 38.28.61.0 (San Francisco, CA) 652 652 100.00
>Total 10,016 10,016
>Average %Spam 100.00
Way to go Spamboy! A perfect 100% spam for the City on the Bay.
Not a single legitimate article from the S.F. POP on nineteen of the
past thirty days. What _possible_ excuse could PSI have for this?
F - The rest of California
>9/26/98 34 ca.pub-ip.psi.net 993 752 76.00
>9/27/98 11 ca.pub-ip.psi.net 3,136 3,136 100.00
>9/29/98 13 ca.pub-ip.psi.net 2,154 2,020 94.00
>10/1/98 15 ca.pub-ip.psi.net 1,858 1,660 89.00
>10/2/98 87 ca.pub-ip.psi.net 375 213 57.00
>10/6/98 45 ca.pub-ip.psi.net 830 569 69.00
>10/8/98 21 ca.pub-ip.psi.net 1,613 1,426 88.00
>10/9/98 43 ca.pub-ip.psi.net 742 475 64.00
>10/11/98 59 ca.pub-ip.psi.net 460 353 77.00
>10/12/98 70 ca.pub-ip.psi.net 480 338 70.00
>10/13/98 39 ca.pub-ip.psi.net 501 501 100.00
>10/14/98 52 ca.pub-ip.psi.net 634 416 66.00
>10/15/98 88 ca.pub-ip.psi.net 278 278 100.00
>10/17/98 47 ca.pub-ip.psi.net 713 522 73.00
>10/18/98 63 ca.pub-ip.psi.net 661 327 49.00
>10/20/98 87 ca.pub-ip.psi.net 469 319 68.00
>10/21/98 27 ca.pub-ip.psi.net 1,018 872 86.00
>10/22/98 87 ca.pub-ip.psi.net 491 281 57.00
>10/24/98 79 ca.pub-ip.psi.net 456 289 63.00
>Total 17,862 14,747
>Average %Spam 82.56
Only eighty two percent. Good neighbors, by PSI standards.
G -- Delaware
>9/27/98 79 38.30.157.0 (Wilmington, DE) 299 299 100.00
>9/28/98 8 38.30.157.0 (Wilmington, DE) 2,947 2,947 100.00
>9/29/98 11 38.30.157.0 (Wilmington, DE) 2,609 2,609 100.00
>9/30/98 29 38.30.157.0 (Wilmington, DE) 1,035 1,035 100.00
>9/28/98 79 de.pub-ip.psi.net 222 222 100.00
>9/29/98 79 de.pub-ip.psi.net 305 305 100.00
>10/6/98 53 de.pub-ip.psi.net 501 501 100.00
>Total 7,918 7,918
>Average %Spam 100.00
Another entire POP uncontaminated by non-EMP. Thank the Balto Blaster
for this one.
H -- Tucson, AZ
>10/5/98 26 az.pub-ip.psi.net 886 850 96.00
>10/12/98 40 az.pub-ip.psi.net 906 828 91.00
>10/16/98 29 az.pub-ip.psi.net 933 848 91.00
>10/21/98 29 az.pub-ip.psi.net 912 856 94.00
>10/22/98 31 az.pub-ip.psi.net 906 853 94.00
>10/23/98 29 az.pub-ip.psi.net 886 859 97.00
>10/25/98 31 az.pub-ip.psi.net 885 855 97.00
>10/1/98 34 tucson.az.pub-ip.psi.net 902 848 94.00
>10/2/98 25 tucson.az.pub-ip.psi.net 860 850 99.00
>10/3/98 27 tucson.az.pub-ip.psi.net 873 848 97.00
>10/4/98 34 tucson.az.pub-ip.psi.net 851 850 100.00
>10/6/98 30 tucson.az.pub-ip.psi.net 858 858 100.00
>10/8/98 34 tucson.az.pub-ip.psi.net 860 847 98.00
>10/9/98 21 tucson.az.pub-ip.psi.net 873 850 97.00
>10/17/98 34 tucson.az.pub-ip.psi.net 859 849 99.00
>10/19/98 27 tucson.az.pub-ip.psi.net 875 848 97.00
>10/20/98 33 tucson.az.pub-ip.psi.net 850 850 100.00
>10/24/98 29 tucson.az.pub-ip.psi.net 852 852 100.00
>Total 15,827 15,299
>Average %Spam 96.66
My good buddy Larry "danappyguy" Wojtowicz of the Adultsights gang.
It took a Cease and Desist Order to get him to stop signing up at
MCI2000. What's the chance that PSI will do that? Or do
_anything_?
I -- Newark, NJ
>10/6/98 55 newark.nj.pub-ip.psi.net 489 489 100.00
>10/9/98 45 newark.nj.pub-ip.psi.net 464 464 100.00
>10/13/98 43 newark.nj.pub-ip.psi.net 464 464 100.00
>10/16/98 54 newark.nj.pub-ip.psi.net 464 464 100.00
>10/20/98 58 newark.nj.pub-ip.psi.net 464 464 100.00
>10/22/98 61 newark.nj.pub-ip.psi.net 463 463 100.00
>10/23/98 52 newark.nj.pub-ip.psi.net 476 476 100.00
>10/24/98 51 newark.nj.pub-ip.psi.net 465 463 100.00
>Total 3,749 3,747
>Average %Spam 99.95
I tried to find those two articles that slipped past the Hippo. No
luck.
J - Virginia
>9/26/98 28 va.pub-ip.psi.net 1,035 988 95.00
>9/27/98 29 va.pub-ip.psi.net 1,088 1,047 96.00
>9/28/98 67 va.pub-ip.psi.net 294 258 88.00
>9/29/98 57 va.pub-ip.psi.net 495 451 91.00
>9/30/98 64 va.pub-ip.psi.net 507 478 94.00
>10/1/98 31 va.pub-ip.psi.net 931 912 98.00
>10/2/98 14 va.pub-ip.psi.net 1,358 1,325 98.00
>10/3/98 21 va.pub-ip.psi.net 1,318 1,318 100.00
>10/4/98 32 va.pub-ip.psi.net 906 888 98.00
>10/5/98 45 va.pub-ip.psi.net 503 472 94.00
>10/6/98 31 va.pub-ip.psi.net 831 793 95.00
>10/7/98 13 va.pub-ip.psi.net 1,807 1,690 94.00
>10/8/98 35 va.pub-ip.psi.net 965 842 87.00
>10/9/98 53 va.pub-ip.psi.net 443 422 95.00
>10/10/98 35 va.pub-ip.psi.net 655 579 88.00
>10/11/98 14 va.pub-ip.psi.net 1,672 1,569 94.00
>10/12/98 21 va.pub-ip.psi.net 1,493 1,341 90.00
>10/13/98 21 va.pub-ip.psi.net 914 857 94.00
>10/14/98 13 va.pub-ip.psi.net 1,663 1,663 100.00
>10/15/98 7 va.pub-ip.psi.net 2,226 2,226 100.00
>10/16/98 14 va.pub-ip.psi.net 1,685 1,685 100.00
>10/17/98 51 va.pub-ip.psi.net 477 459 96.00
>10/18/98 10 va.pub-ip.psi.net 2,807 2,735 97.00
>10/19/98 9 va.pub-ip.psi.net 2,432 2,432 100.00
>10/20/98 11 va.pub-ip.psi.net 2,228 2,193 98.00
>10/21/98 10 va.pub-ip.psi.net 2,164 2,164 100.00
>10/22/98 13 va.pub-ip.psi.net 2,265 2,197 97.00
>10/23/98 8 va.pub-ip.psi.net 2,134 2,134 100.00
>10/25/98 27 va.pub-ip.psi.net 1,056 1,036 98.00
>Total 38,352 37,154
>Average %Spam 96.88
Only missed making the Top 100 on -one- day of the past month.
Roughly ninety seven percent spam.
K -- All The Rest
>9/30/98 55 38.254.16.0 571 571 100.00
>10/13/98 100 38.30.182.0 180 180 100.00
>10/2/98 91 boston-xcom.ma.pub-ip.psi.net 218 208 95.00
>9/28/98 95 dc.pub-ip.psi.net 177 177 100.00
>10/1/98 100 ga.pub-ip.psi.net 239 207 87.00
>10/5/98 4 harvey.la.pub-ip.psi.net 6,764 6,754 100.00
>10/6/98 14 harvey.la.pub-ip.psi.net 1,497 1,496 100.00
>9/28/98 94 md.pub-ip.psi.net 180 180 100.00
>10/1/98 94 oh.pub-ip.psi.net 314 239 76.00
>10/2/98 63 oh.pub-ip.psi.net 378 324 86.00
>10/3/98 75 oh.pub-ip.psi.net 328 268 82.00
>10/4/98 33 oh.pub-ip.psi.net 869 869 100.00
>10/17/98 96 or.pub-ip.psi.net 240 240 100.00
>10/18/98 71 or.pub-ip.psi.net 300 300 100.00
>10/10/98 100 vt.pub-ip.psi.net 225 225 100.00
>10/14/98 53 vt.pub-ip.psi.net 378 378 100.00
>Total 12,858 12,616
>Average %Spam 98.12
An assortment of POPs, averaging ninety eight percent spam.
L - Grand Total
>Total Articles 466,201
>Total Spam 447,596
>Average %Spam 96.01
264 separate NNTP entries in the Hippo reports in 30 days.
Ninety six percent spam.
Four Hundred thousand spamites. Which necessitate four hundred
thousand cancels. In one month. Simply amazing.
CONCLUSION
Can anyone come up with any reason -whatsoever- why PSI should *NOT*
be subjecf to the Mother Of All UDPs?
===================================
Faithfully Submitted,
-- Rick "Lysander Spooner" Buchanan
John Payne
>CONCLUSION
>
>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>be subjecf to the Mother Of All UDPs?
Based on the evidence provided, and speaking solely for myself...
not I.
--
John Payne http://www.sackheads.org/jpayne jo...@sackheads.org
Sarcasm by request Fax: +44 870 0547954
My mail provider doesn't welcome UBE - http://www.sackheads.org/uce/
Jeffery J. Leader
>This document is a quick compilation and analysis
It's more than that, and quite convincing. Are they blaming it on
those who rent POPs from them?
> PSI disables their Abuse department's access to the Quake server
[...]
> PSI restores Quake access to Abuse dept.
An amusing way to put it, but: Admin after admin feels *bad* when spam
comes from their server, even if they are at an ISP which whacks
spammers then fines them then asks that they be deported to a country
with no net access. Is ab...@psi.net unprofessionally (in attitude)
staffed or are they strangled by management?
>Not a single legitimate article from the S.F. POP on nineteen of the
>past thirty days. What _possible_ excuse could PSI have for this?
It's redundant to attempt to say something amusing here...I don't know
how to top this.
>Another entire POP uncontaminated by non-EMP.
Ah, the Cheese Shoppe...
This seems a pretty strong case to me. PSI, any response?
r...@netgate.net
>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>be subjecf to the Mother Of All UDPs?
Yup. In fact, I propose a moratorium on cancelling their spam.
The situation at PSI has gotten so bad, that even small-time operators
who can't afford to run a filter like the Hippo can get a huge benefit
in spam reduction, and virtually no cost, by simply aliasing them out.
Instead of a 5-day warning of an impending UDP, issue a 5-day warning
of an impending pinkstorm. Then start aliasing out
pubxfer.news.psi.net, and the other servers that Gartman, et al, are
being allowed to spam from with impunity, in your own feed.
The clueful admins will start doing the same. This is a lot more
cost-effective than trying to clean spools with a half-million cancels.
This idea is predicated on the assumption that things are still much as
they were a couple of months ago, when my ISP gave up on trying to keep
up with the spamload, and contracted out to Supernews (where
essentially all of the spam under discussion is never visible to users).
At that time, Spamboy was jumping from ISP to ISP, but the others
seemed to have found themselves a few cushy rogue sites to spew from,
and settled in there. If that's changed, its effectiveness will be
reduced somewhat.
An advantage of this approach is that it precludes PSI's trying to avoid
fixing the problem by waving their lawyers around. What can they do?
Try to file "PSI vs John Doe ISPs 1-35,000"?
Ran
Jeffery J. Leader
>I propose a moratorium on cancelling their spam.
A daring approach...it might work, I suppose, though passive UDPs are
underutilized (by which I mean participation is low) for whatever
reason. (Big ISPs will likely have entanglements of various sorts
with PSI. Will anyone who rents dialups from them for any reason turn
around and alias them out?) I don't know if ISPs will see the
increased memory usage and act or enjoy the reduced bandwidth
utilization due to the cessation of cancels...
I don't have a problem with trying this but think the basic UDP is
probably the better approach overall...
Doug Mackall
JeffL...@MindSpring.com says...
>those who rent POPs from them?
>
>> PSI restores Quake access to Abuse dept.
>
>comes from their server, even if they are at an ISP which whacks
>spammers then fines them then asks that they be deported to a country
>with no net access. Is ab...@psi.net unprofessionally (in attitude)
>staffed or are they strangled by management?
>
>>past thirty days. What _possible_ excuse could PSI have for this?
>
>how to top this.
>
>
>
>This seems a pretty strong case to me. PSI, any response?
Tried, convicted, and awaiting sentence.
The only thing I'd like to add is that this has taken entirely too long
to reach the serious discussion phase.
Again.
--
Check out the UUNet Parody site:
http://www.sputum.com/uunot/index.html
SubGenius Police, Usenet Tactical Unit (Mobile), aka S.P.U.T.U.M.
Unit C: "Thou Shalt Not Pass Light Speed!"
The Eternally Recondite Master Interdictor, Network Attack Legion(TERMINAL)
http://www.sputum.com/
Doug Mackall
JeffL...@MindSpring.com says...
Moratoriums can't work under the present conditions, since BI 20 spam
will still get cancelled by cosmo regardless of the situation.
Good idea otherwise.
Lysander Spooner
I --Pubxfer --
(30 day average)
>Avg %Spam 79.21
(yesterday's hippo report)
8 pubxfer.news.psi.net 3192 3010 94 1908
Ninety four percent spam from the PSI server. Wow.
II --The POPs
(30 day totals)
>>Total Articles 466,201
>>Total Spam 447,596
>>Average %Spam 96.01
>
>264 separate NNTP entries in the Hippo reports in 30 days.
>Ninety six percent spam.
>Four Hundred thousand spamites.
(Yesterday's Hippo report)
Total Spam %Spam KBytes
3 ny.pub-ip.psi.net 3991 3991 100 2167
6 fort-worth.tx.pub-ip.psi.net 3542 3482 98 1674
12 va.pub-ip.psi.net 1486 1486 100 869
35 38.14.96.0 (Margate FL) 674 674 100 319
38 fl.pub-ip.psi.net 706 627 89 931
49 newark.nj.pub-ip.psi.net 464 464 100 744
Total Articles 10,863
Total Spam 10,724
Average %Spam 98.72
Six NNTP entries in one day
Ninety nine percent spam
Eleven thousand spamicles (vs. 139 legit posts)
Double Wow.
At the risk of being redundant, I ask
>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>be subjecf to the Mother Of All UDPs?
-- Rick
Mark Hittinger
>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>be subjecf to the Mother Of All UDPs?
By permitting them to do this for the past 8 months the activity has had
the tacit approval of the Usenet community. There has even been supportive
posts made to the group by certain popular "anti-spammers".
What has changed that makes a UDP necessary now that 8 months have gone by?
If it was about spam, then something should have been done in April. If it
was about spam, then something should have been done in June. If it was about
spam, then something should have been done in August. If it was about spam,
then something should have been done in October....
Has someone's consulting contract been recently cancelled? Is there a new
dispute over how the protection money is going to be divvied up? Has someone
broken up with someone? Has an unfavored competitor of Gartman shown up at
PSI recently? Is PSI getting ready to be bought out? (hmmmmmmmmmmm)
Part of any UDP announcement should be a profound apology to the Usenet
community for applying a double standard to this situation and letting it
go so long.
While you plan this action please look at the stats and pay attention to
another rather huge challenger of PSI which has been in a large upward spam %
trend for about 4 months now.
Once you complete the education of PSI's officers and middle management you
will need to address another large challenge shortly afterwards (that is,
if its about spam). If its not about spam then I would expect to see
protracted silence on that front as well.
Regards,
Mark Hittinger
ICGNetcom/DallasOps
bu...@freebsd.netcom.com
Doug Mackall
says...
>buch...@cybernex.net (Lysander Spooner) writes:
>>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>>be subjecf to the Mother Of All UDPs?
>
>the tacit approval of the Usenet community. There has even been supportive
>posts made to the group by certain popular "anti-spammers".
>
>What has changed that makes a UDP necessary now that 8 months have gone by?
Nada as near as I can tell.
>If it was about spam, then something should have been done in April. If it
>was about spam, then something should have been done in June. If it was about
>spam, then something should have been done in August. If it was about spam,
>then something should have been done in October....
What can I say?
Why weren't you pushing for this then?
I've made a few feeble attempts at getting a discussion started, but
could never make things happen.
>Has someone's consulting contract been recently cancelled? Is there a new
>dispute over how the protection money is going to be divvied up? Has someone
>broken up with someone? Has an unfavored competitor of Gartman shown up at
>PSI recently? Is PSI getting ready to be bought out? (hmmmmmmmmmmm)
I'll ignore this part.
>Part of any UDP announcement should be a profound apology to the Usenet
>community for applying a double standard to this situation and letting it
>go so long.
With this I'm in full agreement.
>While you plan this action please look at the stats and pay attention to
>another rather huge challenger of PSI which has been in a large upward spam %
>trend for about 4 months now.
One at a time, but will try to do.
>Once you complete the education of PSI's officers and middle management you
>will need to address another large challenge shortly afterwards (that is,
>if its about spam). If its not about spam then I would expect to see
>protracted silence on that front as well.
If there's a shred of credibility left amongst the despammers who also
participate in UDPs when the current issue is over, please don't hesitate
to impart the occasional clue our way.
Speaking for moi only, I can't keep current on *everything* and the
latest non open server spammenhausen are one of the things I just don't
notice too much.
I *did* notice psi however, and I *did* notice ELN.
Joshua Kramer
> Has someone's consulting contract been recently cancelled? Is there a new
> dispute over how the protection money is going to be divvied up? Has someone
> broken up with someone? Has an unfavored competitor of Gartman shown up at
> PSI recently? Is PSI getting ready to be bought out?
*plonk*
Nutcom just lost *MY* parents buisness. Ahh well, their loss.
--
"Please note, that Joshua Kramer is a student at Swarthmore and not
a network administrator as his tone and language implies. He is not
speaking as a representative of the Swarthmore network administrative
staff." -Mike Martin (mike...@swbell.net)
"Thanks for clearing that up."
-Joshua Kramer
brian moore
Mark Hittinger <bu...@freebsd.netcom.com> wrote:
> buch...@cybernex.net (Lysander Spooner) writes:
> >Can anyone come up with any reason -whatsoever- why PSI should *NOT*
> >be subjecf to the Mother Of All UDPs?
>
> the tacit approval of the Usenet community. There has even been supportive
> posts made to the group by certain popular "anti-spammers".
By permitting the Zodiac killer to remain at large for the last 30
years, his activities have had the tacit approval of American society.
There have even been supportive books made by popular crime novelists.
> If it was about spam, then something should have been done in April. If it
> was about spam, then something should have been done in June. If it was about
> spam, then something should have been done in August. If it was about spam,
> then something should have been done in October....
Because each of those times they said, "oh, look, we're going to fix
it".
As I recall, a certain large national provider (whose initials are ICG)
claimed that about their problems for a long time. "Oh, yes, Mr Vixie,
we're controlling spam from our mail servers!"
Perhaps the admins of that provider, lying scumbags that they are,
should explain to the public just why it was that they lied for months
and months about controlling spam, why they cancelled accounts and then
signed the abuser back up within hours, why their own web hosting
service would allow sites to spam, as long as they did it through a
disposable dialup (even one from their own service) instead of through
the one officially connected to their account.
> Has someone's consulting contract been recently cancelled? Is there a new
> dispute over how the protection money is going to be divvied up? Has someone
> broken up with someone? Has an unfavored competitor of Gartman shown up at
> PSI recently? Is PSI getting ready to be bought out? (hmmmmmmmmmmm)
Mark, you need to quit taking the narcotics so early in the morning.
They combine with the caffeine and make you come up with utter bullshit.
If you're going to accuse people of being on the take, please cite some
facts.
How about it, Mark. Who paid YOU off to do nothing about the spam from
your own employer for months? Did the NETCOMI porn customers give you
a stack of free whacking material? Or did they give you a free blow job
for every spam complaint you defused? Perhaps it was Netcom that paid
you off after a VP got his free whacking material, you got a nice bonus
for your help.
Has Mark Hittinger sold his soul for a strap on?
Was it good for you, Mark?
> Part of any UDP announcement should be a profound apology to the Usenet
> community for applying a double standard to this situation and letting it
> go so long.
Fuck you, Mark.
Part of Netcom's acting like a responsible netizen should include paying
the people who cancelled their spew for months. Perhaps they should
take it out of your salary.
--
Brian Moore | "The Zen nature of a spammer resembles
Sysadmin, C/Perl Hacker | a cockroach, except that the cockroach
Usenet Vandal | is higher up on the evolutionary chain."
Netscum, Bane of Elves. Peter Olson, Delphi Postmaster
Raccoon
(Lysander Spooner) says...
>
>The history of Usenet abuse and PSI goes something like this:
>
>-=-=-
> PSI customers trash Usenet
> PSI does nothing (except cash the spammers' checks....)
> Despammers threaten to impose a Usenet Death Penalty
> PSI disables their Abuse department's access to the Quake server
> The PSI abuse-droids do the _bare minimum_ of TOS enforcement
> necessary to avoid the UDP; spam stats drop slightly
> PSI makes a public statement lying about their anti-spam resolve
> PSI makes foolish legal threats regarding the UDP they just dodged
> Consensus for UDP doesn't materialize; Despammers move on to other
> problems
> PSI restores Quake access to Abuse dept.
> PSI customers resume trashing Usenet; PSI resumes cashing checks
>
>Repeat until disgusted.
>-=-=-
>
Does PSI even acknowledge that they have a problem with spammers?
Wouldn't it be in their best interest to block public server access until
things cool down?
And what could you recommend readers of this article?
Is it reasonable to ask our ISPs to filter out all PSI posts?
I'd imagine if everyone were to boycott PSI, they might just leave.
Besides, I'm sure if the ratio of spam vs. legit posts is that great,
I'd probably never even find a legit post from PSI.
(little loss for a large gain)
- Raccoon
My real email address:
alt [dot] raccoon [at] usa [dot] net
--
Random site: (Rocket Raccoon Comic Covers)
http://members.tripod.com/~raccoonsite/comics/rocketcovers.html
Jeffery J. Leader
opposing viewpoint for UDPs--how about issuing a retraction on this
one and trying again?
Andrew Gierth
Jeffery> It's more than that, and quite convincing. Are they blaming
Jeffery> it on those who rent POPs from them?
Usually it's the other way round; sites that rent the POPs blame PSI
for any spamming problems, even to the extent of requesting that I not
bother them about spam *from their own news servers*. (Such requests
are not honoured.)
--
Andrew.
Mark Hittinger
Absolutely not. I don't understand why the group supports the vitriolic
attacks on providers or the employees of providers. So many apologies and
retractions are due from that side of the fence! All one has to do is
review Mr. Moore's most revealing post. Bah!
I agree the stats show the UDP is justified. I agree that real preperations
ought to be made. Once they are, I will have to get ready to put in some
serious overtime as the roaches scurry to find new homes. I'm not looking
forward to it but I knew it had to be done in April.
I am not opposing UDP's Jeffrey. Even when it was going to be Netcom's turn
I was trying to get a set of fair rules nailed down so that things could be
efficiently handled. Another example, when it was MCI2000's turn I did not
state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
given a pass. That question is still on the table.
I am trying to oppose and expose the unfair way that UDP's are implemented.
By making the process fair and provider blind a unified front will be
presented to managements. Any other anti-abuse techniques that you
guys care to implement must also be process fair and provider blind if you
want them to succeed over the long haul. If a provider perceives an
exception is being made, if a spammer perceives an exception is being made,
then the ultimate mess to be cleaned up will be far worse, i.e. PSI. You
guys are only harming yourselves and Usenet with this double standard BS.
After some arguments we've now gotten the UDP process to be mostly fair with
a good level of consensus and things like the 5 day notice period. What I am
attacking now (and have been attacking for several months) is the necessity
for the process to also be provider blind. Right now it isn't. Almost nobody
mails me to tell me I'm wrong about this one anymore. Lets go ahead and get
over this hump - lets make our efforts and standards provider blind - then lets
enforce things across the board (or not enforce them at all).
Jeffery J. Leader
>I am trying to oppose and expose the unfair way that UDP's are implemented.
I understood that and oversimplified it in my post. Certainly you
provide an opposing viewpoint on some aspects of how UDPs are
implemented.
>By making the process fair and provider blind
The only real issue I have with this is that when mgmt. says "We're
working" it's good to be able to say "OK, have a little more time" and
this judgment has traditionally been subjective. I think that some
leeway should be left here even if it is made more formal.
In Message-ID: <7126dj$n...@dfw-ixnews7.ix.netcom.com> you wrote:
:>Has someone's consulting contract been recently cancelled? Is there a new
:>dispute over how the protection money is going to be divvied up? Has someone
:>broken up with someone?
You may see this as highlighting the subjective aspect of things but I
find it flat-out offensive and unfair. I know you and other Netcom
employees received far more than your share of abuse but whether it's
about that or not this just inclines people to tune you out. Which
would be a shame, because no one else *is* making your points. When
people have finished tuning you out by one means or another, FAPIAP no
one *will* be making those points.
brian moore
> JeffL...@MindSpring.com (Jeffery J. Leader) writes:
> >Mark, this is way too much. It's helpful to have an intelligent
> >opposing viewpoint for UDPs--how about issuing a retraction on this
> >one and trying again?
>
> Absolutely not. I don't understand why the group supports the vitriolic
> attacks on providers or the employees of providers. So many apologies and
> retractions are due from that side of the fence! All one has to do is
> review Mr. Moore's most revealing post. Bah!
Revealing? Because I point out your fallacies?
'Reducto ad absurdum' is the Latin, I believe, and is a valid method for
disproving assertions.
Why is it acceptable for you, a representative of ICG Netcom, to accuse
the cancellors (and if you are paying attention: I don't honor or accept
cancels and haven't done so for months) of accepting bribes, but not to
(with equal evidence) accuse you of the same?
That would be a double standard, no?
> I agree the stats show the UDP is justified. I agree that real preperations
> ought to be made. Once they are, I will have to get ready to put in some
> serious overtime as the roaches scurry to find new homes. I'm not looking
> forward to it but I knew it had to be done in April.
Then you should have joined in supporting it then. UDP's work when
there is a consensus. Your silence on the matter would mean you thought
it was okay, no? That is what your last post said.
Or is consistency not valued?
> I am not opposing UDP's Jeffrey. Even when it was going to be Netcom's turn
> I was trying to get a set of fair rules nailed down so that things could be
> efficiently handled. Another example, when it was MCI2000's turn I did not
> state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
> given a pass. That question is still on the table.
Because MCI was a more serious problem at that point and because, as
Rick pointed out, depriving the abuse people at PSI of Quake gets them
motivated to behave for a few days.
That behavior was enough to convince 'enough' people that things were
under control to break the consensus.
It doesn't matter WHAT a provider does to control spam. They can unplug
their server, add filters, give their abuse staff the power to do their
job properly, whatever. It Doesn't Matter. They don't even have to
report here what they did. As long as they are showing signs of
fixing the problem, the UDP threat goes away.
A simple example?
Remember TIAC? We still have not been told from good old Tim precisely
what TIAC did to ensure it won't happen again. We have not even been
told that there was a problem in their handling of complaints. What
did they do to fix it? I don't know and don't care: as long as the spam
stops.
Or how about ACSI.NET? They added an AUP, but that wasn't what got them
un-UDP'd: the spam continued from '6t9.com' for almost two months after
their supposed AUP went into place. And then one day it all died.
What did they do to make it stop? Again, I don't know and don't care:
as long as the spam stops, it is Good.
> I am trying to oppose and expose the unfair way that UDP's are implemented.
> By making the process fair and provider blind a unified front will be
> presented to managements. Any other anti-abuse techniques that you
> guys care to implement must also be process fair and provider blind if you
> want them to succeed over the long haul. If a provider perceives an
> exception is being made, if a spammer perceives an exception is being made,
> then the ultimate mess to be cleaned up will be far worse, i.e. PSI. You
> guys are only harming yourselves and Usenet with this double standard BS.
But not your double standards?
You say it is wrong to support "the vitriolic attacks on providers or
the employees of providers" yet you, Mark, enter this discussion by
accusing everyone of accepting bribes or cancelling based on revenge.
That, Mark, is a double standard.
Quit hanging out with Dave Hayes.
r...@netgate.net
>A daring approach...it might work, I suppose, though passive UDPs are
>underutilized (by which I mean participation is low) for whatever
>reason.
I think the reason is simple: the newsadmin community, as a group,
relies on the efforts of people like Chris and Rick to take care of a
lot of the scutwork needed to present a usable spool to their clients
and customers. That situation is changing, as more of them start using
filtering, but there's still a large measure of truth to my
description.
It's rare (if not unique) for a "legitimate" ISP to spew such a large
volume and percentage of spam for such an long time. In the past,
there was always a good chunk of signal among the noise, and admins
were legitimately reluctant to take the time to kill off the whole
domain. Especially since the despammer community's (threat of a) UDP
took care of the problem for them.
>(Big ISPs will likely have entanglements of various sorts
>with PSI.
If they do, PSI's lawyers will be beating on them to alias out the UDP
pseudo-site.
>Will anyone who rents dialups from them for any reason turn
>around and alias them out?
Damfino. I also don't know whether that should really concern us. The
system is based on an ongoing series of messages saying "Attention,
ISPs: this is what despammer X thinks you should do to make your
customers happy". Maybe it's time for a different kind of message,
with a different kind of advice. Like the "news RBL" idea that's been
kicked around.
>I don't know if ISPs will see the
>increased memory usage and act or enjoy the reduced bandwidth
>utilization due to the cessation of cancels...
I'll concede that the resource savings will probably not be enough to
buy an extra bottle of domestic bubbly for the office Christmas party.
But it's as much the principle of the thing as the absolute cost: why
expend a large amount of resources, when a small one would do?
>I don't have a problem with trying this but think the basic UDP is
>probably the better approach overall...
If actually applied, it might be. The big advantage of my suggestion
is that it can be done without consensus-building, because anyone who
feels strongly enough about the bad-ness of the idea can step into the
breach and take over.
Ran
Tim Thorne
>>be subjecf to the Mother Of All UDPs?
>Part of any UDP announcement should be a profound apology to the Usenet
>community for applying a double standard to this situation and letting it
>go so long.
There are a lot of double standards in this group lately.
-
--------========>>>>>>>Special Forces<<<<<<<========--------
www.users.globalnet.co.uk/~thorne www.hell-flame-wars.org
"Dog eat dog, every day, on our fellow men we prey" Offspring
J. Porter Clark
>Part of any UDP announcement should be a profound apology to the Usenet
>community for applying a double standard to this situation and letting it
>go so long.
How's this?
Dear Usenet,
You may have noticed that we have not imposed a UDP on PSI or several
other providers also deserving a UDP. We intend to rectify this
situation as soon as possible. We apologize for any inconvenience and
thank you for your continued patronage.
Sincerely,
The Management
--
J. Porter Clark porter...@msfc.nasa.gov
NASA/MSFC Flight Data Systems Branch
r...@netgate.net
>Absolutely not. I don't understand why the group supports the vitriolic
>attacks on providers or the employees of providers.
Because:
a. Vitriol is part of Usenet culture: it's part of how people are
rebuked for doing bad/stupid things, and
b. "the group" understand the frustration involved in having personal
free time wasted because people who are getting paid to do a job of
preventing Usenet pollution are either unwilling or incompetent.
>I agree that real preperations
>ought to be made. Once they are, I will have to get ready to put in some
>serious overtime as the roaches scurry to find new homes.
This would be a good time to remind your management that, if they put
some serious teeth in their anti-abuse policies and procedures, the
roaches wouldn't be scurrying in your direction.
>Another example, when it was MCI2000's turn I did not
>state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
>given a pass. That question is still on the table.
And so is the answer: Usenet is an anarchy, which doesn't have an
army, or tax collectors to forcibly extract the resources needed to do
its "quasi-governmental" work. So that work only gets done when someone
steps up to the plate and volunteers to do it, *and* when the action is
*well within* the bounds of what's considered "acceptable", so that
taking it doesn't strain the social fabric too much. It's inefficient,
and prone to errors of omission, but it beats the hell out of any
alternative arrangement that could be imposed on the existing structure.
>I am trying to oppose and expose the unfair way that UDP's are implemented.
Try "exposing" first. If you can do that, you will, at the very
least, have to put less energy into opposing.
>Any other anti-abuse techniques that you
>guys care to implement must also be process fair and provider blind if you
>want them to succeed over the long haul.
None of the "active" measures currently in use can succeed over the long
haul. They're strictly ad hoc "first aid" while the patient is being
stabilized and treated. And the very nature of Usenet makes it nearly,
if not actually, impossible to "bureaucratize" them.
>then lets
>enforce things across the board (or not enforce them at all).
Does this mean that Netcom is volunteering to provide the resources to
do that "across the board" enforcement? Hmmmm?
Ran
Rebecca Ore
>
> bu...@freebsd.netcom.com (Mark Hittinger) wrote:
> >buch...@cybernex.net (Lysander Spooner) writes:
> >
> >>be subjecf to the Mother Of All UDPs?
> >Part of any UDP announcement should be a profound apology to the Usenet
> >community for applying a double standard to this situation and letting it
> >go so long.
>
Considering all the bot work flying around, we're rather proud of Peter
for standing by his cancelling, even though I suspect he knew it would
be controversial.
I've fupped up from time to time and in one case had to email a couple
of times to get the person to realize what I'd done, really. Of the
fup-ups, only one time did anyone ask me to repost.
Peter could have done what he did without anyone being able to trace
it. He didn't. Ergo, we can decide at leisure and in calmer spirits
what to do next time.
And it would help ever so much in calming people down if you didn't
whine about being whacked.
--
Rebecca Ore
Howard Knight
[hundreds of lines of uglyness snipped]
: Can anyone come up with any reason -whatsoever- why PSI should *NOT*
: be subjecf to the Mother Of All UDPs?
Dear Usenet,
You may have noticed that we have not imposed a UDP on PSI or several
other providers also deserving a UDP. We intend to rectify this
situation as soon as possible. We apologize for any inconvenience and
thank you for your continued patronage.
Sincerely,
Howard Knight
The Management (TINC)
Lysander Spooner
Hittinger) wrote:
>buch...@cybernex.net (Lysander Spooner) writes:
>>Can anyone come up with any reason -whatsoever- why PSI should *NOT*
>>be subjecf to the Mother Of All UDPs?
>
>By permitting them to do this for the past 8 months the activity has had
>the tacit approval of the Usenet community.
Geez Mark, just when I thought you had gotten that bug out of your ass
you come out with a screed like this.
>What has changed that makes a UDP necessary now that 8 months have gone by?
>
>If it was about spam, then something should have been done in April. If it
>was about spam, then something should have been done in June. If it was about
>spam, then something should have been done in August. If it was about spam,
>then something should have been done in October....
Look here you...
(Taking a deep breath, counting to ten - twice -, and reminding myself
that Netcom's spam output has been exceptionally low of late.)
Mark, I agree with all that. You think _you_ were frustrated that
the UDP didn't materialize any of those times? Think how I felt.
I'm one of the guys who had to go back to sweeping up their offal in
my spare time.
The problem was, they found a loophole. We always made the point
that responsiveness was important in determining whether to apply a
UDP. Well, they've been responsive -- every single time.
For about 48 hours each time.
Why did MCI2000 come within 30 minutes of a UDP while PSI (whose
total spam output was worse) never even got a 5-day notice? Because
PSI immediately said they would work on the problem, and the numbers
started to drop. MCI was utterly uncommunicative and unresponsive.
They did nothing until the warning was issued, and said nothing until
moments before the axe was about to fall.
In short, PSI has been jerking us around. That's why I'm including
the "Double-Secret-Probation" provision (which isn't secret -- I just
like _Animal House_ references). THIS time, as soon as the abuse
levels strart to go up again (IOW, when the suits at PSI call Gartman
to say "the heat's off; spam away"), the UDP-bots kick in IMMEDIATELY!
No mucking about trying to build a new consensus and giving them
another five days to pull another con job.
For six months, PSI better damn well get into the daily habit of
checking yesterday's spam stats and nuking the perps today, because if
they don't they will be under a full active UDP tomorrow.
And while most ISPs fear a UDP because it will piss off customers like
Fred the accountant and Mary the housewife (who pay $20.00/month), PSI
has to worry that a UDP will piss off customers like Mindspring and
Earthlink (who pay rather a bit more than that.)
If PSI has any trace of a clue, they are at this moment making plans
to keep the Quake server inaccessible to the Abuse department for a
good long time, and explaining the gravity of this situation to The
Powers That Be.
We are Not Fucking Around this time. Count on that.
>Has someone's consulting contract been recently cancelled?
Ex-squeeze me?
>Is there a new dispute over how the protection money is going to be
>divvied up?
Oh, go to hell.
>?Has someone broken up with someone?
Go directly to hell.
>Has an unfavored competitor of Gartman shown up at
>PSI recently?
Do not pass purgatory, do not collect 200 dollars.
>Is PSI getting ready to be bought out? (hmmmmmmmmmmm)
You really need to seek help about your paranoid fantasies.
>Part of any UDP announcement should be a profound apology to the Usenet
>community for applying a double standard to this situation and letting it
>go so long.
Look asshole, when you start paying me for my services, THEN you get
to give me performance reviews. I do what I can, when I can, the
best that I can, in between trying to carry on an actual 3-space life.
I'm a frigging volunteer. How bloody DARE you talk to me about my
responsibilities!
Next time I send a donation to the Muscular Dystrophy Assn, I'll be
sure to offer my profound apology for not donating enough in the past
to have let them find a cure. Feh.
You ungrateful, offensive BASTARD!
>While you plan this action please look at the stats and pay attention to
>another rather huge challenger of PSI which has been in a large upward spam %
>trend for about 4 months now.
Do you mean Earthlink or AOL? And why are you too craven to name
names?
>Once you complete the education of PSI's officers and middle management you
>will need to address another large challenge shortly afterwards (that is,
>if its about spam).
And you will need to stop giving orders to people who don't work for
you. You can ask. You can suggest. But when you tell us what we
"need" to do, prepare to be told where to stick it.
>If its not about spam then I would expect to see
>protracted silence on that front as well.
Go take your medicine. You're raving.
>Regards,
Bite me.
-- Rick
Sapient Fridge
<bu...@freebsd.netcom.com> writes
>I am not opposing UDP's Jeffrey. Even when it was going to be Netcom's turn
>I was trying to get a set of fair rules nailed down so that things could be
>state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
>given a pass. That question is still on the table.
Looks to me like there needs to be a set of rules which cause a UDP to
be triggered in the same way that we have the B.I. for spam itself. If
we don't have that then we can be (are) accused of being biased.
Justice has to be seen to be done.
Something like if over 50% of an ISP (single server?) is spam for over a
month then the five day notice is given. For the next 6 months they
are on "Double-secret-probation" and the UDP is triggered *without*
notice if they go over the 50% figure for a month.
50% may be to high, too low. Figure out of my hat.
--
sapient...@sengir.demon.co.uk * ICQ #17887309 * Save the net *
Grok: http://www.cauce.org http://www.ybecker.net/ * kill a spammer *
Find: http://www.blighty.com/spam/spade.html http://spam.abuse.net *
Kill: http://dlis.gseis.ucla.edu/people/pagre/spam.html *
ra...@world.std.com
Mark Hittinger <bu...@freebsd.netcom.com> wrote:
>for the process to also be provider blind. Right now it isn't. Almost nobody
>mails me to tell me I'm wrong about this one anymore. Lets go ahead and get
>over this hump - lets make our efforts and standards provider blind - then lets
>enforce things across the board (or not enforce them at all).
Nobody mails Boursy to tell him he's an idiot either. Not that you're doing
*that*, but don't let the lack of email make you think that people don't
disagree with you.
For example, I disagree with you: Having watched some of netcom's early
efforts, and their early responses, I see that they have cycles of good
behavior marred by long periods of changing nothing.
--
Lysander Spooner
Hittinger) wrote:
>I agree the stats show the UDP is justified. I agree that real preperations
>ought to be made. Once they are, I will have to get ready to put in some
>serious overtime as the roaches scurry to find new homes. I'm not looking
>forward to it but I knew it had to be done in April.
I wish more providers had the foresight you demonstrate here, and I
commend you for being proactive about it.
>I am not opposing UDP's Jeffrey. Even when it was going to be Netcom's turn
>I was trying to get a set of fair rules nailed down so that things could be
>efficiently handled. Another example, when it was MCI2000's turn I did not
>state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
>given a pass. That question is still on the table.
Couldn't you have said it that way in the first place, rather than
accuse us grunts of corruption? I hope I answered this adaquately in
my previous message.
>I am trying to oppose and expose the unfair way that UDP's are implemented.
>By making the process fair and provider blind a unified front will be
>presented to managements. Any other anti-abuse techniques that you
>guys care to implement must also be process fair and provider blind if you
>want them to succeed over the long haul. If a provider perceives an
>exception is being made, if a spammer perceives an exception is being made,
>then the ultimate mess to be cleaned up will be far worse, i.e. PSI. You
>guys are only harming yourselves and Usenet with this double standard BS.
Cogent points, fairly stated.
Who are you and what have you done with Mark?
>After some arguments we've now gotten the UDP process to be mostly fair with
>a good level of consensus and things like the 5 day notice period. What I am
>attacking now (and have been attacking for several months) is the necessity
>for the process to also be provider blind. Right now it isn't. Almost nobody
>mails me to tell me I'm wrong about this one anymore. Lets go ahead and get
>over this hump - lets make our efforts and standards provider blind - then lets
>enforce things across the board (or not enforce them at all).
While I still feel that a certain amount of subjective "wiggle-room"
needs to be built into the system, I agree that some sort of
standardization of thresholds and trigger-points would be a Good
Thing -- as guidelines.
The reason we shouldn't let raw numbers be the _sole_ determinant of a
UDP is that it gives the determined spammer a potential weapon against
a provider he wants to stick it to. Once you draw a firm line, the
bastards will find some way of nudging even the most vigilent provider
over it with a concerted attack. We mustn't give them that power.
Let us never forget that as mad as we might get about ISPs like PSI
and MCI2000 (and Earthlink, hint hint), it's the -spammers- who are
the real Bad Guys here.
Thank you, Mark, for showing us the kind of article you can write once
you let the Haldol and Lithium kick in. :)
-- Rick
ISP_Ratings
-
-You may have noticed that we have not imposed a UDP on PSI or
-several other providers also deserving a UDP. We intend to rectify this
-situation as soon as possible. We apologize for any inconvenience and
-thank you for your continued patronage.
Any with information regarding attempts to UPD a given site should
file a complaint with the US Federal Trade Commission at:
They have a very handy online complaint form--please submit any
related posts or email with full headers.
Steve
news.admin.censorship
-
r...@netgate.net
>By permitting them to do this for the past 8 months the activity has had
>the tacit approval of the Usenet community.
Well, let's see: last month, Rick, Cosmo, et al, sent PSI almost
half a million little reminders that their customers were pissing in the
pool. Newsguy sent them 30 daily reports stating that Hippo-protected
sites were dumping damned near everything their servers and POPs were
posting.
If that's your idea of "tacit approval", what do you consider a
"rebuke"? Encasing Speedbump in C-4, and dropping him on their
newsserver facility from a great height?
Meanwhile, what did *your* branch of "the Usenet community" do about
PSI? Did Netcom's CEO call up PSI's, and say "Yo, Bill! We're
getting re-e-a-lly tired of all the spam you're stuffing in our feed"?
Did Netcom, or any other big ISP, say "To Hell with them!", and just
alias out pubxfer.news.psi.net?
Or was it your squad of the Usenet Beautification Team who sat back and
gave their "tacit approval"?
>Part of any UDP announcement should be a profound apology to the Usenet
>community for applying a double standard to this situation and letting it
>go so long.
You mean, like:
"We sincerely apologize for believing that people with tens of
millions of dollars invested in infrastructure, and years of
experience managing networks, might have a better perspective on
what's needed for the long-term health of Usenet than some doofus
who just popped a tenner for a 'Make Munny Fast on the Internet'
pamphlet. We were foolish to think they might have more integrity
than a pack of half-starved hyenas, and promise that, henceforth,
*every*one trying to make money from the Net will be treated as
shortsighted, blood-sucking leeches who would strip-mine their
own mothers' vegetable gardens, until proven* otherwise."
>While you plan this action please look at the stats and pay attention to
>another rather huge challenger of PSI which has been in a large upward spam %
>trend for about 4 months now.
Heck, why wait? Do 'em both at once, with the same pseudo-site for
the cancels. Let 'em spam each other into oblivion, while the rest of
the net watches...
Ran
* Should we go for "beyond a reasonable doubt" here? Or just stick to
"preponderance of evidence"?
Lysander Spooner
> Any with information regarding attempts to UPD a given site should
>file a complaint with the US Federal Trade Commission at:
>
> http://www.ftc.com/
>
> They have a very handy online complaint form--please submit any
>related posts or email with full headers.
Thanks for the info. I just went and turned myself in.
I'm waiting for them to come and drag me away.
-- Rick
------------
** Thanks for the _eight thousandth repeat_ of the info... **
Chris Lewis
} On 26 Oct 1998 14:39:51 -0600, bu...@freebsd.netcom.com (Mark
} Hittinger) wrote:
} >I am not opposing UDP's Jeffrey. Even when it was going to be Netcom's turn
} >I was trying to get a set of fair rules nailed down so that things could be
} >efficiently handled. Another example, when it was MCI2000's turn I did not
} >state that MCI2000 should not be UDP'ed, but instead asked why PSI was being
} >given a pass. That question is still on the table.
} Couldn't you have said it that way in the first place, rather than
} accuse us grunts of corruption? I hope I answered this adaquately in
} my previous message.
PSI is a really annoying case. It's run at least 4 or 5 cycles between "as good as
Primenet/EROLS or anyone else at LARTing spammers" (ie: back in the Jef Slaton
wars) through "indistinguishable from AGIS before they were reborn". They've been
partially UDP'd once, and then reformed. And then slid. And then around it goes
again through reorgs/buyouts/etc. etc. etc....
I've not been tracking them of late - I was under the impression that their problem
was primarily Gartman, and I thought that had been fixed. Oh well...
I'm sure that a full bore UDP would produce results, but, I'm afraid that their track
record is that it simply won't stick for more than a couple of months. That's one
of the frustrations with them - good chance that a UDP wouldn't make any long term
difference.
} >I am trying to oppose and expose the unfair way that UDP's are implemented.
} >By making the process fair and provider blind a unified front will be
} >presented to managements. Any other anti-abuse techniques that you
} >guys care to implement must also be process fair and provider blind if you
} >want them to succeed over the long haul. If a provider perceives an
} >exception is being made, if a spammer perceives an exception is being made,
} >then the ultimate mess to be cleaned up will be far worse, i.e. PSI. You
} >guys are only harming yourselves and Usenet with this double standard BS.
} Cogent points, fairly stated.
Agreed.
} Who are you and what have you done with Mark?
I wish he'd do the latter more often than the former. Sigh.
} >After some arguments we've now gotten the UDP process to be mostly fair with
} >a good level of consensus and things like the 5 day notice period. What I am
} >attacking now (and have been attacking for several months) is the necessity
} >for the process to also be provider blind. Right now it isn't. Almost nobody
} >mails me to tell me I'm wrong about this one anymore. Lets go ahead and get
} >over this hump - lets make our efforts and standards provider blind - then lets
} >enforce things across the board (or not enforce them at all).
} While I still feel that a certain amount of subjective "wiggle-room"
} needs to be built into the system, I agree that some sort of
} standardization of thresholds and trigger-points would be a Good
} Thing -- as guidelines.
} The reason we shouldn't let raw numbers be the _sole_ determinant of a
} UDP is that it gives the determined spammer a potential weapon against
} a provider he wants to stick it to. Once you draw a firm line, the
} bastards will find some way of nudging even the most vigilent provider
} over it with a concerted attack. We mustn't give them that power.
Much as I'd like to have pure raw numbers as a primary characteristic, entirely
aside from the attack scenario, is that it doesn't give us any other wiggle room
in what we know about the provider, it's size etc. Further, I don't think we can
come up with a set of objective raw numbers criteria that will trigger, say, a
vote process fast enough to be effective. Much as we're having problems coming
up with an objective definition for spew. Maybe we have to have Seth work on it
for a while ;-)
The situation with the RBL is the same. Pure numbers aren't enough.
Mark, do you have any suggestions? I'm all ears.
--
For more information on spam, see http://spam.abuse.net/spam
Fight spam, support Rep. Chris Smith's TCPA extension: http://www.cauce.org
Cameron Kaiser
>(must've missed Netcom's apology for the months of spamming leading up
>to their near UDP)
So did I. Can someone repost it? I heard it was funny.
--
Cameron Kaiser * cdkaiser.cris@com * powered by eight bits * operating on faith
-- supporting the Commodore 64/128: http://computerworkshops.home.ml.org/ --
head moderator comp.binaries.cbm * cbm special forces unit $ea31 (tincsf)
personal page http://calvin.ptloma.edu/~spectre/ * "when in doubt, take a pawn"
ISP_Ratings
-
-bou...@alt.net (ISP_Ratings) wrote:
-
-> Any with information regarding attempts to UPD a given site should
->file a complaint with the US Federal Trade Commission at:
->
-> http://www.ftc.com/
->
-> They have a very handy online complaint form--please submit any
->related posts or email with full headers.
-
-Thanks for the info. I just went and turned myself in.
-
-I'm waiting for them to come and drag me away.
It's the owners and those employees of owners of ISPs acting
on their behalf that have to be worried.
Steve
news.admin.censorship
-
--- Rick
-------------
Mark Hittinger
>Mark, do you have any suggestions? I'm all ears.
Stop giving certain providers 8 months, or give all providers 8 months.
Ban active UDP's on providers who rank below larger spam output sites based on
a time series. Without passive UDP's you guys can really only do one at a
time. If you go after the current "public enemy #1" and succeed, then you
will eventually reach into who was #4 or #5 at the time. If you cannot
succeed with #1 then don't try to active UDP #4 or #5.
Both of the above can be simplified into the concept of fairness. What is
fair will receive stronger support and broader support. You guys really
haven't got much non-anonymous public opposition because of the personal cost
of coming in here to raise issues.
I know that my debate techniques rile some of you. I want to break through
the barriers and get you to think. Why? Because you are doing things that
do damage ordinary (or peripherally involved) people. Active UDP's do a lot
of collateral damage and it lingers, so the responsibility level for using
them should be very high.
PSI must SOON be taken to the announcement phase of UDP with good consensus
stats and a good description of what is wanted. If we need to filter the NNTP
port at the POP level then lets make that demand. I very much believe that PSI
will accomodate the internet before the UDP could start. Of course, we'd have
to monitor closely to make sure that the changes were sticking, that middle
management finally realizes there isn't a compromise position. Line level
employees will someday be challenged by new sales people wanting to implement
something which would lead to more spam. If the target middle management
fears real marketplace punishment then it will be easier for line level
employees to keep a lid on any backsliding.
(Don't wait too much longer because the holidays are upon us and it will be
harder to get the right mindsets in place).
Once this episode is over then everyone will have to roll up their sleeves
and get ready to address the next up-and-coming #1 (or drop the whole thing
and enjoy a great holiday season).
Regards,
Mark Hittinger
ICGNetcom/DallasOps
nc0...@freebsd.netcom.com
Cameron Kaiser
>Thanks for the info. I just went and turned myself in.
>I'm waiting for them to come and drag me away.
Come on, Rick, the least you could have done is let Repsis sue you first.
*Then* you go to the Feds. ;-)
Don Juneau
<newsgroups Bump'inated>
On Tue, 27 Oct 1998, ISP_Ratings wrote:
> how...@connectnet.com (Howard Knight) wrote:
> -
> -You may have noticed that we have not imposed a UDP on PSI or
> -several other providers also deserving a UDP. We intend to rectify this
> -situation as soon as possible. We apologize for any inconvenience and
> -thank you for your continued patronage.
>
> Any with information regarding attempts to UPD a given site should
> file a complaint with the US Federal Trade Commission at:
>
>
> They have a very handy online complaint form--please submit any
> related posts or email with full headers.
>
> Steve
> news.admin.censorship
Remember, folks, that Steve "Speedbump" Boursy asked you to "submit *any*
related posts or email with full headers" (emphasis mine) to the FTC.
Please CC: in 'Bumpy when you forward each and every article of spam from
the proposed-UDP target, so that he knows what a good job you're doing...
Thank you,
OoozeNyet Management
Cameron Kaiser
>Stop giving certain providers 8 months, or give all providers 8 months.
With certain providers, though, there's more at hand than LARTing a solitary,
backwards newsadmin. It would take less time for billyjoebobsbaitnisp.com to
clean up their act than bigfreakingnationwideprovider.com to do the same.
I think some consideration has to be given to the size of the operation at
least, as long as (and I think this is what you're really getting at)
favouritism isn't getting in the mix.
>Ban active UDP's on providers who rank below larger spam output sites based on
>a time series. Without passive UDP's you guys can really only do one at a
>time. If you go after the current "public enemy #1" and succeed, then you
>will eventually reach into who was #4 or #5 at the time. If you cannot
>succeed with #1 then don't try to active UDP #4 or #5.
Yeah, but again, size has to be a factor in fair ranking. A larger operation is
necessarily going to be higher up the scale than a smaller one simply because
there's going to be a larger number of rogue users. I would like a ranking
based on percentages of spam posts over total outgoing. (*Is* there such a
ranking scheme?) If so, #1 on *that* should be always on people's hit list.
>Both of the above can be simplified into the concept of fairness. What is
>fair will receive stronger support and broader support. You guys really
>haven't got much non-anonymous public opposition because of the personal cost
>of coming in here to raise issues.
I'm not sure what you mean by 'personal cost'.
>I know that my debate techniques rile some of you. I want to break through
>the barriers and get you to think. Why? Because you are doing things that
>do damage ordinary (or peripherally involved) people. Active UDP's do a lot
>of collateral damage and it lingers, so the responsibility level for using
>them should be very high.
No one argues with that. It's a lot of work too, after all. Why would the
anti-spam brigade want to start one up indiscriminately? I think a lot of
the talk about one is just talk until the heavy hitters who can do something
about it get involved, and they think along the same lines you are.
... snip ...
>Once this episode is over then everyone will have to roll up their sleeves
>and get ready to address the next up-and-coming #1 (or drop the whole thing
>and enjoy a great holiday season).
Well, holidays or not, at least the issue gets addressed in one form or
another.
David Owen-Cruise
>cle...@ferret.ocunix.on.ca (Chris Lewis) writes:
>>Mark, do you have any suggestions? I'm all ears.
>
>a time series. Without passive UDP's you guys can really only do one at a
>time. If you go after the current "public enemy #1" and succeed, then you
>will eventually reach into who was #4 or #5 at the time. If you cannot
>succeed with #1 then don't try to active UDP #4 or #5.
>
going to be the #1 spam source. There needs to be a minimum threshold.
Second, I've seen no one who advocates using an active UDP as the primary tool
of spam control. They get called for when an ISP has a spam problem which is
out of control and they're not responding to it. In that vein, you're less
likely to see a UDP against a site experiencing a large number of one time
runs than you are against a site with a small number of fixed high output
spammers.
>Both of the above can be simplified into the concept of fairness. What is
>fair will receive stronger support and broader support. You guys really
>haven't got much non-anonymous public opposition because of the personal cost
>of coming in here to raise issues.
>
If the opposition isn't willing to put up with getting mailbombed by spammers,
cancelled, called Net Nazis, and accused of being on the take, then they
aren't as committed as we are, are they?
>I know that my debate techniques rile some of you. I want to break through
>the barriers and get you to think. Why? Because you are doing things that
>do damage ordinary (or peripherally involved) people. Active UDP's do a lot
>of collateral damage and it lingers, so the responsibility level for using
>them should be very high.
>
Your debate techniques rile me because they make you sound like a paranoid
conspiracy theorist.
As far as I can see, the reason a UDP for PSI hasn't been a popular idea is
because nobody wants to go through the collateral damage involved when they
know PSI is going to do just enough to squeak out, and then backslide again.
So, do you have any bright ideas on how to get PSI to stay on the ball?
[snip]
--
David Owen-Cruise
If these were my employer's opinions, I'd be wearing a tie.
Chris Lewis
} cle...@ferret.ocunix.on.ca (Chris Lewis) writes:
} >Mark, do you have any suggestions? I'm all ears.
We're not. It's based on perceptions of a whole pile of interrelated things
and personal readiness to act. It's real world: "will it work?", "would it be
doing more damage than it will cure?", "are they already working on something?"
not ones and zeros. A lot of the issue relative to PSI is flavoured with the
perceptions I have gotten from them from better times. And a natural reluctance
to do "that" again.
UDPs ain't fun. For the UDPer as well as the UDPee.
} Ban active UDP's on providers who rank below larger spam output sites based on
} a time series. Without passive UDP's you guys can really only do one at a
} time. If you go after the current "public enemy #1" and succeed, then you
} will eventually reach into who was #4 or #5 at the time. If you cannot
} succeed with #1 then don't try to active UDP #4 or #5.
}
} Both of the above can be simplified into the concept of fairness. What is
} fair will receive stronger support and broader support. You guys really
} haven't got much non-anonymous public opposition because of the personal cost
} of coming in here to raise issues.
You forget the personal cost in implementing an active UDP. We're not hipcrime,
who can sling 100s of thousands of random cancels around with (so far) impunity.
} I know that my debate techniques rile some of you. I want to break through
} the barriers and get you to think. Why? Because you are doing things that
} do damage ordinary (or peripherally involved) people. Active UDP's do a lot
} of collateral damage and it lingers, so the responsibility level for using
} them should be very high.
And our personal reluctance to do them are _also_ very high. Sure, an entirely
objective heuristic procedure could be developed, but _that_ isn't fair either.
} PSI must SOON be taken to the announcement phase of UDP with good consensus
} stats and a good description of what is wanted. If we need to filter the NNTP
} port at the POP level then lets make that demand. I very much believe that PSI
} will accomodate the internet before the UDP could start. Of course, we'd have
} to monitor closely to make sure that the changes were sticking, that middle
} management finally realizes there isn't a compromise position. Line level
} employees will someday be challenged by new sales people wanting to implement
} something which would lead to more spam. If the target middle management
} fears real marketplace punishment then it will be easier for line level
} employees to keep a lid on any backsliding.
} (Don't wait too much longer because the holidays are upon us and it will be
} harder to get the right mindsets in place).
} Once this episode is over then everyone will have to roll up their sleeves
} and get ready to address the next up-and-coming #1 (or drop the whole thing
} and enjoy a great holiday season).
You're quite right. This one _should_ have been done earlier. And I recommend that
it's taken directly to announcement stage within a day or two.
Joe Greco
:cle...@ferret.ocunix.on.ca (Chris Lewis) writes:
:>Mark, do you have any suggestions? I'm all ears.
:
:Stop giving certain providers 8 months, or give all providers 8 months.
:Ban active UDP's on providers who rank below larger spam output sites based on
:time. If you go after the current "public enemy #1" and succeed, then you
:will eventually reach into who was #4 or #5 at the time. If you cannot
:succeed with #1 then don't try to active UDP #4 or #5.
:
:Both of the above can be simplified into the concept of fairness. What is
:fair will receive stronger support and broader support. You guys really
:haven't got much non-anonymous public opposition because of the personal cost
:of coming in here to raise issues.
Mark,
I don't think anybody disagrees with "fairness".
The problem is, there is no Cabal to assign someone to the job of being
fair.
I got pissed at continuing spam levels from Netcom one day, and I initiated
the Netcom UDP proposal, whenever that was. I didn't really care if Netcom
had had more or less time than another provider to clean up their act.
Maybe I was just crabby or had a bad day, but Netcom was clearly in the
wrong and so I called for a UDP.
I suspect most of the other UDP proposals started in a similar manner. Spam
cancellers or users get irritated with continuing nonresponsiveness or poor
handling. Someone proposes. People either ignore it or jump on the band-
wagon.
It might be interesting to encourage the development of some new tools or
reports that could be involved in a more "fair" system. Spam Hippo's
reports are available. Andrew Gierth puts together some useful reports
too. What do we need to do to go further than this?
The floor is open.
... JG
Joe Greco
:bu...@freebsd.netcom.com (Mark Hittinger) writes:
:>Stop giving certain providers 8 months, or give all providers 8 months.
:
:With certain providers, though, there's more at hand than LARTing a solitary,
:backwards newsadmin. It would take less time for billyjoebobsbaitnisp.com to
:clean up their act than bigfreakingnationwideprovider.com to do the same.
:I think some consideration has to be given to the size of the operation at
:least, as long as (and I think this is what you're really getting at)
:favouritism isn't getting in the mix.
I'm not sure that is a good idea.
I handle Usenet news for something over 100,000 users, and I haven't seen
any reason to believe that it is much more difficult to take measures to
handle abuse for this number of users than it is to handle it for a hundred.
If we want to talk about the politics of change in a 100,000-user ISP, then
I would even submit that the threat of a UDP is probably a great way to get
the wheels moving, and I can imagine that for a larger ISP, those even more
slowly grinding wheels could be sped up substantially by the threat of a
UDP.
... JG
Cameron Kaiser
>I handle Usenet news for something over 100,000 users, and I haven't seen
>any reason to believe that it is much more difficult to take measures to
>handle abuse for this number of users than it is to handle it for a hundred.
>If we want to talk about the politics of change in a 100,000-user ISP, then
>I would even submit that the threat of a UDP is probably a great way to get
>the wheels moving, and I can imagine that for a larger ISP, those even more
>slowly grinding wheels could be sped up substantially by the threat of a
>UDP.
I was more getting at operations handled by more than one newsadmin. I'm also
trying to give the benefit of the doubt to those who genuinely want to clean
up but have to go through the standard channels. Maybe I'm being a little
too naive about that :-)
Doug Mackall
cle...@ferret.ocunix.on.ca says...
>} >Mark, do you have any suggestions? I'm all ears.
<snip lotta stuff that I wish I'd said>
>} I know that my debate techniques rile some of you. I want to break through
>} the barriers and get you to think. Why? Because you are doing things that
>} do damage ordinary (or peripherally involved) people. Active UDP's do a lot
>} of collateral damage and it lingers, so the responsibility level for using
>} them should be very high.
>
>And our personal reluctance to do them are _also_ very high. Sure, an entirely
>objective heuristic procedure could be developed, but _that_ isn't fair either.
Anything based on raw numeric data or other 'line in the sand' kind of
thing, is a bad idea for purely subjective reasons.
I, for one, do *not* want to be forced to UDP *anyone*, which is what
would happen in this scenario.
It's one thing to place a limit on who *can't* be UPDed, it's quite
another to attempt to force me and the few others involved to UDP an ISP
because of, "Bob" help me, Consensus..
No despammer *has* to cancel BI 20 spam.
I don't go after all of it that I see, nor does anyone other than
Roadkill AFAIK.
UDPs are the Choice of Last Resort, when all else has failed.
The more formalised, and ultimately the more routine they become, the
less effective the are.
There have been other arguments against this idea as well, but from my
point of view this affects me on a personal level and therefore is the
most important consideration.
<snip>
>
>} (Don't wait too much longer because the holidays are upon us and it will be
>} harder to get the right mindsets in place).
>
>} Once this episode is over then everyone will have to roll up their sleeves
>} and get ready to address the next up-and-coming #1 (or drop the whole thing
>} and enjoy a great holiday season).
>
>You're quite right. This one _should_ have been done earlier. And I recommend that
>it's taken directly to announcement stage within a day or two.
Agreed.
--
Check out the UUNet Parody site:
http://www.sputum.com/uunot/index.html
SubGenius Police, Usenet Tactical Unit (Mobile), aka S.P.U.T.U.M.
Unit C: "Thou Shalt Not Pass Light Speed!"
The Eternally Recondite Master Interdictor, Network Attack Legion(TERMINAL)
http://www.sputum.com/
Mark Hittinger
>I don't think anybody disagrees with "fairness".
>The problem is, there is no Cabal to assign someone to the job of being
>fair.
I have noted your silence on PSI in the groups. I have noted that you did
not send email to the peers of PSI recommending that they discontinue peering
with PSI. I have noted that you have not made public an estimate of the cost
to sol.net that PSI spam has generated over the last 8 months. It would be
helpful for me to have that number in order to compare it with your estimate
of how much Netcom spam had cost you.
Fairness cannot be delegated to a group.
Fairness is going to have to come from each of you as a matter of personal
responsibility. If you step up to the podium and elect yourself then you
have a personal burden to be fair. This is a moral imperative if you are
going to castigate evil providers from the lofty peaks of goodness.
If enough of you are fair, then the actions of the consensus will be fair.
If the actions of the consensus are perceived to be fair, then there will
be strong support. With strong support, #4, #5, #6 etc will roll over quicker.
The fact is, that the actions of the consensus have not been fair to date
because each self elected person involved has not accepted their personal
responsibility to be fair, unpartial, and unbiased. Damage is being done
and the need for a lot more fairness is obvious.
If we cannot be fair, if we have to blame the committee, then the weapon
needs to be taken away and the podium needs to be torn down.
We can go through each one of these episodes, from the lupen incident going
forward, and find things to do better the next time. The mistake in this
episode is unfairness.
No more passes for favored providers.
Regards,
Mark Hittinger
ICGNetcom/DallasOps
bu...@freebsd.netcom.com
Chris Lewis
> >I don't think anybody disagrees with "fairness".
> >The problem is, there is no Cabal to assign someone to the job of being
> >fair.
> I have noted your silence on PSI in the groups. I have noted that you did
> not send email to the peers of PSI recommending that they discontinue peering
> with PSI. I have noted that you have not made public an estimate of the cost
> to sol.net that PSI spam has generated over the last 8 months. It would be
> helpful for me to have that number in order to compare it with your estimate
> of how much Netcom spam had cost you.
I'm sorry, but this is ludicrous to demand that everyone, even those who
don't participate in a UDP (Joe didn't), do and say exactly the same
thing each and every time a UDP is proposed in order to be considered
fair.
What next? Byte quotas in discussions? "I'm sorry, you're over quota,
proposal fails".... Yeah right.
Each and every one of us participating in a UDP _has_ assumed
responsibility to be fair, by trying to contact the UDP in question to
assist them, assisting them before, during and after UDPs, publishing
statistics, assuming the duty of posting warnings, soliciting consensus,
publishing our names in the cancels and other reports, etc. If we're
not fair, the courts or our ISPs or our upstreams or our employers will
settle it in ways that I assure you we'd find most unfortunate. Our
asses are already on the line here. And frankly, because our asses
_are_ on the line, maundering on about fairness is pointless and
insulting. It is already as fair as we can make it, as modified
by suggestions from others.
The situation behind each UDP is radically different. And speaking of
different and "fairness", we have a serious problem with a full-bore UDP
of PSI based on PSI dialups (which is the primary factor here). And
that is what to do about PSI's customer ISPs who do an _extremely_ good
job at anti-spam, but suffer because of PSI's problems. This wasn't a
particular factor at UUNET, because most of their customers were only
marginally effective at controlling spam, and the UDP targetting was
based on originating server not NNTP-Posting-Host.
It wasn't a factor with Netcom, Tiac or Compuserve, because they own
their own dialup pools, only their own customers were using them, and
_they_ were the problem.
Amongst other customers of PSI, there is Mindspring, Primenet and
Earthlink.
Certainly, due to the abject failure of Hayes's rate limiter to control
high volumes of Usenet spam coming out of Earthlink (let's not even go
into the screwed up abuse reporting systems at Earthlink), implicitly
including Earthlink customers using PSI POPs in the UDP (by not
excluding postings originating on Earthlink news servers) seems both
fair and reasonable.
Some of the other names mentioned to me were sites I'm not familiar
with, which probably means that they've not been a problem in the past
several years. It would be unfair to include them if they're not a
problem. It would be unfair to exclude them if they are. I don't know.
Do you? It's not even determinable, because we can't tell whose
customer it is unless PSI tells us. And PSI isn't responding in any
useful fashion at all.
However, Mindspring and Primenet are 2 of the top anti-spam ISPs on the
planet with the most effective and quick spammer LARTs in the business.
At least Mindspring has gone to the extent of requiring authentication
to use their news servers. Primenet was the first to get good at it
years ago. Mindspring followed shortly thereafter. Both started out by
writing spam detector software I wrote and made available to them -
there's another example of _responsibility_.
Clobbering postings that originate on Primenet's or Mindspring's
servers, simply because they originate on PSI dialups would be both
manifestly unfair, but downright stupid and counterproductive, despite
the opinion of some that it could lend additional pressure on PSI to
include them. The collateral damage, especially to the whole notion of
UDPs, would probably be irrepairably damaged. Even if the UDP worked.
Well Mark? What's fair? What should we do? Include 'em all? Select
some? Exclude only Primenet and Mindspring? Each alternative is unfair
to someone somehow.
If we take a few days discussing this, aren't we unfair and capricious
by delaying the 5 day notice?
Some days you can't win. Grumble mutter.
Chris Lewis
Jeffery J. Leader
>It wasn't a factor with Netcom, Tiac or Compuserve, because they own
>their own dialup pools, only their own customers were using them, and
>_they_ were the problem.
However, with Netcom there was the analogous issue of the relatively
spamfree ixers (*@ix.netcom.com), who wanted to be exempted, and the
more problematic netcommies (*@netcom.com). IIRC the decision was
made to get all of them, and it was acknowledged that by and large
this wasn't fair to the ixers.
>Mindspring followed shortly thereafter. Both started out by
>writing spam detector software I wrote and made available to them -
>there's another example of _responsibility_.
MindSpring continues to filter spam too--as well as misplaced bianries
and HTML. They are decidely proactive. (In case anyone reading this
isn't clear, I am not a MindSpring employee.) They use not only PSI
POPs but have gridnet ones too. The network is something of a mess...
>What's fair? What should we do? Include 'em all? Select
>some? Exclude only Primenet and Mindspring? Each alternative is unfair
>to someone somehow.
Yup. I feel that including MindSpring (for example) is consistent
with past discussions (and I should note that some MindSpringers will
have back-up gridnet numbers available, for example) but is clearly
unfair. While it may help put pressure on PSI I do agree that it
could have a negative effect on credibility. I also am not sure what
technical issues are involved here (as far as the mechanics of
detection during the UDP); as indicated, PSI has not been very
forthcoming about what is being used (exclusively) by whom.
Beats me. The case of entities like PSI and UUNet, which are so
widely used by others for various purposes, seems somewhat unique to
me...
Andrew Gierth
Jeffery> However, with Netcom there was the analogous issue of the
Jeffery> relatively spamfree ixers (*@ix.netcom.com), who wanted to
Jeffery> be exempted, and the more problematic netcommies
Jeffery> (*@netcom.com).
Wrong way round... the spamming was almost exclusively from the IXers.
--
Andrew.
Chris Lewis
According to Jeffery J. Leader <JeffL...@MindSpring.com>:
> cle...@ferret.ocunix.on.ca (Chris Lewis) wrote:
> >It wasn't a factor with Netcom, Tiac or Compuserve, because they own
> >their own dialup pools, only their own customers were using them, and
> >_they_ were the problem.
> However, with Netcom there was the analogous issue of the relatively
> spamfree ixers (*@ix.netcom.com), who wanted to be exempted, and the
> more problematic netcommies (*@netcom.com). IIRC the decision was
> made to get all of them, and it was acknowledged that by and large
> this wasn't fair to the ixers.
You have this the wrong way around (as Andrew noted), and it's worth noting
that the @netcom.com group was quite small (~10,000?) relative to the ixers.
That has to factor in too. @netcom.com had some problems of their own too
with the same lackadasical abuse response from netcom - but simply dwarfed
by the sheer volume out of the ixers. The only real difference between the
two populations was that the @netcom.com people screamed a lot at netcom.
> >Mindspring followed shortly thereafter. Both started out by
> >writing spam detector software I wrote and made available to them -
^^^^^^^ "using". Oops.
> >there's another example of _responsibility_.
> >What's fair? What should we do? Include 'em all? Select
> >some? Exclude only Primenet and Mindspring? Each alternative is unfair
> >to someone somehow.
> Yup. I feel that including MindSpring (for example) is consistent
> with past discussions (and I should note that some MindSpringers will
> have back-up gridnet numbers available, for example) but is clearly
> unfair. While it may help put pressure on PSI I do agree that it
> could have a negative effect on credibility.
I'm quite sure that it would be pretty catastrophic if even the best two
sites on the net get nuked in the collateral damage. Depends on how the
players play their cards. I saw some mutterings out of someone at Mindspring
(_not_ Jan), that suggests that their management level wouldn't be very
sympathetic. In that way lies disaster. Perhaps, rather than starting a 5
day countdown on PSI, we should be utilizing our contacts at Mindspring and
Primenet to put the screws on PSI. Mind you, when Mindspring took over the PSI
retail dialup customers, Mindspring's screaming at PSI didn't do anyone any
good either - Mindspring couldn't even get PSI to fix their abuse reporting
address to point at the right place.
Oh for the good old days when PSI was actually quite good at spam larting.
> I also am not sure what
> technical issues are involved here (as far as the mechanics of
> detection during the UDP); as indicated, PSI has not been very
> forthcoming about what is being used (exclusively) by whom.
With UUNET, it was pretty simple - it was their servers causing the problem,
so we could target their servers _only_, and sharing with other UUNET customers
wasn't an issue. Here, the targetting of necessity (unless we exclusively
focussed on psinntp/psixfer - is this useful? I dunno) is via
NNTP-Posting-Host. Netcom was by server. They've all been by originating
server til this proposal.
Given targetting by NNTP-Posting-Host, a Primenet/Mindspring exclusion
would be by excluding stuff that originated on their servers.
Dealing with a UDP of PSI is damned complicated. This is in part why it
hasn't been UDP'd before.
Jeffery J. Leader
>Wrong way round... the spamming was almost exclusively from the IXers.
"Ooops." Thanks. I should have used shellers vs. non-shellers I
guess...I had which one used the shell accounts backwards.
David Ritz
On 28 Oct 1998, Chris Lewis wrote:
: Some of the other names mentioned to me were sites I'm not familiar
: with, which probably means that they've not been a problem in the past
: several years. It would be unfair to include them if they're not a
: problem. It would be unfair to exclude them if they are. I don't know.
: Do you? It's not even determinable, because we can't tell whose
: customer it is unless PSI tells us. And PSI isn't responding in any
: useful fashion at all.
This sounds like my cue to produce some stats. I based my search
criteria on news servers I know are currently being abuse by the
Gartman/Stemple operation, primarily from the PSINet Fort Worth
PoP.
When looking at the Earthlink stats, please bear in mind that
those abusing their servers are doing so from a variety of sources
other than PSINet modem banks.
I can't claim that this compilation complete. I've only included
those news servers which have appeared in my Gartman/Stemple
reports, within the past week or so.
IDT was missed in my initial query. Rather than adding them where
they belong, I've simply left them at the end of each group of
stats.
===========================================================================
October statistics for nine news servers currently being abused by
the Gartman/Stemple operation, primarily out of PSINet's Fort
Worth PoP.
===========================================================================
Daily Cancelled Spam Statistics, courtesy of Andrew Gierth
(see news.admin.net-abuse.bulletins)
Date Count Source
===========================================================================
19981001.scs: 3398 [news.carolina.net]!*
19981001.scs: 2410 pubxfer.news.psi.net!*
19981001.scs: 1485 news*.abac.com!*
19981001.scs: 369 interramp.com!*
19981001.scs: 302 news.realnews.net!207.226.241.101!*
19981001.scs: 3238 nntp.earthlink.net!
19981001.scs: 296 @news*.abac.com
19981001.scs: 3398 in2.uu.net![news.carolina.net]!*
19981001.scs: 3238 nntp.earthlink.net![posted-from-earthlink]!*
19981001.scs: 2410 psinntp!pubxfer.news.psi.net!*
19981001.scs: 1242 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981001.scs: 369 psinntp!interramp.com!*
19981001.scs: 302 news.tsoft.net!news.realnews.net!207.226.241.101!*
19981001.scs: 243 newsfeed.internetmci.com!208.137.248.9!news1.abac.com!*
19981001.scs: 157 newsfeeder.triton.net!news1.triton.net!*
19981002.scs: 1492 news*.abac.com!*
19981002.scs: 329 pubxfer.news.psi.net!*
19981002.scs: 304 [news.carolina.net]!*
19981002.scs: 2879 nntp.earthlink.net!
19981002.scs: 903 pubxfer.news.psi.net!
19981002.scs: 334 @news*.abac.com
19981002.scs: 2878 nntp.earthlink.net![posted-from-earthlink]!*
19981002.scs: 1469 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981002.scs: 878 pubxfer.news.psi.net!news.fordham.edu!*
19981002.scs: 329 psinntp!pubxfer.news.psi.net!*
19981002.scs: 304 in2.uu.net![news.carolina.net]!*
19981002.scs: 90 psinntp!interramp.com!*
19981002.scs: 60 newsfeeder.triton.net!news1.triton.net!*
19981003.scs: 1007 pubxfer.news.psi.net!*
19981003.scs: 219 news*.abac.com!*
19981003.scs: 623 nntp.earthlink.net!
19981003.scs: 187 pubxfer.news.psi.net!
19981003.scs: 1007 psinntp!pubxfer.news.psi.net!*
19981003.scs: 623 nntp.earthlink.net![posted-from-earthlink]!*
19981003.scs: 219 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981003.scs: 182 pubxfer.news.psi.net!news.fordham.edu!*
19981004.scs: 3208 news*.abac.com!*
19981004.scs: 1562 pubxfer.news.psi.net!*
19981004.scs: 583 [news.carolina.net]!*
19981004.scs: 492 interramp.com!*
19981004.scs: 4322 nntp.earthlink.net!
19981004.scs: 805 pubxfer.news.psi.net!
19981004.scs: 309 newsfeeder.triton.net!
19981004.scs: 1092 @news*.abac.com
19981004.scs: 4320 nntp.earthlink.net![posted-from-earthlink]!*
19981004.scs: 3187 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981004.scs: 1562 psinntp!pubxfer.news.psi.net!*
19981004.scs: 801 pubxfer.news.psi.net!news.fordham.edu!*
19981004.scs: 583 in1.uu.net![news.carolina.net]!*
19981004.scs: 492 psinntp!interramp.com!*
19981004.scs: 309 newsfeeder.triton.net!news1.triton.net!*
19981005.scs: 2354 news*.abac.com!*
19981005.scs: 1967 pubxfer.news.psi.net!*
19981005.scs: 3913 nntp.earthlink.net!
19981005.scs: 3913 nntp.earthlink.net![posted-from-earthlink]!*
19981005.scs: 2335 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981005.scs: 1967 psinntp!pubxfer.news.psi.net!*
19981006.scs: 2047 news*.abac.com!*
19981006.scs: 1835 pubxfer.news.psi.net!*
19981006.scs: 4039 nntp.earthlink.net!
19981006.scs: 199 newsfeeder.triton.net!
19981006.scs: 396 @news*.abac.com
19981006.scs: 4039 nntp.earthlink.net![posted-from-earthlink]!*
19981006.scs: 2040 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981006.scs: 1835 psinntp!pubxfer.news.psi.net!*
19981006.scs: 199 newsfeeder.triton.net!news1.triton.net!*
19981007.scs: 1897 pubxfer.news.psi.net!*
19981007.scs: 1728 news*.abac.com!*
19981007.scs: 563 [news.carolina.net]!*
19981007.scs: 4519 nntp.earthlink.net!
19981007.scs: 4518 nntp.earthlink.net![posted-from-earthlink]!*
19981007.scs: 1897 psinntp!pubxfer.news.psi.net!*
19981007.scs: 1721 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981007.scs: 563 in1.uu.net![news.carolina.net]!*
19981007.scs: 235 pubxfer.news.psi.net!news.fordham.edu!*
19981008.scs: 2589 pubxfer.news.psi.net!*
19981008.scs: 888 news*.abac.com!*
19981008.scs: 3745 nntp.earthlink.net!
19981008.scs: 394 pubxfer.news.psi.net!
19981008.scs: 3745 nntp.earthlink.net![posted-from-earthlink]!*
19981008.scs: 2564 psinntp!pubxfer.news.psi.net!*
19981008.scs: 888 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981008.scs: 379 pubxfer.news.psi.net!news.fordham.edu!*
19981009.scs: 3096 pubxfer.news.psi.net!*
19981009.scs: 2324 news*.abac.com!*
19981009.scs: 1596 [news.carolina.net]!*
19981009.scs: 716 interramp.com!*
19981009.scs: 460 news*.triton.net!*
19981009.scs: 2991 nntp.earthlink.net!
19981009.scs: 783 pubxfer.news.psi.net!
19981009.scs: 460 newsfeeder.triton.net!
19981009.scs: 693 @news*.abac.com
19981009.scs: 3046 psinntp!pubxfer.news.psi.net!*
19981009.scs: 2991 nntp.earthlink.net![posted-from-earthlink]!*
19981009.scs: 2324 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981009.scs: 1596 in1.uu.net![news.carolina.net]!*
19981009.scs: 716 psinntp!interramp.com!*
19981009.scs: 593 pubxfer.news.psi.net!news.fordham.edu!*
19981009.scs: 460 newsfeeder.triton.net!news1.triton.net!*
19981010.scs: 4712 pubxfer.news.psi.net!*
19981010.scs: 3773 [news.carolina.net]!*
19981010.scs: 2753 news*.abac.com!*
19981010.scs: 1160 interramp.com!*
19981010.scs: 4341 nntp.earthlink.net!
19981010.scs: 403 pubxfer.news.psi.net!
19981010.scs: 4701 psinntp!pubxfer.news.psi.net!*
19981010.scs: 4341 nntp.earthlink.net![posted-from-earthlink]!*
19981010.scs: 3773 in1.uu.net![news.carolina.net]!*
19981010.scs: 2753 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981010.scs: 1160 psinntp!interramp.com!*
19981010.scs: 336 pubxfer.news.psi.net!news.fordham.edu!*
19981010.scs: 143 newsfeeder.triton.net!news1.triton.net!*
19981011.scs: 4040 pubxfer.news.psi.net!*
19981011.scs: 2598 news*.abac.com!*
19981011.scs: 2547 [news.carolina.net]!*
19981011.scs: 1056 interramp.com!*
19981011.scs: 3856 nntp.earthlink.net!
19981011.scs: 4037 psinntp!pubxfer.news.psi.net!*
19981011.scs: 3856 nntp.earthlink.net![posted-from-earthlink]!*
19981011.scs: 2598 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981011.scs: 2547 in1.uu.net![news.carolina.net]!*
19981011.scs: 1056 psinntp!interramp.com!*
19981011.scs: 258 newsfeeder.triton.net!news1.triton.net!*
19981012.scs: 2947 pubxfer.news.psi.net!*
19981012.scs: 2378 news*.abac.com!*
19981012.scs: 2293 [news.carolina.net]!*
19981012.scs: 1231 interramp.com!*
19981012.scs: 1056 news*.triton.net!*
19981012.scs: 3808 nntp.earthlink.net!
19981012.scs: 1657 pubxfer.news.psi.net!
19981012.scs: 1056 newsfeeder.triton.net!
19981012.scs: 3808 nntp.earthlink.net![posted-from-earthlink]!*
19981012.scs: 2947 psinntp!pubxfer.news.psi.net!*
19981012.scs: 2378 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981012.scs: 2293 in1.uu.net![news.carolina.net]!*
19981012.scs: 1600 pubxfer.news.psi.net!news.fordham.edu!*
19981012.scs: 1231 psinntp!interramp.com!*
19981012.scs: 1056 newsfeeder.triton.net!news1.triton.net!*
19981013.scs: 3004 pubxfer.news.psi.net!*
19981013.scs: 2336 [news.carolina.net]!*
19981013.scs: 1990 interramp.com!*
19981013.scs: 1559 news*.abac.com!*
19981013.scs: 640 news*.triton.net!*
19981013.scs: 5249 nntp.earthlink.net!
19981013.scs: 640 newsfeeder.triton.net!
19981013.scs: 665 @news.south-carolina.net
19981013.scs: 5249 nntp.earthlink.net![posted-from-earthlink]!*
19981013.scs: 3004 psinntp!pubxfer.news.psi.net!*
19981013.scs: 2336 in2.uu.net![news.carolina.net]!*
19981013.scs: 1990 psinntp!interramp.com!*
19981013.scs: 1559 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981013.scs: 640 newsfeeder.triton.net!news1.triton.net!*
19981014.scs: 2629 pubxfer.news.psi.net!*
19981014.scs: 2022 news*.abac.com!*
19981014.scs: 832 [news.carolina.net]!*
19981014.scs: 5788 nntp.earthlink.net!
19981014.scs: 552 pubxfer.news.psi.net!
19981014.scs: 5788 nntp.earthlink.net![posted-from-earthlink]!*
19981014.scs: 2629 psinntp!pubxfer.news.psi.net!*
19981014.scs: 2022 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981014.scs: 551 in1.uu.net![news.carolina.net]!*
19981014.scs: 549 pubxfer.news.psi.net!news.fordham.edu!*
19981014.scs: 281 in2.uu.net![news.carolina.net]!*
19981015.scs: 3877 pubxfer.news.psi.net!*
19981015.scs: 2066 news*.abac.com!*
19981015.scs: 1505 [news.carolina.net]!*
19981015.scs: 530 interramp.com!*
19981015.scs: 520 news*.triton.net!*
19981015.scs: 3837 nntp.earthlink.net!
19981015.scs: 520 newsfeeder.triton.net!
19981015.scs: 3877 psinntp!pubxfer.news.psi.net!*
19981015.scs: 3837 nntp.earthlink.net![posted-from-earthlink]!*
19981015.scs: 2066 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981015.scs: 1505 in1.uu.net![news.carolina.net]!*
19981015.scs: 530 psinntp!interramp.com!*
19981015.scs: 520 newsfeeder.triton.net!news1.triton.net!*
19981015.scs: 209 pubxfer.news.psi.net!news.fordham.edu!*
19981016.scs: 2196 [news.carolina.net]!*
19981016.scs: 1350 pubxfer.news.psi.net!*
19981016.scs: 1301 news*.abac.com!*
19981016.scs: 794 interramp.com!*
19981016.scs: 3501 nntp.earthlink.net!
19981016.scs: 3500 nntp.earthlink.net![posted-from-earthlink]!*
19981016.scs: 2196 in1.uu.net![news.carolina.net]!*
19981016.scs: 1350 psinntp!pubxfer.news.psi.net!*
19981016.scs: 1301 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981016.scs: 794 psinntp!interramp.com!*
19981017.scs: 2170 [news.carolina.net]!*
19981017.scs: 918 pubxfer.news.psi.net!*
19981017.scs: 649 news*.abac.com!*
19981017.scs: 624 interramp.com!*
19981017.scs: 4860 nntp.earthlink.net!
19981017.scs: 4860 nntp.earthlink.net![posted-from-earthlink]!*
19981017.scs: 2170 in1.uu.net![news.carolina.net]!*
19981017.scs: 918 psinntp!pubxfer.news.psi.net!*
19981017.scs: 649 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981017.scs: 624 psinntp!interramp.com!*
19981018.scs: 1490 pubxfer.news.psi.net!*
19981018.scs: 882 news*.abac.com!*
19981018.scs: 508 news*.triton.net!*
19981018.scs: 4664 nntp.earthlink.net!
19981018.scs: 508 newsfeeder.triton.net!
19981018.scs: 4664 nntp.earthlink.net![posted-from-earthlink]!*
19981018.scs: 1490 psinntp!pubxfer.news.psi.net!*
19981018.scs: 882 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981018.scs: 508 newsfeeder.triton.net!news1.triton.net!*
19981019.scs: 3397 pubxfer.news.psi.net!*
19981019.scs: 2512 news*.abac.com!*
19981019.scs: 1677 [news.carolina.net]!*
19981019.scs: 1598 interramp.com!*
19981019.scs: 3915 nntp.earthlink.net!
19981019.scs: 333 pubxfer.news.psi.net!
19981019.scs: 3915 nntp.earthlink.net![posted-from-earthlink]!*
19981019.scs: 3397 psinntp!pubxfer.news.psi.net!*
19981019.scs: 2512 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981019.scs: 1674 in4.uu.net![news.carolina.net]!*
19981019.scs: 1598 psinntp!interramp.com!*
19981019.scs: 332 pubxfer.news.psi.net!client.news.psi.net.POSTED!*
19981019.scs: 206 news.tsoft.net!news.realnews.net!207.226.241.101!*
19981019.scs: 162 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981019.scs: 162 newsfeeder.triton.net!news1.triton.net!*
19981020.scs: 2590 news*.abac.com!*
19981020.scs: 1842 [news.carolina.net]!*
19981020.scs: 1180 pubxfer.news.psi.net!*
19981020.scs: 406 interramp.com!*
19981020.scs: 4651 nntp.earthlink.net!
19981020.scs: 304 newsfeeder.triton.net!
19981020.scs: 255 @news*.abac.com
19981020.scs: 4651 nntp.earthlink.net![posted-from-earthlink]!*
19981020.scs: 2590 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981020.scs: 1653 in4.uu.net![news.carolina.net]!*
19981020.scs: 1149 psinntp!pubxfer.news.psi.net!*
19981020.scs: 406 psinntp!interramp.com!*
19981020.scs: 304 newsfeeder.triton.net!news1.triton.net!*
19981020.scs: 189 in1.uu.net![news.carolina.net]!*
19981021.scs: 3118 news*.abac.com!*
19981021.scs: 1069 pubxfer.news.psi.net!*
19981021.scs: 943 [news.carolina.net]!*
19981021.scs: 857 interramp.com!*
19981021.scs: 4550 nntp.earthlink.net!
19981021.scs: 650 @news*.abac.com
19981021.scs: 4550 nntp.earthlink.net![posted-from-earthlink]!*
19981021.scs: 3118 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981021.scs: 1069 psinntp!pubxfer.news.psi.net!*
19981021.scs: 943 in4.uu.net![news.carolina.net]!*
19981021.scs: 857 psinntp!interramp.com!*
19981022.scs: 6438 news*.abac.com!*
19981022.scs: 4971 [news.carolina.net]!*
19981022.scs: 4110 interramp.com!*
19981022.scs: 3144 news.aepnet.com!*
19981022.scs: 3017 pubxfer.news.psi.net!*
19981022.scs: 1256 news*.triton.net!*
19981022.scs: 5890 nntp.earthlink.net!
19981022.scs: 1256 newsfeeder.triton.net!
19981022.scs: 492 @news*.abac.com
19981022.scs: 6438 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981022.scs: 5887 nntp.earthlink.net![posted-from-earthlink]!*
19981022.scs: 4968 in4.uu.net![news.carolina.net]!*
19981022.scs: 4110 psinntp!interramp.com!*
19981022.scs: 3144 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981022.scs: 3017 psinntp!pubxfer.news.psi.net!*
19981022.scs: 1256 newsfeeder.triton.net!news1.triton.net!*
19981023.scs: 5682 pubxfer.news.psi.net!*
19981023.scs: 2839 news*.abac.com!*
19981023.scs: 1310 news.aepnet.com!*
19981023.scs: 426 [news.carolina.net]!*
19981023.scs: 423 news*.triton.net!*
19981023.scs: 5062 nntp.earthlink.net!
19981023.scs: 423 newsfeeder.triton.net!
19981023.scs: 429 @news*.abac.com
19981023.scs: 5545 psinntp!pubxfer.news.psi.net!*
19981023.scs: 5061 nntp.earthlink.net![posted-from-earthlink]!*
19981023.scs: 2839 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981023.scs: 1310 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981023.scs: 423 newsfeeder.triton.net!news1.triton.net!*
19981023.scs: 408 in4.uu.net![news.carolina.net]!*
19981023.scs: 190 news.tsoft.net!news.realnews.net!207.226.241.101!*
19981024.scs: 5534 pubxfer.news.psi.net!*
19981024.scs: 2787 news*.abac.com!*
19981024.scs: 2022 [news.carolina.net]!*
19981024.scs: 1626 interramp.com!*
19981024.scs: 1196 news.aepnet.com!*
19981024.scs: 675 news*.triton.net!*
19981024.scs: 5162 nntp.earthlink.net!
19981024.scs: 675 newsfeeder.triton.net!
19981024.scs: 404 @news*.abac.com
19981024.scs: 5528 psinntp!pubxfer.news.psi.net!*
19981024.scs: 5162 nntp.earthlink.net![posted-from-earthlink]!*
19981024.scs: 2787 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981024.scs: 1707 in4.uu.net![news.carolina.net]!*
19981024.scs: 1626 psinntp!interramp.com!*
19981024.scs: 1196 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981024.scs: 675 newsfeeder.triton.net!news1.triton.net!*
19981024.scs: 315 in1.uu.net![news.carolina.net]!*
19981025.scs: 3753 news.aepnet.com!*
19981025.scs: 2835 pubxfer.news.psi.net!*
19981025.scs: 1091 news*.triton.net!*
19981025.scs: 555 interramp.com!*
19981025.scs: 4509 nntp.earthlink.net!
19981025.scs: 1091 newsfeeder.triton.net!
19981025.scs: 4509 nntp.earthlink.net![posted-from-earthlink]!*
19981025.scs: 3753 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981025.scs: 2830 psinntp!pubxfer.news.psi.net!*
19981025.scs: 1091 newsfeeder.triton.net!news1.triton.net!*
19981025.scs: 555 psinntp!interramp.com!*
19981025.scs: 364 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981026.scs: 2779 pubxfer.news.psi.net!*
19981026.scs: 2403 [news.carolina.net]!*
19981026.scs: 2235 news*.abac.com!*
19981026.scs: 742 news*.triton.net!*
19981026.scs: 4407 nntp.earthlink.net!
19981026.scs: 742 newsfeeder.triton.net!
19981026.scs: 724 news.aepnet.com!*
19981026.scs: 414 @news*.abac.com
19981026.scs: 4407 nntp.earthlink.net![posted-from-earthlink]!*
19981026.scs: 2779 psinntp!pubxfer.news.psi.net!*
19981026.scs: 2403 in2.uu.net![news.carolina.net]!*
19981026.scs: 2235 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981026.scs: 742 newsfeeder.triton.net!news1.triton.net!*
19981026.scs: 724 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981027.scs: 3106 pubxfer.news.psi.net!*
19981027.scs: 2733 news*.abac.com!*
19981027.scs: 2334 [news.carolina.net]!*
19981027.scs: 828 interramp.com!*
19981027.scs: 326 news*.triton.net!*
19981027.scs: 4853 nntp.earthlink.net!
19981027.scs: 2129 news.aepnet.com!*
19981027.scs: 326 newsfeeder.triton.net!
19981027.scs: 470 @news*.abac.com
19981027.scs: 4852 nntp.earthlink.net![posted-from-earthlink]!*
19981027.scs: 3105 psinntp!pubxfer.news.psi.net!*
19981027.scs: 2733 newsfeed.cwix.com!208.137.248.9!news1.abac.com!*
19981027.scs: 2334 in2.uu.net![news.carolina.net]!*
19981027.scs: 2129 newsfeed.cwix.com!208.129.247.3!news.aepnet.com!*
19981027.scs: 828 psinntp!interramp.com!*
19981027.scs: 326 newsfeeder.triton.net!news1.triton.net!*
19981027.scs: 151 pubxfer.news.psi.net!client.news.psi.net.POSTED!*
19981027.scs: 116 news.tsoft.net!news.realnews.net!207.226.241.101!*
===========================================================================
19981001.scs: 147 news.idt.net!nntp.farm.idt.net!*
19981002.scs: 140 news.idt.net!nntp.farm.idt.net!*
19981003.scs: 24 news.idt.net!nntp.farm.idt.net!*
19981006.scs: 1116 nntp.farm.idt.net!*
19981006.scs: 1116 news.idt.net!nntp.farm.idt.net!*
19981007.scs: 1301 nntp.farm.idt.net!*
19981007.scs: 1301 news.idt.net!nntp.farm.idt.net!*
19981008.scs: 999 nntp.farm.idt.net!*
19981008.scs: 999 news.idt.net!nntp.farm.idt.net!*
19981009.scs: 1282 nntp.farm.idt.net!*
19981009.scs: 1282 news.idt.net!nntp.farm.idt.net!*
19981010.scs: 1886 nntp.farm.idt.net!*
19981010.scs: 1886 news.idt.net!nntp.farm.idt.net!*
19981011.scs: 918 nntp.farm.idt.net!*
19981011.scs: 918 news.idt.net!nntp.farm.idt.net!*
19981012.scs: 712 nntp.farm.idt.net!*
19981012.scs: 712 news.idt.net!nntp.farm.idt.net!*
19981014.scs: 212 news.idt.net!nntp.farm.idt.net!*
19981016.scs: 839 nntp.farm.idt.net!*
19981016.scs: 414 @nnrp*.farm.idt.net
19981016.scs: 839 news.idt.net!nntp.farm.idt.net!*
19981017.car: 8 nntp.farm.idt.net!news
19981017.scs: 402 nntp.farm.idt.net!*
19981017.scs: 402 news.idt.net!nntp.farm.idt.net!*
19981018.scs: 282 nntp.farm.idt.net!*
19981018.scs: 282 news.idt.net!nntp.farm.idt.net!*
19981020.scs: 1025 nntp.farm.idt.net!*
19981020.scs: 848 @nnrp*.farm.idt.net
19981020.scs: 1025 news.idt.net!nntp.farm.idt.net!*
19981021.scs: 306 nntp.farm.idt.net!*
19981021.scs: 306 news.idt.net!nntp.farm.idt.net!*
19981022.scs: 368 nntp.farm.idt.net!*
19981022.scs: 368 news.idt.net!nntp.farm.idt.net!*
19981023.scs: 281 nntp.farm.idt.net!*
19981023.scs: 281 news.idt.net!nntp.farm.idt.net!*
19981024.scs: 1153 nntp.farm.idt.net!*
19981024.scs: 1153 news.idt.net!nntp.farm.idt.net!*
19981026.scs: 665 nntp.farm.idt.net!*
19981026.scs: 665 news.idt.net!nntp.farm.idt.net!*
===========================================================================
Top 100 Sites identified by Ultra/Spam Hippo Despam
(see news.admin.net-abuse.bulletins)
<http://www.spamhippo.com>
Date Rank Source Total spam %spam KBytes
======================================================================
hippo981001: 4 208.218.14.44 5683 5397 95 3816
hippo981001: 11 pubxfer.news.psi.net 4174 3198 77 2275
hippo981001: 18 news1.abac.com 1911 1911 100 13953
hippo981001: 50 interramp.com 723 723 100 461
hippo981001: 75 207.226.241.101 599 361 60 1575
hippo981002: 13 news1.abac.com 2554 2427 95 22887
hippo981002: 30 pubxfer.news.psi.net 1946 1128 58 729
hippo981003: 2 pubxfer.news.psi.net 9941 7788 78 8187
hippo981003: 19 news1.abac.com 2280 2280 100 30893
hippo981003: 43 208.218.14.44 729 729 100 753
hippo981004: 9 news1.abac.com 2931 2931 100 15010
hippo981004: 35 pubxfer.news.psi.net 922 858 93 486
hippo981004: 40 interramp.com 678 678 100 419
hippo981004: 51 208.218.14.44 612 580 95 8064
hippo981005: 8 news1.abac.com 3703 3703 100 18664
hippo981005: 11 pubxfer.news.psi.net 4203 2960 70 14059
hippo981006: 11 pubxfer.news.psi.net 3323 2460 74 1451
hippo981006: 14 news1.abac.com 1944 1916 99 11623
hippo981007: 5 pubxfer.news.psi.net 8468 5554 66 6261
hippo981007: 19 news1.abac.com 2015 2015 100 12869
hippo981007: 44 208.218.14.44 797 797 100 1089
hippo981008: 10 pubxfer.news.psi.net 3338 2704 81 1641
hippo981008: 18 news1.abac.com 1853 1853 100 12768
hippo981009: 2 pubxfer.news.psi.net 7634 5429 71 3534
hippo981009: 8 news1.abac.com 3697 3124 85 3241
hippo981009: 9 208.218.14.44 3918 2931 75 3146
hippo981009: 28 interramp.com 1725 1156 67 715
hippo981009: 58 news1.triton.net 1003 714 71 769
hippo981010: 3 pubxfer.news.psi.net 5659 5303 94 3438
hippo981010: 6 208.218.14.44 3976 3976 100 2878
hippo981010: 10 news1.abac.com 2785 2785 100 2041
hippo981010: 17 interramp.com 1516 1487 98 974
hippo981011: 5 pubxfer.news.psi.net 5571 5571 100 3155
hippo981011: 8 208.218.14.44 3573 3573 100 1890
hippo981011: 9 news1.abac.com 3294 3294 100 12653
hippo981011: 15 interramp.com 1684 1684 100 1086
hippo981012: 5 pubxfer.news.psi.net 4885 3657 75 2127
hippo981012: 6 news1.abac.com 3465 3089 89 2612
hippo981012: 9 208.218.14.44 3385 2463 73 1281
hippo981012: 18 interramp.com 1873 1482 79 858
hippo981012: 19 news1.triton.net 1400 1309 94 1607
hippo981013: 3 pubxfer.news.psi.net 6161 4901 80 2660
hippo981013: 4 208.218.14.44 3648 3648 100 1935
hippo981013: 6 news1.abac.com 2781 2781 100 2077
hippo981013: 7 interramp.com 2744 2744 100 1691
hippo981013: 41 news1.triton.net 785 775 99 860
hippo981014: 17 pubxfer.news.psi.net 3227 1829 57 1231
hippo981014: 18 news1.abac.com 1809 1795 99 1553
hippo981014: 41 208.218.14.44 651 650 100 483
hippo981014: 89 207.226.241.101 340 269 79 1883
hippo981015: 5 pubxfer.news.psi.net 6041 5023 83 2704
hippo981015: 8 news1.abac.com 4042 4042 100 14058
hippo981015: 16 208.218.14.44 2129 2129 100 1030
hippo981015: 35 news1.triton.net 943 892 95 1972
hippo981015: 39 interramp.com 891 771 87 319
hippo981016: 9 208.218.14.44 3725 3725 100 2848
hippo981016: 21 interramp.com 1665 1631 98 727
hippo981016: 23 pubxfer.news.psi.net 3343 1537 46 1106
hippo981016: 27 news1.abac.com 1214 1214 100 12018
hippo981017: 7 208.218.14.44 4003 3998 100 4098
hippo981017: 8 pubxfer.news.psi.net 3922 3564 91 1895
hippo981017: 12 news1.abac.com 2486 2486 100 1320
hippo981017: 23 interramp.com 1234 1205 98 536
hippo981017: 50 news1.triton.net 604 575 95 2293
hippo981018: 6 pubxfer.news.psi.net 4909 4180 85 5067
hippo981018: 30 news1.abac.com 1029 993 97 11842
hippo981018: 93 news1.triton.net 214 198 93 836
hippo981019: 3 pubxfer.news.psi.net 6201 5337 86 2946
hippo981019: 5 news1.abac.com 4972 4972 100 14392
hippo981019: 7 208.218.14.44 3770 3764 100 1842
hippo981019: 12 interramp.com 2676 2587 97 1149
hippo981019: 50 news1.triton.net 686 619 90 5780
hippo981019: 58 207.226.241.101 728 453 62 1423
hippo981019: 89 news.aepnet.com 216 214 99 403
hippo981020: 10 news1.abac.com 2713 2713 100 12753
hippo981020: 27 208.218.14.44 1161 1161 100 698
hippo981021: 2 pubxfer.news.psi.net 18282 16018 88 20544
hippo981021: 4 news1.abac.com 7331 7331 100 16882
hippo981021: 9 208.218.14.44 3948 3948 100 1880
hippo981021: 10 interramp.com 3781 3781 100 1756
hippo981021: 18 news.aepnet.com 1698 1696 100 741
hippo981021: 35 news1.triton.net 851 829 97 675
hippo981022: 2 news1.abac.com 7131 6531 92 15220
hippo981022: 7 news.aepnet.com 4161 3678 88 1688
hippo981022: 9 208.218.14.44 4006 3289 82 1595
hippo981022: 11 interramp.com 3596 2704 75 1250
hippo981022: 13 pubxfer.news.psi.net 4280 2488 58 1214
hippo981022: 44 news1.triton.net 1021 774 76 1593
hippo981023: 7 pubxfer.news.psi.net 5460 3879 71 5160
hippo981023: 10 news1.abac.com 2358 2358 100 21506
hippo981023: 26 208.218.14.44 956 956 100 5516
hippo981023: 37 news.aepnet.com 696 696 100 316
hippo981023: 65 news1.triton.net 415 360 87 1801
hippo981023: 92 207.226.241.101 280 245 88 302
hippo981024: 2 pubxfer.news.psi.net 9283 9283 100 9777
hippo981024: 6 news.aepnet.com 4779 4777 100 2225
hippo981024: 11 news1.abac.com 3465 3465 100 13677
hippo981024: 13 interramp.com 2954 2925 99 1293
hippo981024: 17 208.218.14.44 2288 2288 100 3921
hippo981024: 19 news1.triton.net 2201 2131 97 2979
hippo981025: 6 news.aepnet.com 3352 3350 100 1568
hippo981025: 8 pubxfer.news.psi.net 3192 3010 94 1908
hippo981025: 28 news1.abac.com 937 929 99 1186
hippo981025: 34 interramp.com 846 674 80 319
hippo981026: 7 pubxfer.news.psi.net 4832 3322 69 2511
hippo981026: 11 208.218.14.44 2744 2741 100 4311
hippo981026: 14 news1.abac.com 2441 2441 100 13446
hippo981026: 40 news1.triton.net 807 770 95 2402
hippo981026: 41 news.aepnet.com 766 765 100 1164
hippo981027: 7 pubxfer.news.psi.net 5229 4263 82 3285
hippo981027: 8 news1.abac.com 3930 3930 100 14913
hippo981027: 10 208.218.14.44 2734 2727 100 3696
hippo981027: 13 news.aepnet.com 2489 2489 100 3138
hippo981027: 33 interramp.com 1163 869 75 1077
hippo981027: 66 news1.triton.net 352 318 90 1074
hippo981027: 91 207.226.241.101 227 195 86 233
======================================================================
hippo981002: 81 nntp.farm.idt.net 1180 310 26 2036
hippo981003: 62 nntp.farm.idt.net 1166 388 33 1388
hippo981004: 88 nntp.farm.idt.net 1291 223 17 1254
hippo981005: 64 nntp.farm.idt.net 1348 615 46 15025
hippo981006: 12 nntp.farm.idt.net 3007 2016 67 47992
hippo981007: 23 nntp.farm.idt.net 2369 1655 70 44061
hippo981008: 36 nntp.farm.idt.net 1615 873 54 15391
hippo981009: 21 nntp.farm.idt.net 2527 1555 62 15298
hippo981010: 12 nntp.farm.idt.net 2916 2332 80 17902
hippo981011: 25 nntp.farm.idt.net 1991 1270 64 8777
hippo981012: 35 nntp.farm.idt.net 1722 893 52 17273
hippo981013: 97 nntp.farm.idt.net 1211 258 21 1895
hippo981015: 47 nntp.farm.idt.net 1536 630 41 1417
hippo981016: 43 nntp.farm.idt.net 1384 796 58 8998
hippo981017: 53 nntp.farm.idt.net 1108 542 49 19019
hippo981018: 65 nntp.farm.idt.net 842 329 39 865
hippo981019: 60 nntp.farm.idt.net 1271 417 33 598
hippo981020: 14 nntp.farm.idt.net 3071 2066 67 2386
hippo981022: 94 nntp.farm.idt.net 1257 183 15 2401
hippo981023: 64 nntp.farm.idt.net 1405 377 27 954
hippo981024: 23 nntp.farm.idt.net 2258 1647 73 5255
hippo981026: 31 nntp.farm.idt.net 1961 1004 51 1351
======================================================================
--
David Ritz <dr...@primenet.com> Finger for PGP Public Keys
Fight against spam & spammers. http://spam.abuse.net
Outlaw Junk Email. ++++++ Join CAUCE ++++++ http://www.cauce.org
** Be kind to animals. - Kiss a shark. **
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
Comment: Finger:dr...@primenet.com for Public Keys
iQCVAwUBNjfCLtzLrWGabIhRAQEuUgQAuGaKwWEvhHPe/1znutz3T3uUzaO1OsbX
lKZWOo1iBkiTx0RU8LlFaR/0oO+F8ggPy/B9Bk7vDDR7Vfd7RLlJb4OLNddQesSd
5aIscLX+8m76R12IBt8rflSLUjjakqXbn2AtrkBYvUjaIK4Cye4op7UbPUp/KtI3
FK7GLaEY6pw=
=WNKc
-----END PGP SIGNATURE-----
Rebecca Ore
> :
> : See?
>
> Not really. Presumably PSI's ISP customers who *are* targeted would
> put as much pressure on PSI to clean up their act as the ones who aren't.
> Maybe I'm just being obtuse. :)
What puts pressure on an ISP facing a UDP is the average
non-spamming customers who had no idea that the dreck in their
news groups was coming from the ISP they were paying to
provide services for them.
If all an ISP has for customers are spam houses, then there's
no leverage. As Rick said, it's business as usual (I've
wondered why some spammers don't sue their ISPs for not
telling them the ISP also accepts cancels, but what the hey).
The ideal is to get the non-spamming customers complaining
vigorously before the cancels go out, and to get the ISP to
make significant changes in those five days.
"Hi, we're the UDP and we're here to cancel your spam and
leave everyone else alone." Unfortunately, that doesn't work.
--
Rebecca Ore
David Ritz
===========================================================================
========= WAS CANCELLED BY =======:
Path: ...!newshub.northeast.verio.net!howland.erols.net!psinntp!pubxfer.news.psi.net!primenet.com!dritz
From: ke...@nospam-miag.net
Newsgroups: news.admin.net-abuse.usenet
Subject: cmsg cancel <Pine.BSI.3.96.981028...@usr10.primenet.com>
Control: cancel <Pine.BSI.3.96.981028...@usr10.primenet.com>
Date: 2 Nov 1998 07:40:23 GMT
Organization: PSINet
Lines: 2
Approved: ke...@nospam-miag.net
Message-ID: <6yYeVQM.lODYiNk...@usr10.primenet.com>
NNTP-Posting-Host: ip162.kansas-city.mo.pub-ip.psi.net
SPAM/EMP Cancel
Chris Bellomy
: Given targetting by NNTP-Posting-Host, a Primenet/Mindspring exclusion
: would be by excluding stuff that originated on their servers.
Question: does most PSI spam originate from certain servers? If so,
the UDP should focus on specific NNTP-Posting-Host/originating server
combinations. In other words:
if (NNTP-Posting-Host = PSI AND originating-server = guilty) {
cancel_its_sorry_ass;
}
is preferable to
if (NNTP-Posting-Host = PSI) {
unless (originating-server = goodguy) {
cancel_its_sorry_ass;
}
}
The more specific the UDP, the better. IMHO.
cb
Lysander Spooner
>Question: does most PSI spam originate from certain servers? If so,
>the UDP should focus on specific NNTP-Posting-Host/originating server
>combinations.
That's indistinguishable from what we've been doing -- cleaning up
their crap for them.
Yesterday, PSI POPs accounted for over 20% of all cancels. That's
_got_ to stop!
>The more specific the UDP, the better. IMHO.
Us: "If you don't control your spam, we'll punish you by carefully
and selectively canceling it for you!"
PSI: "Promise?"
See?
-- Rick
-------------
** Don't throw me in that thar UDP-patch, Brer Canceller! **
Jan Isley
> I'm quite sure that it would be pretty catastrophic if even the best
> two sites on the net get nuked in the collateral damage.
In a perfect world I would not be forced to respond to what I would
consider obscenely irresponsible behavior. Unfortunately, usenet is
far from a perfect world. While only about 5% of our traffic comes
via a PSI POP, a significant percentage of Usenet traffic originates
at Mindspring. That would be a lot of collateral damage.
> Depends on how the players play their cards.
Yours is the only rational voice that I have noticed posting on this
subject so far.
> I saw some mutterings out of someone at Mindspring (_not_ Jan), that
> suggests that their management level wouldn't be very sympathetic.
No one posting here with a mindspring.com address works for Mindspring,
at least not that I am aware of. I am the news administrator here and
I assure you that I am not sympathetic to the abundance of extreme
rhetoric around nana.* - both extremes.
> In that way lies disaster. Perhaps, rather than starting a 5 day
> countdown on PSI, we should be utilizing our contacts at Mindspring
> and Primenet to put the screws on PSI.
Well, that would be me and I am about to go out of town for a long
weekend. Not that it matters because I assure you that Mindspring has
no more leverage with PSI than the man in the moon. It is difficult
enough getting cooperation on points of contract. There are NO screws
to we can apply, period. The only stick I have available is to not
peer with them... done that. I can sick a VP on them, but from past
experience I *know* it would be a waste of time.
> Given targetting by NNTP-Posting-Host, a Primenet/Mindspring exclusion
> would be by excluding stuff that originated on their servers.
Without access to our internal posting host, getting those filters
right would be seriously difficult. Anything less than 100% would
be most unfortunate.
--
Jan Isley
Senior Engineer, Network Services
MindSpring Enterprises, Inc
Chris Bellomy
: On 29 Oct 1998 00:07:13 GMT, Chris Bellomy <bo...@io.com> wrote:
:
:>Question: does most PSI spam originate from certain servers? If so,
:>the UDP should focus on specific NNTP-Posting-Host/originating server
:>combinations.
:
: That's indistinguishable from what we've been doing -- cleaning up
: their crap for them.
:
: Yesterday, PSI POPs accounted for over 20% of all cancels. That's
: _got_ to stop!
I'm not sure you understand what I meant -- I'm just curious whose
servers the spammers are using. If it's just a select few, why
punish the good guys?
:>The more specific the UDP, the better. IMHO.
:
: Us: "If you don't control your spam, we'll punish you by carefully
: and selectively canceling it for you!"
:
: PSI: "Promise?"
:
: See?
Not really. Presumably PSI's ISP customers who *are* targeted would
put as much pressure on PSI to clean up their act as the ones who aren't.
Maybe I'm just being obtuse. :)
cb
Lysander Spooner
wrote:
>According to Chris Lewis <cle...@ferret.ocunix.on.ca>:
>
>> I'm quite sure that it would be pretty catastrophic if even the best
>> two sites on the net get nuked in the collateral damage.
>
>In a perfect world I would not be forced to respond to what I would
>consider obscenely irresponsible behavior.
In a perfect world I would not have to spend my time cleaning up after
PSI's obscenely irresponsible behavior.
>Unfortunately, usenet is far from a perfect world.
You got that right.
>Yours is the only rational voice that I have noticed posting on this
>subject so far.
Which part of the statistics I posted (showing ~100% spam daily from
several PSI POPs) strikes you as irrational?
>> I saw some mutterings out of someone at Mindspring (_not_ Jan), that
>> suggests that their management level wouldn't be very sympathetic.
>
>No one posting here with a mindspring.com address works for Mindspring,
>at least not that I am aware of. I am the news administrator here and
>I assure you that I am not sympathetic to the abundance of extreme
>rhetoric around nana.* - both extremes.
Extreme abuse begets extreme rhetoric.
-- Rick
Chris Bellomy
: This sounds like my cue to produce some stats. I based my search
: criteria on news servers I know are currently being abuse by the
: Gartman/Stemple operation, primarily from the PSINet Fort Worth
: PoP.
I have an easier solution. Since I live in Fort Worth, somebody just
figure out who the spammer is, and I'll go fix him up with some 110 volt
ethernet. :)
cb
Chris Bellomy
: Chris Bellomy <bo...@io.com> writes:
:
:
:> :
:> : See?
:>
:> Not really. Presumably PSI's ISP customers who *are* targeted would
:> put as much pressure on PSI to clean up their act as the ones who aren't.
:> Maybe I'm just being obtuse. :)
:
: What puts pressure on an ISP facing a UDP is the average
: non-spamming customers who had no idea that the dreck in their
: news groups was coming from the ISP they were paying to
: provide services for them.
<snip>
OK. I get it. We have to hurt the good guys in order to make
management pay attention. I can think of a couple of scenarios
in which this wouldn't be necessary, but they are so unlikely that
I won't bother boring everybody with them. :)
cb
Xandraius
>
> In <363f031e....@209.242.64.104>, buch...@cybernex.net (Lysander Spooner) writes:
>
> >Can anyone come up with any reason -whatsoever- why PSI should *NOT*
> >be subjecf to the Mother Of All UDPs?
> Yup. In fact, I propose a moratorium on cancelling their spam.
Huh?! This had better be a good 'dance' of words...
> The situation at PSI has gotten so bad, that even small-time operators
> who can't afford to run a filter like the Hippo can get a huge benefit
> in spam reduction, and virtually no cost, by simply aliasing them out.
Go Bo Jangles! Agreed. This 'Warning: We will UDP you' followed by the
entire tired game is not getting the point across to this ISP and
other like it. (Spew-You-net, anyone?). Just cut them off from the
outside world and make it really clear that if they can't teach their
children about the wrongess of peeing and shiting randomly in the
USENET swimming pool, then they will damn well deal with the
consequences.
> Instead of a 5-day warning of an impending UDP, issue a 5-day
warning
> of an impending pinkstorm. Then start aliasing out
> pubxfer.news.psi.net, and the other servers that Gartman, et al, are
> being allowed to spam from with impunity, in your own feed.
Works for me. Make your feed so squeeky clean you could eat off if
it.
> The clueful admins will start doing the same. This is a lot more
> cost-effective than trying to clean spools with a half-million cancels.
... and so much crap dropped on the floor that your NNTP server's
RAID wants to run away and pretend it's just a Nintendo.
-=snip=-
> An advantage of this approach is that it precludes PSI's trying to avoid
> fixing the problem by waving their lawyers around. What can they do?
> Try to file "PSI vs John Doe ISPs 1-35,000"?
Um, if they think anything like You-Spew-Net, you never know. Never
underestimate the brute cluelessness of a corportate ISP lawyer. I
know first hand from IBM before Tim put his boot up a bunch of peoples
asses.
Or for the more extreme sorts, we just let Afterburner run USENET
for a day...
--
-=This sig belongs to an alt.gothic net.cop=-
"It's 106 ms to Chicago, we've got a full
disk of GIFs, half a meg of hypertext,
it's dark, and we're wearing sunglasses."
"Click it." -- (jake_...@bluesbros.net)
Xandraius
>
> JeffL...@MindSpring.com (Jeffery J. Leader) writes:
> >Mark, this is way too much. It's helpful to have an intelligent
> >opposing viewpoint for UDPs--how about issuing a retraction on this
> >one and trying again?
> Absolutely not. I don't understand why the group supports the vitriolic
> attacks on providers or the employees of providers. So many apologies and
> retractions are due from that side of the fence! All one has to do is
> review Mr. Moore's most revealing post. Bah!
Mark.... it's because *WE* pay people like *YOU* to provide a clean
NNTP feed. When people like *YOU* don't do your PAID job, then people
like *US* do it as an UN-PAID job. In essence, you want us to be nicer
to you and other abuse departments when we get upset that your
performance frankly sucks. Let me break this down farther: You do not
see why we get mad as hell that some ISP employees won't do their job
and think we should be nicer. Guess what. It don't work that way. I've
worked an abuse department. I found that respect came from responding
to your customers and LARTing with hellfire those who violated the
AUP/ TOS. On the spot. Amazing thing... I never here your sort of rant
from the NewsAdmin types who never show up on the BI higher than a
'5'.
>I agree the stats show the UDP is justified. I agree that real preperations
> ought to be made. Once they are, I will have to get ready to put in some
> serious overtime as the roaches scurry to find new homes. I'm not looking
> forward to it but I knew it had to be done in April.
That's nice. Why didn't YOU start the ball rolling if you saw it
happening. You want to contribute to stopping this crap? Good! Do so.
-=snip=-
-=Xan=-
Don Juneau
<Uhm, no. If Steve Boursy wishes to read my replies, he can bloody well
read this NG. I could care less about "Cuchulain", so he can do as 'Bumpy
does. And since this has utterly *no* relevance to whales, as I understand
they are currently being deprived of a full, uncensored Usenet feed (Time
for a new crusade, Steve!), I am forthwith gouging out the added
newsgroups. Nyaaah.>
On Wed, 28 Oct 1998, Antaine wrote:
> On Tue, 27 Oct 1998 14:27:45 -0600, Don Juneau <dju...@io.com> wrote:
>
> ><newsgroups Bump'inated>
> >
> >On Tue, 27 Oct 1998, ISP_Ratings wrote:
> >
> >> how...@connectnet.com (Howard Knight) wrote:
> >> -
> >> -You may have noticed that we have not imposed a UDP on PSI or
> >> -several other providers also deserving a UDP. We intend to
> >> -rectify this situation as soon as possible. We apologize for any
> >> -inconvenience and thank you for your continued patronage.
> >>
> >> Any with information regarding attempts to UPD a given site should
> >> file a complaint with the US Federal Trade Commission at:
> >>
> >> http://www.ftc.com/
> >>
> >> They have a very handy online complaint form--please submit any
> >> related posts or email with full headers.
> >>
> >> Steve
> >> news.admin.censorship
> >
> >Remember, folks, that Steve "Speedbump" Boursy asked you to "submit *any*
> >related posts or email with full headers" (emphasis mine) to the FTC.
> >Please CC: in 'Bumpy when you forward each and every article of spam from
> >the proposed-UDP target, so that he knows what a good job you're doing...
> >
> > Thank you,
> > OoozeNyet Management
>
> And I bet this is a person who whines about "abuse". Such blatant
> hypocrisy is so very amusing.
Let me move the quoted text up above your comment, so it's even more
blatant to anyone with more than three brain cells to rub together...
Ahh, that's better. Now, O Sarcasm-Detection-Impaired One, exactly *what*
implies this as a serious suggestion? Note that those discussing the PSI
UDP *are* knowledgable and rational enough not to do such a "HipCrime"
thing, as it's a Bad Thing. Note that anyone reading more than a day's
worth on non-CramHype'd n.a.n-a.u. can figure this out as well, while it
may take up to a week to puzzle out the Armless Wonder. Note, finally,
that those who simply jump in with no experience or knowledge of Usenet
are 1) going to have a learning experience sooner or later; 2) unlikely to
have the header-deciphering skills necessary for carrying out this
"suggestion"; and 3) awfully dense to not at least *question* something
signed "OoozeNyet Management".
Oh, wait. I forgot, I *am* replying to someone who appears to be awfully
dense. Therefore, I apologise, and withdraw that suggestion.
Instead, let's all chip in and send Speedbump the biggest burning sack of
dogshit in existance. Boston, surely, has a pooper-scooper law. (If not,
it can be imported from New York City.) Offering a nickle a pound, plus a
free bag, should work fine. We could even get a camera crew from America's
Most Tasteless Guinness World Records to record the event for posterity...
Awesome! Steve's gonna get a great holiday surprise courtesy of your
gravity-distorting mass-between-the-ears, and the worldwide viewing
audience can wager on which disgusting pile is about to be ignited!
Don't feel slighted, however, because from all of us here at "OoozeNyet
Management", here's a hearty:
"Fuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuuck you,
Spanky!"
Don, who thinks thinks that it's high time that "being an asshole" stops
being the sole province of kooks and abusers...
Cameron Kaiser
>Not really. Presumably PSI's ISP customers who *are* targeted would
>put as much pressure on PSI to clean up their act as the ones who aren't.
>Maybe I'm just being obtuse. :)
No, but I like the way you think. :-) Trouble is balancing good publicity
and effectiveness vs. punishing the non-offenders and thus diluting public
support for future motions.
Podkayne Fries
<xand...@geocities.com> wrote:
>Mark Hittinger wrote:
>>
>> JeffL...@MindSpring.com (Jeffery J. Leader) writes:
>> >Mark, this is way too much. It's helpful to have an intelligent
>> >opposing viewpoint for UDPs--how about issuing a retraction on this
>> >one and trying again?
>>
>> Absolutely not. I don't understand why the group supports the vitriolic
>> attacks on providers or the employees of providers. So many apologies and
>> retractions are due from that side of the fence! All one has to do is
>> review Mr. Moore's most revealing post. Bah!
>
> Mark.... it's because *WE* pay people like *YOU* to provide a clean
>NNTP feed. When people like *YOU* don't do your PAID job, then people
>like *US* do it as an UN-PAID job. In essence, you want us to be nicer
>to you and other abuse departments when we get upset that your
>performance frankly sucks.
Maybe we need to implement another Cancel Moratorium.
--
Regards, Podkayne Fries
"We were in Paris... you had a branding iron."
- Druscilla, BUFFY THE VAMPIRE SLAYER
Jeffery J. Leader
>Maybe we need to implement another Cancel Moratorium.
Without CR, even the first one needs to have an asterisk placed next
to it...
Rebecca Ore
C/UR, i.e., Cosmo/Uncle Roadkill, I think you mean. There have
been two Cancel Moratoriums -- the first one wasn't publicized
(before the uu.net UDP); the second one was in April.
Local ISP estimates are that 30% plus ISPs use RBL for email.
I suspect the numbers using Cleanfeed or Spam Hippo are around
that range if not higher.
And if smaller POPs are going to outsourcing news, then we
might consider making sure the anti-spam community has good
liasions with these.
--
Rebecca Ore
Jeffery J. Leader
> And if smaller POPs are going to outsourcing news, then we
> might consider making sure the anti-spam community has good
> liasions with these.
I think you make an underappreciated point about smaller ISPs ("ISPs
in a box") and the outsourcing of news to a Supernews type entity.
It's possible that these "news-farms" will become big
players...luckily most seem to be ahead of the game on spam control.
Don Juneau
<newsgroups deBumped>
On Thu, 29 Oct 1998, Antaine wrote:
> On 28 Oct 1998 22:20:52 -0500, Rebecca Ore <rebec...@op.net> wrote:
>
> >ant...@usabcdefg.net (Antaine) writes:
> >
> >> "whacking" messages. Tell me Bec, on what authority do you
> >> issue cancels? Also why does such authority apply to you but
> >> you feel it doesn't apply to others?
> >
> > On the authority invested in my by the ISPs of Philadelphia,
> > their heirs and assigns, every ISP guy I've exchanged email
> > with asking for advice, Fluffy, and happy camper everywhere.
>
> So a couple of ISP's have said it's okay for you to force your will
> on all ISP's.
A "couple"? Let's have a show of hands: how many ISPs have *objected* to
her cancels? Actual official ISPs, not spammers with virtual domains and
the like. Uhm, yes, Dave, we see your hand, that's a hardwired "one"
whenever the subject comes up, anyone else?
> > Anyone who follows the same rules is welcome after announcing
> > intent and standing in the virtual town square announcing same
> > for a reasonable period.
>
> Yeah, so you can ignore the people who are critical. We get the
> picture Bec. What you do is equivalent to what Hipcrime et. al.
> does -- nothing more.
Uhm, gee you're right - in the purely descriptive sense: HipCrime issues
cancels; Rebecca Ore issues cancels.
However, let's start cycling *thought* through those underworked
braincells, shall we? HipCrime and his lil' brown-nosed buddies randomly
target messages or threads or entire newsgroups, and sometimes are
selective enough to go after certain individuals, as a destructive act -
no redeeming value at all. Rebecca and the other recognised spam and abuse
cancellers specifically target messages and threads that fit specific
abuse-specific criteria in an effort to maintain and improve the total
Usenet experience.
So, while you *do* have about the same weight (both HipCrime and Rebecca
cancel), on the HipCrime side you have an oozing pile of shit, while on
Rebecca's side it's a tall frosty mug of high-quality cider.
Personally, I'll take the cider side of things... y'all can play with
HipCrime's side all you like. I guess you'll find it "finger-lickin'
good"...
(Note: I'm not current on n.a.n-a.u. events, so I don't know for sure if
Rebecca Ore is still providing that service to Usenet. But, the example
still holds.)
Don, the somewhat-less-obnoxious-today version
Ogoun
-
-Rebecca Ore <rebec...@op.net> wrote:
-
->Any ISP that wishes avoid my cancels can do so easily. All my
->cancels come from ogoense.net.
-
-The same applies to the supersedes -- don't accept them.
The majority of users are on ISPs which reject all cancels--not
merely Rebecca's. It's due to widespread abuse given that over
99% of all cancels are issued by those other than the original
author.
ISPs that reject all cancels (which is clearly censorship) include
MSN, AOL, Earthlink, Altopia, TIAC, Sprint, SWBell, etc. Supercedes
are merely another form of cancel of course so if users find that the
original artilces are being replaced by superceded nonsense they
are on an ISP that censors it's feed very heavily. That, amoung many
other things, often times will leave them without the right of reply
if someone quotes them and trashes them.
Steve
news.admin.censorship
Big Foot
-
-cle...@ferret.ocunix.on.ca (Chris Lewis) wrote:
-
->Our >asses are already on the line here. And frankly, because
Your reputation is already shot to shit Mr. Lewis.
->our asses _are_ on the line, maundering on about fairness is
->pointless and insulting.
I agree-not to mention embarassing.
-
-Amusing the martyr complex of these people as they censor.
Lewis is about the worst of the bunch. Is Peter still running
his cancel bot in alt.animals.dolphins? That one is really a
blessing--it's showed clearly that the cabal is not about spam--
just a few weeks ago they were calling themselves 'Despammers'
and issueing challenges to show an example of a cancel that was
not spam. Here we've a continuous slew of them and many
cabal not only defended them but they went over the deep
end on attacking crossposting as well.
Imagine the nerve of someone crossposting discussions of
their censorous shit to usenet at large--not only does it embarass
them but they have to back off on their claim to representing
usenet at large. They represent no one but themselves of
course.
-
->It is already as fair as we can make it, as modified by suggestions
->from others.
Best thing Rebecca would be to just stop doing it--it's abusive
and counterproductive.
-
-Which you will promptly ignore -- as has been proven in the past.
-
I find it amusing. Over the last 6 months cancels have become virtually
worthless as the majority of users are now on ISPs that reject all cancels.
Cancels of others posts never were about spam--they've been about
content as witnessed by their latest round of other content based
attacks (crossposting, threats of UDPs to ISPs that aren't willing to
submit to being sodomized, etc.).
Steve
news.admin.censorship
Sam
[ 2 newsgroups debumped ]
In article <363e7779...@news.alt.net>,
big...@sasquatch.gov (Big Foot) writes:
> ant...@usabcdefg.net (Antaine) wrote:
> -
> -cle...@ferret.ocunix.on.ca (Chris Lewis) wrote:
> -
> ->Our >asses are already on the line here. And frankly, because
>
> Your reputation is already shot to shit Mr. Lewis.
No, it's not, Speedbump.
> -Amusing the martyr complex of these people as they censor.
>
> Lewis is about the worst of the bunch. Is Peter still running
> his cancel bot in alt.animals.dolphins?
Look who's talking, Bump. As the X-Boursified-Newsgroups: header
indicates, you're still posting your crap to alt.animals.dolphins, clearly
in violation of Caputo's revised policy. One thing you're good for,
Speedbump -- for which I give you full credit -- is clearly demonstrating
that Caputo is not enforcing the new no abusive crossposting policy. At
least, not yet.
[ rest of bumpshit flushed ]
-----BEGIN PGP SIGNATURE-----
Version: 2.6.2
Comment: http://i.am/mrsam for public key.
iQEUAwUBNjuA1plaALjSq209AQGmwQf3a/ezp4M1kLxQszZfUCyPMGDopAkbIGtN
UIUutEa4C7HMDIMWUcSmN9GrD+334OQgBs64Zj5oxk9LJH3myg1U0zs8iUgQHj9P
xT7IK7I5Jb3dC7jNTTUD73+1IKopiAYy1/q7sSmgsa3QA+JzjOBRnZG3IBRZNG7n
eOqM0fvzJ24qHBPe3yYpRytFsaXUoHwryhaUNIKPJyD60O0yT0WgCGCt6rgrdJvd
h5p9Q6dBrtEsUUPZl+pTqYqCHCJOhc7xVMerlQTEdNzgXewEx7NFvmg/birWdJM0
bWuwGxfx0BEQ+EtPKVHdZqCB3Vxmrb9OHCvBqAaAE7NZDhtV5QVA
=Sqwo
-----END PGP SIGNATURE-----
ISP_Ratings
in news.admin.net-abuse.usenet ...
-
-<Uhm, no. If Steve Boursy wishes to read my replies, he can
-bloody well read this NG.
I do read this newsgroup--it's one of a dozen or so I follow
daily--others I scan or use a bot to grab posts. Of all the
groups I read news.admin.net-abuse.usenet is the most
filed with rubbish which is amusing since you boys and
girls claim to be cleaning up usenet yet your own newsgroup
is filled with post after repetitive post (substantially the same)
patting each other on the ass. And then you've got the
Wollmann troll posts and other assorted plug puller wanna-be's
and that's just fine and dandy with you folks.
You're an odd bunch--too much inbreeding which of course
is why you find crossposts so threatening--outside your little
closed world you look quite foolish. The attempts to censor
other posters in this group is outrageous--as are your attempts
to sodomize sys admin after sys admin using various forms
of black mail.
Any aware of any attempts to UDP a given site (a UDP
is globally blocking all posts from a given site until they
submit to threats) should go to the US Federal Trade
Commission Website at:
and fill out their online complaint form. Be sure to
include any relevant email or posts with full headers.
Also include any threats of denial of service for speaking
your mind on such things as the net.cops go in to
overdrive as we're seeing right now.
For users at large you might take a look at
news.admin.net-abuse.usenet and the type
of threats they are making regarding your
ability to post freely--makes Senator Exon look
like a saint.
Steve
news.admin.censorship
Ghede
-
-In a perfect world ...
You could not exist.
Steve
news.admin.censorship
Diane
>>alt.politics.reform,news.admin.net-abuse.usenet,news.admin.censorship,alt.internet.services,alt.censorship,alt.politics.datahighway,talk.politics.misc
>I don't want anyone coming back and giving me the last 2 years of crap
>on Boursy. It has no relevance to *THIS* claim of violating Altopia's
>xpost policy.
You silly twit: As if talk.politics.misc had anything to do with
the subject under discussion. Hard to tell if you are clueless
or a troll - same result in either case - permanent twitdom.
<plonk!>
----------------
Diane
Guy Macon
>
>ch...@buckeyenet.net (Podkayne Fries) wrote:
>>Maybe we need to implement another Cancel Moratorium.
>
>Without CR, even the first one needs to have an asterisk placed next
>to it...
>
Is there any evidence that Cosmo/Unkle Roadkill will ever participate
in any cancel moratorium under any circumstances? If so, what conditions
must be met ti insure his participation?
Robert Sneddon
<guym...@deltanet.com> writes
>
>Is there any evidence that Cosmo/Unkle Roadkill will ever participate
>in any cancel moratorium under any circumstances? If so, what conditions
>must be met ti insure his participation?
Formation of the cosmo.* top-level hierarchy?
--
To reply by email, send to nojay (at) public (period) antipope (dot) org
Robert Sneddon
Jan Isley
> On 29 Oct 1998 01:42:12 GMT, Jan Isley <jis...@eng.mindspring.net>
> wrote:
>
> >According to Chris Lewis <cle...@ferret.ocunix.on.ca>:
> >
> >> I'm quite sure that it would be pretty catastrophic if even the best
> >> two sites on the net get nuked in the collateral damage.
> >
> >In a perfect world I would not be forced to respond to what I would
> >consider obscenely irresponsible behavior.
>
> In a perfect world I would not have to spend my time cleaning up after
> PSI's obscenely irresponsible behavior.
There's the rub. You do not *have* to do that. Further, from where
I sit your solution is becoming a bigger problem than spam. Perhaps
more time spent on stopping the transit of spam instead of trying to
cancel it would decrease your blood pressure.
> Which part of the statistics I posted (showing ~100% spam daily from
> several PSI POPs) strikes you as irrational?
The part where it appeared that you and others would target *anything*
that originates from a PSI IP, regardless of the source.
The part where it appeared that you and others have the preposterous
idea that I or anyone else at Mindspring could have any effect what-
soever on PSI's behavior simply because we have a contract to put our
users on some of their modems for a fee.
The part where it appeared that you and others would punish us for
failing to comply with your extortion.
Shall I continue, or do you get my drift?
> >> I saw some mutterings out of someone at Mindspring (_not_ Jan), that
> >> suggests that their management level wouldn't be very sympathetic.
> >
> >No one posting here with a mindspring.com address works for Mindspring,
> >at least not that I am aware of. I am the news administrator here and
> >I assure you that I am not sympathetic to the abundance of extreme
> >rhetoric around nana.* - both extremes.
>
> Extreme abuse begets extreme rhetoric.
Becoming the enemy is not a pretty sight. Extremes are wrong.
Jan
Jan Isley
> Moratoriums can't work under the present conditions, since BI 20 spam
> will still get cancelled by cosmo regardless of the situation.
That's easy. I aliased Cosmo out long ago. Given the apparent lack
of responsiveness I am surprised that Cosmo still has outbound peers.
Jan
Lysander Spooner
wrote:
>According to Doug Mackall <spam...@pacbell.net>:
>
>> Moratoriums can't work under the present conditions, since BI 20 spam
>> will still get cancelled by cosmo regardless of the situation.
>
>That's easy. I aliased Cosmo out long ago.
You really _can't_ see past your own little news-fiefdom, can you?
>Given the apparent lack
>of responsiveness I am surprised that Cosmo still has outbound peers.
What have -you- done to discourage his peering?
SOME of us at least tried.
-- Rick
-----------
** ~95% of my cancels are for Hippo-resistant spam **
Lysander Spooner
wrote:
>According to Lysander Spooner <buch...@cybernex.net>:
>> In a perfect world I would not have to spend my time cleaning up after
>> PSI's obscenely irresponsible behavior.
>
>There's the rub. You do not *have* to do that. Further, from where
>I sit your solution is becoming a bigger problem than spam. Perhaps
>more time spent on stopping the transit of spam instead of trying to
>cancel it would decrease your blood pressure.
A - Unless you've been peeking at my DayTimer, you haven't the
faintest idea of how I allocate my time.
B - My blood pressure just fine, not that it's any of your business.
C - Fuck you.
>> Which part of the statistics I posted (showing ~100% spam daily from
>> several PSI POPs) strikes you as irrational?
>
>The part where it appeared that you and others would target *anything*
>that originates from a PSI IP, regardless of the source.
Learn to read, asshole. I said "which part of the STATISTICS...".
Targetting discussions aren't "statistics".
-- Rick
------------
** Gee, _hex_ addresses! We'da never fiiggered that out... **
Jan Isley
> wrote:
>
> >According to Doug Mackall <spam...@pacbell.net>:
> >
> >> Moratoriums can't work under the present conditions, since BI 20 spam
> >> will still get cancelled by cosmo regardless of the situation.
> >
> >That's easy. I aliased Cosmo out long ago.
>
> You really _can't_ see past your own little news-fiefdom, can you?
The end does not justify the means, Rick. I don't care for a future
Usenet that relies on threatening innocent parties to function.
Not that it matters, or that it should, but my 'fiefdom' is not little.
> >Given the apparent lack
> >of responsiveness I am surprised that Cosmo still has outbound peers.
>
> What have -you- done to discourage his peering?
I alias out his traffic, and I ask my peers to do the same.
I shut off my peer with PSI and I told them why. I do my best to drop
their spam and not transit it.
Jan
Jan Isley
> ** Gee, _hex_ addresses! We'da never fiiggered that out... **
Okay Chris, now you know why I may not only not change my NNTPH back,
I may think about encryption or even removing it. I believe *you*,
but some of your riding partners have gone native.
Jan
David Ritz
On 8 Nov 1998 22:56:48 GMT, Jan Isley wrote:
: fascinating...
I thought the hex addresses were kinda cute. I like 'em.
They sure didn't hinder creating the two Repsis reports I sent off
to Mindspring, on Saturday. (Yes, I know they'll be addressed
quickly and efficiently.)
|Newsgroups: news.admin.net-abuse.sightings
|Date: Sat, 7 Nov 1998 11:17:48 -0700 (MST)
|From: David Ritz <dr...@primenet.com>
|To: ab...@mindspring.com, k...@hhonline.de, d...@savvis.com,
| hostm...@sagenetworks.com, webm...@bannerswap.com,
| webm...@linkexchange.com, ab...@mail.WebSideStory.com
|cc: Ralph Losey <law...@orlando.com>, rep...@gdi.net,
| rep...@web-computers.net, sup...@iecbal.com,
| webm...@web-computers.net, webm...@morewomen.com,
| ro...@bsd.hhonline.de, hostm...@ecrc.de, hostm...@web2010.com
|Subject: EMP - BI=494.4871 - d1.56.0d.ed [209.86.13.237] (repsis)
|Message-ID: <Pine.BSI.3.96.98110...@usr10.primenet.com>
|Followup-To: news.admin.net-abuse.usenet
|Newsgroups: news.admin.net-abuse.sightings
|Date: Sat, 7 Nov 1998 12:04:55 -0700 (MST)
|From: David Ritz <dr...@primenet.com>
|To: ab...@mindspring.com, k...@hhonline.de, d...@savvis.com,
| hostm...@sagenetworks.com, ma...@worldport.com,
| webm...@linkexchange.com, ab...@mail.WebSideStory.com,
| ab...@yahoo.com
|cc: Ralph Losey <law...@orlando.com>, rep...@gdi.net,
| rep...@web-computers.net, sup...@iecbal.com,
| webm...@web-computers.net, ro...@bsd.hhonline.de, hostm...@ecrc.de,
| hostm...@web2010.com, sup...@exodus.net
|Subject: EMP - BI=360.0000 - cf.45.f7.1b [207.69.247.27] (repsis)
|Message-ID: <Pine.BSI.3.96.98110...@usr10.primenet.com>
|Followup-To: news.admin.net-abuse.usenet
<aside>
I've added <fr...@ftc.gov>, <frau...@psinet.com> and
<otcf...@cder.fda.gov> to my repsis addressbook alias, so I don't
accidentally forget them.
</aside>
I would have participated more in this thread, but I was a little
busy trying to help head off any UDP action against PSINet, under
any targeting criteria. It was a lot of work, but I feel I
played some small role in making a PSINet UDP unnecessary.
I, for one, know I could not support any UDP based solely on the
PSINet PoPs. Certain carefully targeted PoPs, I had no problem
with. Several had been long term, gnawing problems. I hope that
the actions taken by PSINet will alleviate even these PoP specific
problems.
I personally commend Mindspring for their stance and actions to
combat net-abuse of any nature. I'd hoped that only those servers
and those PoPs which were consistently being abused could be the
only targets of this UDP which wasn't.
I'm extremely glad that alternative actions were worked out and
not a single "psinetudp" cancel was issued. It wasn't easy. It
took a lot of effort, from all parties involved, but from my
perspective, it was worth every minute.
Thanks, Jan. I'm not sure there's a white hat big enough for you
and Mindspring.
--
David Ritz <dr...@primenet.com> Finger for PGP Public Keys
Fight against spam & spammers. http://spam.abuse.net
Outlaw Junk Email. ++++++ Join CAUCE ++++++ http://www.cauce.org
** Be kind to animals. - Kiss a shark. **
-----BEGIN PGP SIGNATURE-----
Version: PGP for Personal Privacy 5.5.3
Comment: Finger:dr...@primenet.com for Public Keys
iQCVAwUBNkZgwdzLrWGabIhRAQFEuQP+L6qvAoH8Dbrxgui+sRVQgSHk4J/vJK4c
G+5x3Cxm6+sTLgbHxEJmBHmG3tkFk9R1CZXLdIipMOyNdNBOr3baKfAr7cKvJOKN
7qeckyphE2fCTJTJggUyrCfZvlkR64HhCx27bTUPFl5SyfB8FWSK+sKbVhljRsHD
W2sCZ+cirsA=
=deuv
-----END PGP SIGNATURE-----
Douglas Mackall
jis...@eng.mindspring.net says...
> According to Doug Mackall <spam...@pacbell.net>:
>
> > Moratoriums can't work under the present conditions, since BI 20 spam
> > will still get cancelled by cosmo regardless of the situation.
>
> of responsiveness I am surprised that Cosmo still has outbound peers.
I can't speak for everyone, but I speak to Roadkill on occasion, albeit
with some delays.
--
SubGenius Police, Usenet Tactical Unit (Mobile), aka S.P.U.T.U.M.
Unit C: "Thou Shalt Not Pass Light Speed!"
The Eternally Recondite Master Interdictor, Network Attack Legion(TERMINAL)
http://www.sputum.com/
Lysander Spooner
wrote:
>The end does not justify the means, Rick. I don't care for a future
>Usenet that relies on threatening innocent parties to function.
Why were you silent when innocent users were affected during the UUNet
and Compuserve UDPs?
Where was your protest when innocent users were _about to be_ affected
prior to the scheduled UDPs of TIAC, Netcom and MCI2000?
Other guy's ox being gored? No problem?
Can you imagine what Usenet would be like right now if each of those
providers (as well as PSI) was still spewing spam at pre-UDP levels?
As a point of possible interest, the amount of spam I can find to
cancel is down _significantly_ from a week ago.
PSI UDP Summary --
End -- less spam and fewer cancels
Means -- nobody actually harmed except the spammers
I say it was a good deal.
-- Rick
Lysander Spooner
wrote:
>fascinating...
>
>> ** Gee, _hex_ addresses! We'da never fiiggered that out... **
>
>Okay Chris, now you know why I may not only not change my NNTPH back,
>I may think about encryption or even removing it. I believe *you*,
>but some of your riding partners have gone native.
Give me a fucking break! The UDP didn't happen. Everybody gets
to live happily ever after. Understand?
Or perhaps you fear I might do some cancelling anyway. Well check my
record. I have NEVER issued a rogue cancel. Not ONE.
(Would that everyone could make that claim.)
-- Rick
David Formosa
>On 8 Nov 1998 22:36:13 GMT, Jan Isley <jis...@eng.mindspring.net>
>wrote:
>
>>The end does not justify the means, Rick. I don't care for a future
>>Usenet that relies on threatening innocent parties to function.
>
>Why were you silent when innocent users were affected during the UUNet
>and Compuserve UDPs?
ISPs due to there grater size are more importent then users. In
addtion just because he didn't object to it then dosn't mean that he
can't object to it now.
--
Please excuse my spelling as I suffer from agraphia. See
http://www.zeta.org.au/~dformosa/Spelling.html to find out more.
Chris Lewis
> fascinating...
> > ** Gee, _hex_ addresses! We'da never fiiggered that out... **
> Okay Chris, now you know why I may not only not change my NNTPH back,
> I may think about encryption or even removing it. I believe *you*,
> but some of your riding partners have gone native.
Now now, Jan and Rick, this is getting out of hand, and not doing anyone
any good.
We have to remember that a threat of a UDP is just as effective as actually
implementing one. The fact that more UDPs warnings have been issued and
then rescinded than have actually taken place should make that clear.
Secondly, we also have to remember that the "single parameter" model for
this proposed UDP was merely that, _proposed_. Comments from some of the
other despammers here and privately, and the discussions that arose around
and among them should have made it clear that it was by no means certain
that those were the parameters that would be used. The whole question of
precise targetting heuristics was being left for the final announcement of
UDP implementation _precisely_ because of the Mindspring/Primenet issue.
I for one (and I don't think I'm wrong by suggesting that most of the
despammers who would have participated were thinking the same), regardless
of whether PSI actually did anything, would not have implemented a UDP that
hit Mindspring too. We _know_ Mindspring and Primenet are responsible,
and hitting you and Primenet would have done more damage to the whole concept
of UDPs and despamming than would have possibly been gained by "merely"
fixing the PSI problem.
I say again: I do not believe that a PSI UDP that hit stuff originating
on Mindspring servers would have occured under _any_ circumstances,
regardless of the comments posted here.
As for Mindspring not being able to put pressure on PSI. I'm well aware
of the difficulties you've had with PSI in the past (ie: redirecting the
abuse@ address during the PSI -> Mindspring retail customer takeover). But,
you _are_ the people with contracts with PSI. Contracts can be voided
or not renewed based upon non-performance of contract - UUNET has POPs
in most places too (and is doing a better job these days).
Pressure is, er, pressure. Sending complaints to them, even if you don't
get direct action, all contribute to pushing things in the right direction -
less spam.
UDPs are at least as much politics and maneuvering as actually implementing
one. Every [dis ;-)] organization needs attack dogs - not that this is
intentional planning, but, some people simply fill the role unasked. This
isn't just on the despammer side, witness Tim Jackson's ranting regarding
the proposed TIAC UDP, or senior management at UUNET's response to the
proposed UUNET UDP. It's all part of the "game". It _shouldn't_ be a
game, but that's life, and _that_ is the environment we have to live with.
Frankly, I don't care whether Mindspring restores the NPH, keeps the hex,
encrypts it, or removes it. Because I know that Mindspring will deal with
problems promptly. And if for some reason it lost its mind, and did become
a spam factory, then UDPs based on originating-server are available,
and more-or-less impossible to circumvent.
--
For more information on spam, see http://spam.abuse.net/spam
Fight spam, support Rep. Chris Smith's TCPA extension: http://www.cauce.org
Mark Hittinger
> We _know_ Mindspring and Primenet are responsible,
>and hitting you and Primenet would have done more damage to the whole concept
>of UDPs and despamming than would have possibly been gained by "merely"
>fixing the PSI problem.
It might not be a good idea to say "We" in this context. Please speak for
yourself only. I thought that you guys were not organized and controlled
by a central authority (this time). At least that is one of the excuses that
was given for the 8 month tolerance and cone-of-silence on the horrible levels
of spam output from PSI.
There is no evidence available to the public yet that indicated the open
server abuse from PSI pops WAS NOT coming from Mindspring or Primenet accounts.
SO! 1. You have evidence that you did not make public
OR! 2. You are exhibiting your provider bias again
The public discussion of exempting Mindspring and Primenet from the collateral
damage of the proposed PSI UDP should have included evidence that the open
server abuse was not from Mindspring or Primenet accounts.
Frankly, at a practical level I would find it very hard to believe that a
portion of the open server abuse did not come from Mindspring or Primenet
accounts. It is really hard to keep open server abuse from happening if
you don't implement NNTP/SMTP IP filtering at the pop level.
Regards,
Mark Hittinger
ICGNetcom/DallasOps
bu...@freebsd.netcom.com
Howard Knight
: The whole question of precise targetting heuristics was being left for
: the final announcement of UDP implementation _precisely_ because of the
For the record, Primenet told me that they do not lease dial-ups from
PSINet.
Howard
Jan Isley
> Frankly, at a practical level I would find it very hard to believe that a
> portion of the open server abuse did not come from Mindspring or Primenet
> accounts. It is really hard to keep open server abuse from happening if
> you don't implement NNTP/SMTP IP filtering at the pop level.
Well Mark, if you can demonstrate your point from news.mindspring.com,
I would love to see the evidence.
Jan
Jan Isley
> Now now, Jan and Rick, this is getting out of hand,
Yes, it is. It is simple. I believe you. I have known you for a
long time and have known you to be rational and fair. You are not
Rick. All I know of Rick is that he appears to be going postal.
Jan
Douglas Mackall
bu...@freebsd.netcom.com says...
> cle...@ferret.ocunix.on.ca (Chris Lewis) writes:
> > We _know_ Mindspring and Primenet are responsible,
> >and hitting you and Primenet would have done more damage to the whole concept
> >of UDPs and despamming than would have possibly been gained by "merely"
> >fixing the PSI problem.
>
> It might not be a good idea to say "We" in this context. Please speak for
> yourself only. I thought that you guys were not organized and controlled
> by a central authority (this time). At least that is one of the excuses that
> was given for the 8 month tolerance and cone-of-silence on the horrible levels
> of spam output from PSI.
Ok, WE, as in Chris and I, are in agreement on this issue.
> There is no evidence available to the public yet that indicated the open
> server abuse from PSI pops WAS NOT coming from Mindspring or Primenet accounts.
Since when were 'open servers' the main issue?
> SO! 1. You have evidence that you did not make public
That'd be a neat trick. Hide massive spam from the public.
Be kinda pointless on the spammer's part, no?
> OR! 2. You are exhibiting your provider bias again
That's utter bullshit, although even I would have to agree that it's hard
to prove otherwise, even forgoing the obvious 'you can't prove a
negative' argument.
The PSINet problem continued for far too long, although as I've pointed
out, the *very few* individuals willing to go on the line to enforce a
UDP are just that - individuals.
For whatever reasons, not everyone is up to dealing with the pressures
and hassles even a proposed UDP imposes, and so things are subject to the
human condition.
You don't like the way the deck's stacked?
Call your own UDPs.
A single person can manage one without breaking a sweat.
I've got 13 I'm running this instant on open servers, and yet I can still
read and respond to insinuations like this.
> The public discussion of exempting Mindspring and Primenet from the collateral
> damage of the proposed PSI UDP should have included evidence that the open
> server abuse was not from Mindspring or Primenet accounts.
I think you're confusing open server abuse with abuse of servers
available from PSI dialups.
If the abuse was mainly of open servers, and had continued for any length
of time from a single POP, rest assured I would have been screaming for a
plate of steaming spammer entrails.
Not to mention that I'd have been running summary UDPs on all those
servers if they were open to me.
This was not the case.
> Frankly, at a practical level I would find it very hard to believe that a
> portion of the open server abuse did not come from Mindspring or Primenet
> accounts. It is really hard to keep open server abuse from happening if
> you don't implement NNTP/SMTP IP filtering at the pop level.
In this we are in complete agreement.
IP filtering would leave me searching for some other way to waste my
spare time instead of plaing with open servers.
OTOH,
The data that we all use is freely available in news.admin.net-
abuse.bulletins.
Grep it on occasion, it's highly enlightening.
> Regards,
>
> Mark Hittinger
> ICGNetcom/DallasOps
> bu...@freebsd.netcom.com
Mark, I like you.
Why are you always trying to piss me off?
p.s.
I was at my mother's funeral when the first PSINet UDP was called off, so
I take no responsibility whatsoever for that.
They don't have usenet in Ohio, at least not so's you can tell.
Lysander Spooner
wrote:
>According to Chris Lewis <cle...@ferret.ocunix.on.ca>:
All I know of you is that you showed up, straight from net.legends,
and said some fairly offensive things to me. Perhaps I overreacted.
Perhaps not.
Calling cancels "my solution" definitely hit a button.
-- Lysander J. Carville
------------
** At 10 PM last night Slurp.net (one of the largest news outsources)
** began running CleanFeed. Damn! Less spam to cancel! Drat!
Jan Isley
> wrote:
>> All I know of Rick is that he appears to be going postal.
>
> All I know of you is that you showed up,
Showed up? Whatever you say. But you might ask around first.
> straight from net.legends,
The last time I checked, my name was absent from Delaney's FAQ.
> and said some fairly offensive things to me.
Yea, well I get real damn offended when I think that innocent people
are about to get stepped on. More so when they are *my* users.
> Perhaps I overreacted. Perhaps not.
I'll take that as a peace offer, accept it and offer the same from me.
> Calling cancels "my solution" definitely hit a button.
I must say (no foul intended) if what I said hit a button, chill.
Jan
Lysander Spooner
wrote:
>According to Lysander Spooner <buch...@cybernex.net>:
>> On 9 Nov 1998 19:02:59 GMT, Jan Isley <jis...@eng.mindspring.net>
>> wrote:
>
>>> All I know of Rick is that he appears to be going postal.
>>
>> All I know of you is that you showed up,
>
>Showed up? Whatever you say. But you might ask around first.
As in "showed up after a long absence..."
You seem to have absented yourself from nanau shortly before I got
back to Usenet after a multi-year sabbatical. (Prior to that hiatus,
I was blissfully uninvolved with net-abuse issues or admin related
stuff.) At least, if you've posted anything here in the last two
years or so, I must have missed it.
Naturally I'm aware of who you are, and that you are certainly not
"new" around these parts.
>> straight from net.legends,
>
>The last time I checked, my name was absent from Delaney's FAQ.
A grievous omission.
>> and said some fairly offensive things to me.
>
>Yea, well I get real damn offended when I think that innocent people
>are about to get stepped on. More so when they are *my* users.
Chill.
(And you said them _after_ it was clear nobody was going to get
stepped on.)
>> Perhaps I overreacted. Perhaps not.
>
>I'll take that as a peace offer, accept it and offer the same from me.
Done.
-- Rick
Chris Lewis
> > We _know_ Mindspring and Primenet are responsible,
> >and hitting you and Primenet would have done more damage to the whole concept
> >of UDPs and despamming than would have possibly been gained by "merely"
> >fixing the PSI problem.
> It might not be a good idea to say "We" in this context. Please speak for
> yourself only. I thought that you guys were not organized and controlled
> by a central authority (this time). At least that is one of the excuses that
> was given for the 8 month tolerance and cone-of-silence on the horrible levels
> of spam output from PSI.
"We" in this context means most of the people in nanau who've been around
for more than a little while, not any "UDP cabal" specifically.
> There is no evidence available to the public yet that indicated the open
> server abuse from PSI pops WAS NOT coming from Mindspring or Primenet accounts.
> SO! 1. You have evidence that you did not make public
>
> OR! 2. You are exhibiting your provider bias again
OR! 3. There's public evidence that you're not considering. [Despite
my trying to present it several times.]
Most people who've been around here for a while, particularly in the
despammer community, know that Mindspring (and Primenet) are extremely
vigilant in controlling spam, up to imposing cleanup fees (one of the
best deterrents there is) and, in Mindspring's case, requiring
user authentication to use their servers. Secondly, we _know_ that PSI
was notifying their downstreams at least sporadically even at the worst
volumes of the past few weeks. Hence, if they were Mindspring or Primenet
customers, they would have been thwacked quite hard.
For high volumes of spam coming from Mindspring customers thru open servers,
one must posit collusion between Mindspring, PSI and the spammers themselves.
I don't think so.
PSI's primary problem was probably not that of notification, but forcing
some their downstreams to enforce the AUP, and since some of their downstreams
weren't enforcing the AUP, PSI was getting drowned with complaints.
This is still a PSI problem, as it was with UUNET, in failing to police
their downstreams, not necessarily their own AUPs or (feeble) attempts
of enforcement.
That's not provider bias, but simply going by the publicly known facts.
That's why UDPs are complicated, and cannot be determined by purely
numerical means.
> The public discussion of exempting Mindspring and Primenet from the collateral
> damage of the proposed PSI UDP should have included evidence that the open
> server abuse was not from Mindspring or Primenet accounts.
Dejanews provides plenty of information on Mindspring's and Primenet's
policies and effectiveness.
> Frankly, at a practical level I would find it very hard to believe that a
> portion of the open server abuse did not come from Mindspring or Primenet
> accounts. It is really hard to keep open server abuse from happening if
> you don't implement NNTP/SMTP IP filtering at the pop level.
This is entirely true (which is why I'm coaching AGIS to do NNTP filtering
at the POP level before they get into renta-POPs ;-). And I have seen a few
email spams coming out of Mindspring lately too. However, with what _we_
(any person of long experience in Usenet abuse matters) do know, they don't
last long.
Chris Lewis
Whoops, mea culpa. Now I wonder where I got that from?