[RFD] A call for Usenet Death Penalty against Shaw Cable
Jamie
a Usenet Death Penalty against Shaw cable.
AKA shawcable.net, shaw.ca, sjrb.ca
Shaw Corporate Office
630-3rd Avenue S.W.
Calgary, Alberta
T2P 4L4
(403) 750-4500
1-888-750-7429
significant amounts of spam has originated from Shaw's network
with no response from them.
Also up to today at least Shaw was accepting abuse
complaints to ab...@shaw.ca and interne...@sjrb.ca
But that is no longer the case it appears now that Shaw
Cable is no longer accepting abuse complaints to those two
mailboxes. Any messages being sent there are bouncing back.
Shaw is making their position quite clear that they do not
want to accept any kind of abuse complaints about spam
coming from their network.
Bellow is a copy of the bounce backs that I have received
when I tried to email the Shaw cable abuse team.
This report relates to a message you sent with the following header fields:
Message-id: <005201c76194$cfa4b300$0f00a8c0@workstation1>
Date: Thu, 08 Mar 2007 10:16:54 -0500
From: Jamie <col...@darkshado.ca>
To: ab...@shaw.ca
Subject: Seo , Search Engine Optimizer , Seo Search engine Optimization ,
search engine optimization services, SEO Consulting
Your message cannot be delivered to the following recipients:
Recipient address: interne...@sjrb.ca
Original address: ab...@shaw.ca
Reason: Remote SMTP server has rejected address
Diagnostic code: smtp;550 5.7.1 <interne...@sjrb.ca>... Relaying
denied
Remote system: dns;prdcg4mtau2.shaw.ca
(TCP|10.0.120.163|26165|204.209.208.39|25) (prdcg4mtau2.shaw.ca ESMTP
Sendmail 8.13.4+Sun/8.13.3; Thu, 8 Mar 2007 08:20:05 -0700 [MST])
Reporting-MTA: dns;l-daemon (shaw_outgoing-daemon)
Original-recipient: rfc822;ab...@shaw.ca
Final-recipient: rfc822;interne...@sjrb.ca
Action: failed
Status: 5.7.1 (Remote SMTP server has rejected address)
Remote-MTA: dns;prdcg4mtau2.shaw.ca
(TCP|10.0.120.163|26165|204.209.208.39|25)
(prdcg4mtau2.shaw.ca ESMTP Sendmail 8.13.4+Sun/8.13.3; Thu, 8 Mar 2007
08:20:05 -0700 [MST])
Diagnostic-code: smtp;550 5.7.1 <interne...@sjrb.ca>... Relaying denied
And a 2nd bounce back
This Message was undeliverable due to the following reason:
Each of the following recipients was rejected by a remote mail server.
The reasons given by the server are included to help you determine why
each recipient was rejected.
Recipient: <interne...@sjrb.ca>
Reason: 5.7.1 <interne...@sjrb.ca>... Relaying denied
I have even made attempts to email Shaw cable via their web
form at https://secure.shaw.ca/need_help/Request_Help_Form.asp
asking that this problem be fixed when I got no response from Shaw
cable that way I also took the step of trying to call some one
at Shaw at 1-888-750-7429 and I reached Shaw's corporate offices.
I was put though to an individual's mailbox by the name of Paul Laforge
but never actually was able to speak to anyone about this problem.
So I called back in again and I was put though to the extension of
Russel Thompson who I was told was the head of security. Again I was not
able to speak directly to him but left him a very detailed message as to
the problem.
I feel that I have taken every step possible to resolve this problem.
Bellow is a sample spam which is originating from Shaw's news servers
and customers.
Subject: Seo , Search Engine Optimizer , Seo Search engine Optimization
, search engine optimization services, SEO Consulting
From: Se0 Guy<s...@yourseoconsulting.com>
Date: Thu, 08 Mar 2007 04:18:12 GMT
Message-ID: <88MHh.1256789$1T2.474434@pd7urf2no>
Bytes: 1011
Lines: 2
NNTP-Posting-Host: 24.64.223.206
Organization: Shaw Residential Internet
Path:
sp6iad.superfeed.net!news-in1.newsgroups.com!newspeer1.nwr.nac.net!border2.n
ntp.dca.giganews.com!nntp.giganews.com!pd7cy1no!pd7cy2no!shaw.ca!pd7urf2no.P
OSTED!53ab2750!not-for-mail
Newsgroups: news.admin.net-abuse.email
X-Trace: pd7urf2no 1173327492 24.64.223.206 (Wed, 07 Mar 2007 21:18:12 MST)
X-Trace-PostClient-IP: 70.66.196.99
X-Newsreader: Communi-K
X-Complaints-To: ab...@shaw.ca
NNTP-Posting-Date: Wed, 07 Mar 2007 21:18:12 MST
Xref: sp6iad.superfeed.net news.admin.net-abuse.email:1937718
Search Engine Optimization http://www.yourseoconsulting.com/ Seo
Optimization , Semantic Results, Artificial intelligence in Search, Auto
Content Generators, Search Engine Results. SEO optimizer. SEO consulting
Spam came though Shaw's new server at 24.64.223.206 and the IP of
the customer's machine is 70.66.196.99
03/08/07 12:15:06 dns 24.64.223.206
nslookup 24.64.223.206
Canonical name: px4cv.gv.shawcable.net
Addresses:
24.64.223.206
03/08/07 12:15:28 dns 70.66.196.99
nslookup 70.66.196.99
Canonical name: S0106001346c7ac9f.cc.shawcable.net
Addresses:
70.66.196.99
The lack of a response even up today is totally unacceptable on the part
of Shaw Cable and the spam is widely posted to many different groups and
numerous abuse complaints have been sent about the spam spewing
from Shaw's news servers but they are unresponsive and they seem
unwilling to do anything to stop the abuse.
Shaw cable is already being considered a spam source and has been
blocked on certain block lists.
http://www.spews.org/html/S3163.html
http://www.spamhaus.org/sbl/listings.lasso?isp=shawcable.net
SBL51859
24.76.9.70/32 shawcable.net
02-Mar-2007 11:47 GMT wufe.hk on hijacked PC
SBL51441
70.66.78.124/32 shawcable.net
19-Feb-2007 11:58 GMT Hacked PC hijacked to spam
SBL50959
70.65.1.50/32 shawcable.net
07-Feb-2007 04:40 GMT Spamming Whois contacts
SBL50001
24.84.18.203/32 shawcable.net
12-Jan-2007 07:23 GMT www.kabguz.com etc
SBL42615
66.163.66.18/32 shawcable.net
28-May-2006 11:37 GMT Webfinity/Dynamic Pipe
ra1sh-ge4-1.mt.shawcable.net
http://www.spamhaus.org/sbl/listings.lasso?isp=shaw.ca
SBL47638
68.147.206.63/32 shaw.ca
21-Oct-2006 13:18 GMT Ruslan Ibragimov / send-safe.com
Spammer DNS - nszx4.football-club5.com
They currently even support tne send-safe.com spammers
on their network a very bad spammer.
http://www.spamhaus.org/sbl/listings.lasso?isp=bigpipeinc.com
SBL44791
72.2.24.130/32 bigpipeinc.com
24-Jul-2006 18:31 GMT Yambo Financials
Spam webhosting / compromised host
SBL35966
72.2.28.0/22 bigpipeinc.com
17-Dec-2005 22:25 GMT Spam sources and landing pages
SBL27585
204.244.29.98/32 bigpipeinc.com
02-Jun-2005 05:42 GMT Brian Haberstroh / Atriks
proxy spam source
SBL17075
216.130.218.0/24 bigpipeinc.com
10-Jun-2004 07:16 GMT emailbucks.com / cavecreek.com
SBL15990
66.244.223.218/32 bigpipeinc.com
27-Apr-2004 05:51 GMT Webfinity/Dynamic Pipe
Pointer record to: 216.130.192.0/19 (AS 6327 >>> AS19961)
I think this statement in the spews record S3161 says it all
about Shaw cable.
"Spam ignorant. Poster child of how not to run a broadband network
company when it comes to dealing with abuse."
Just by checking though google groups you can see that Shaw
Cable has had a very shady past.
More spam samples cam be found in Google Groups going back
many years right up to currently. They have consistently
ignored spam complaints and spam continues to spew from Shaw's
news servers.
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
abee35ab1905b40a/b5d49fc392116041?lnk=st&q=&rnum=3#b5d49fc392116041
http://groups.google.ca/groups/search?q=%22When+stocks+are+down+the+company+
is+making+money+take+the+cash+then+and+get+into+something+you+can+be+proud+o
f%22+group%3Anews.admin.net-abuse.*&start=0&lr=&safe=off&num=10&filter=0
http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
http://groups.google.com/groups?scoring=d&q=24.71.223.147+group:*abuse*
http://groups.google.com/groups?scoring=d&q=24.64.223.206+group:*abuse*
http://groups.google.com/groups?q=70.67.89.64+group%3A*abuse*&start=0&scorin
g=d&filter=0
http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
ead/3ebec386a18127c7/95ac15b46fde5f8d?lnk=st&q=24.71.223.159+group%3A*abuse*
&rnum=4#95ac15b46fde5f8d
http://groups.google.com/groups?q=24.71.223.159+group%3A*abuse*&start=10&sa=
N&scoring=d&
http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
ead/5a5174831f1d219a/759d132c7068807f?lnk=st&q=24.70.95.211+group%3A*abuse*&
rnum=2#759d132c7068807f
http://groups.google.com/group/news.admin.net-abuse.bulletins/browse_frm/thr
ead/ceee65d855eda9cc/e7834c074a316475?lnk=st&q=24.71.223.159+group%3A*abuse*
&rnum=8#e7834c074a316475
Back on August 21 2002 Shaw was again one of the top
spam cancels again with over 3400 cancels.
Spam Cancel Statistics for 21 Aug 2002
3402 news*.calgary.shaw.ca.POSTED!*
July 2002 again one of the top spam cancels for
July 15 2002 with 26665 articles.
http://groups.google.com/group/news.admin.net-abuse.bulletins/browse_frm/thr
ead/fe7b726017d656e2/bf9f384cf37e53c9?lnk=st&q=24.71.223.159+group%3A*abuse*
&rnum=12#bf9f384cf37e53c9
26665 news*.calgary.shaw.ca.POSTED!*
Spam Cancel Statistics for 15 Jul 2002
This stats post from all the way back in 2003 shows
the clear flow of spam comming from Shaw they were the
#1 on the Spam cancel Stats for January 28 2003 with a
total of 6146.
6146 news*.calgary.shaw.ca.POSTED!*
The post is archived in Google groups.
http://groups.google.com/group/news.admin.net-abuse.bulletins/browse_frm/thr
ead/faf628d3e79741c9/5829c778e8d0c248?lnk=st&q=24.71.223.159+group%3A*abuse*
&rnum=5#5829c778e8d0c248
The spam has not let up since the UDP against @Home back
in 2000 and all of their partners. Which Shaw was one of them.
Some Shaw's news servers do not even have a domain name associated with
them. An example of this would be 64.59.135.176
telnet 64.59.135.176 119
Trying 64.59.135.176...
Connected to 64.59.135.176.
Escape character is '^]'.
Access denied by access control list.
Connection closed by foreign host.
http://www.dnsstuff.com/pages/rfc1912.htm
2.1 Inconsistent, Missing, or Bad Data
Every Internet-reachable host should have a name. The consequences
of this are becoming more and more obvious. Many services available
on the Internet will not talk to you if you aren't correctly
registered in the DNS.
A list of Shaw's news servers can be found at
http://www.smr-usenet.com/tech/shaw.shtml
some of the servers such as the Ontario servers
no longer exist since this area is now run by
Rogers cable. Shaw cable is pretty well on the
West coast of Canada and Shaw is in Central / Eastern
Canada. This list above may not be complete but it did
give me a starting point to lookup abuse.
Shaw Cable has had a long history of abuse at even when
they were with @home and ever since then.
I would humbly request that a Usenet Death Penalty (UDP)
be brought against Shaw Cable for the above reasons.
Distribution:
news.admin.net-abuse.usenet,
news.admin.net-abuse.policy
Jamie
--
Do not reply using the email address in
the header of this message.
That email address is a spamtrap
email me at jamie_usenet [at] hotmail.com
Jamie
Jamie
Jamie
Per Hansen
> I would like open up a discussion about the possiblity of
> a Usenet Death Penalty against Shaw cable.
> AKA shawcable.net, shaw.ca, sjrb.ca
>
You dont have to do the same annoying thing like the spammers does:
Billboarding your message. This is just as annoying as all the
spam that shows up in the groups.
--
Per Hansen
Geoff Brozny
> You dont have to do the same annoying thing like the spammers does:
> Billboarding your message. This is just as annoying as all the
> spam that shows up in the groups.
>
You can safely ignore Jamie, he is just doing whatever he can to try to
get attention and fit in, he also has a history of spamming and
harassing ISPs abuse desks, as well as stopping at nothing to try to get
his way.
geoff
Tim Skirvin
>> I would like open up a discussion about the possiblity of
>> a Usenet Death Penalty against Shaw cable.
>> AKA shawcable.net, shaw.ca, sjrb.ca
> You dont have to do the same annoying thing like the spammers does:
> Billboarding your message. This is just as annoying as all the
> spam that shows up in the groups.
To be fair, the multiple posts weren't his fault. There was a
cancelbot running that caught his post within a few seconds of it being
posted; and I reposted it when I didn't find it. Plus, I'm working on a
new version of the modbot, which led to additional problems.
Things should be better now - the cancelbot now exempts NANAP, and
the modbot is doing what it's supposed to (except with MIME
autoresponses! Well, amongst other improvements.).
- Tim Skirvin (tski...@killfile.org)
Moderator, much of news.admin.net-abuse.*
--
http://www.killfile.org/~tskirvin/nana/ news.admin.net-abuse.*
http://www.killfile.org/donations.html killfile.org donations
col...@darkshado.ca
Geoff if it is your intention to just flame this thread then go
away now and never post again. People like you are not needed
or wanted here if your only intention is to spam and
flame this thread. We are trying to have a serious discussion
here and we do not need people like you here.
Your slander and lies won't be accepted here nor am I a spammer
or abuse ISPs in any way. Geoff Brozny has some mental issues
obiously and he is the one that should be ignored.
Per Hansen I also saw your posts and I appologize about
the multiple posts but that wasn't my fault there was a
cancel bot running around canceling my posts soon
as they were made Tim fixed that problem and reposted
my messages but all the messages got posted instead of just
one copy of the RFD.
Again I appologize for that and hope that you will look
at the information contained in this document and will
support the decision to have a UDP against Shaw Cable.
The flow of spam comming from Shaw cable is unacceptable
and there is no end in sight. Shaw's upper management
can't seem to make the decision to even put in filtering
on their port 25 little lone the issue of the
news server needing to be setup to require authentication
Shaw is unresponsive to abuse complaints and don't
really seem to care about this problem. Upper management
is dragging its heals about making any kind of decision
to properly secure thier network and I am personally
tired of all the spam spewing from thier IPs.
I look forward to seeing what others have to say on this.
Please people lets keep this a serious discussion people
like Geoff Brozny and friends need not reply to this
thread.
Thank you,
Jamie
Jamie
I appologize that was not my intention at all there was
some technical issues happening with a cancel bot
running around canceling my posts with in seconds
of posting so none of my posts were showing up.
http://groups.google.ca/group/news.admin.net-abuse.policy/browse_frm/thread/
6adb16c2fa3cd578/37c19409d72a1945?lnk=st&q=%5BRFD%5D+A+call+for+Usenet+Death
+Penalty+against+Shaw+Cable&rnum=1#37c19409d72a1945
Several attempts where made to post the message and none
of them showed up and then when Tim reposted my messages
for me they all showed up.
Tim Just so you know there are still issues occuring
with my posts not showing up from my
nuthinbutnews.com account no posts from there
are showing up. I also tried to reply using google
groups and no messages showed up from their either.
Tim did you get my emails I sent to you about this
problem? Can you take a look into this for me
and why my posts are not show up when I reply
to threads here on news.admin.net-abuse.policy
Is that cancel bot still running around canceling
posts?
Anyways I look forward to seeing everyone's position
on a UDP against Shaw and hopefully there should
be enough support to get this matter taken care
of.
Please consider this based on the information provided
in the orginal RFD not what Trolls like Geoff Brozny
say. I want this to be a serious discussion and
feel that the UDP against shaw is definately needed
and should be put in place. The flow of spam from Shaw
Cable is unacceptable and needs to stop.
Etaoin Shrdlu
> Geoff if it is your intention to just flame this thread then go
> away now and never post again. People like you are not needed
> or wanted here if your only intention is to spam and
> flame this thread. We are trying to have a serious discussion
> here and we do not need people like you here.
>
> Your slander and lies won't be accepted here nor am I a spammer
> or abuse ISPs in any way. Geoff Brozny has some mental issues
> obiously and he is the one that should be ignored.
Eveyrone would be advised to google for "Jamie Baillie Spammer" and find
out the truth about "darkshado".
--
"The only difference between Bush and Hitler
is that Hitler was elected"
- Kurt Vonnegut
Have you hugged a cat today???
My NANAE hangout: http://etaoin.zapto.org keep ".NOSPAM" to mail me.
Jamie
> Le 09 Mar 2007, col...@darkshado.ca a écrit :
>
> > Geoff if it is your intention to just flame this thread then go
> > away now and never post again. People like you are not needed
> > or wanted here if your only intention is to spam and
> > flame this thread. We are trying to have a serious discussion
> > here and we do not need people like you here.
> >
> > Your slander and lies won't be accepted here nor am I a spammer
> > or abuse ISPs in any way. Geoff Brozny has some mental issues
> > obiously and he is the one that should be ignored.
>
>
> Eveyrone would be advised to google for "Jamie Baillie Spammer" and find
> out the truth about "darkshado".
>
This is yet another one of Geoff Brozny's friends who
goes around and flames various threads in the newsgroups.
Him and a bunch of his friends have setup false sites
defaming my good name. Simply because it is posted on
a website or a forum does NOT make it the truth.
This individual needs to post under an assumed name
because he is to scared to let everyone know
who he really is.
Again Etaoin Shrdlu if all you are going to do is
flame this thread and be a little troll then don't
bother even posting here.
Tim I thought this was supose to be a MODERATED
group. Please do not allow these individuals
to polute this thread. They are just trolling
this thread and causing problems like they do in
most other newsgroups.
Thank you,
Etaoin Shrdlu
> This is yet another one of Geoff Brozny's friends who
> goes around and flames various threads in the newsgroups.
>
> Him and a bunch of his friends have setup false sites
> defaming my good name. Simply because it is posted on
> a website or a forum does NOT make it the truth.
>
> This individual needs to post under an assumed name
> because he is to scared to let everyone know
> who he really is.
Mister Jamie Baillie is a professional net abuser and spammer.
He is a master of harassment towards those who denounce his actions.
Anybody wanting more confirmation of the above simply need to perform a
simple Google search with the terms "Jamie Baillie" and "spammer", as
well as look at his USENET postings from 2002 onwards to see he has
attained a cult-like status on NEWS.ADMIN.NET-ABUSE.EMAIL.
Mister Baillie is also a laughingstock in many ISPs abuse departments he
has been showering profusiously with lengthy rants about users who are
denouncing him.
When the ISP abuse department abuse is insufficient, he often moves on
towards abusing and harassing the law-enforcement when they fail to move
against his critics.
Mister Baillie has also initiated a complaint against myself with the
Toronto police department, which has been dismissed as unsubstantiated;
this alone is a very good reason not to deal with Jamie Baillie under
one's real identity (as a matter of fact, the Toronto police has not been
able to ascertain my proper identity, thanks to the numerous precautions
I have endeavoured to take to deal with Jamie Baillie. As a matter of
fact, dealing with Jamie Baillie with one's true identity and in a
traceable way is a very irresponsible and dangerous act).
Jamie Baillie has been repeatedly warned to vanish and disappear from
USENET in order to be forgotten; as long as he will refuse to do so, we
will endeavour to denounce him as he is, a spammer and net abuser.
Mister Baillie, you are on notice to disappear from USENET. Shall you
fail to do so, we will proceed into following you and denouncing you
while posting proper documentation to the effect.
If you do not want to be embarrassed, you only have one thing to do:
vanish. This is a last warning; do not assume you have already seen all
the material that is available about you.
Jamie
<SNIP A WHOLE LOT OF GARBAGE>
This post really demonstrates how
kooky this Etaion Shrdlu really is
he does this in a lot of groups and
just goes around flaming people
and threating and harassing them.
Just ignore Etaion Shrdlu he is so
scared he won't even post under
his real name. His threats and
harasement are noted everywhere he
thinks he can bully people into
doing what ever he wants and
when it doesn't work he jumps
up and down and stomps his feet
and starts throwing around a bunch
of threats and made up stories.
He has even gone as far along with a
few friends of his to defame me on certian
websites and usenet postings.
Sorry Etaion Shrdlu I am here to stay
and there is nothing you can do
about it either.
Oh and FYI his statement about the
police complaint it was because I was
receiving threating and harassing emails
and other communications from this individual
and it wasn't dismissed a warrant was actually
issued for information about this "Etaion Shrdlu"
and was told to back off which he did for a while
but it looks like Etaion Shrdlu is off his meds
again and has gone totally off his rocker
once again.
This individual has been told not to contact
me in any way but continues to send he harasing
emails and post threating / harassing
messages like this on the usenet.
He has actually emailed me just in the past month
sending another one of his cartoony threats
and false reports to one of my hotmail accounts
CC my ISP and news provider on it. They laughed at
him and has dismissed his false complaint very quickly.
Etaion Shrdlu is obviously quite mentally
unstable.
I do think this group needs some better moderation
to stop kooks like this from spamming threads
such as this. Tim can you please cancel these posts
by this abuser?
I can assure you this information is far
from correct and I want everyone
to look at the issues at hand which
is the spam comming from Shaw's network
and why it is important for a UDP
against them.
Tim I thought this was supose
to be a MODERATED group to stop
garbage like this. Please remove
this post and all others made by
Etaion Shrdlu in this thread.
Doug Freyburger
>
> ... is also a laughingstock in many ISPs abuse departments he
> has been showering profusiously with lengthy rants about users who are
> denouncing him.
Is this a discussion of 'abuse "on" UseNet', or is it yet another
demonstration of the problem of caring about the difference
between 'abuse "of" UseNet' and 'abuse "on" UseNet'? One
of the problems that drives away newbies from UseNet is that
plenty of NSPs utterly ignore any complaints at all. Another
is that plenty of ISPs filter complaints for the of/on issue
rather than on validity. Sure, it's an unlimited amount of work
to filter for validity, but only if it's done by hand ...
Some people are simply complainers. Some people are simply
abusers. It isn't difficult for anyone with some judgement to
figure out the few that are either. Does anyone have any
interest in automation that makes it easy to identify the
abusers to be able to pull accounts that also identifies
complainers at the same time to reduce their level of input?
In some sense, the content of a complaint doesn't need to be
important. Log the complainer, the complainee, the originating
NSP of the post. Build a table per complainee where the
bigger it gets the more likely to pull the account. Build a table
per complainer where the more complaints logged against
complainees with low scores the lower those complaints are
heeded, but have the table recalculate so being the first to
complain about a new socket isn't a problem. Also build a
table per NSP to rate badness. Then set a threshold to start
dropping posts of complainees, reports by complainers, and
ultimately posts by a sufficiently bad NSP.
Wouldn't an automated method like this end up helping?
Until it becomes known and gamed by a script. It would have
to have some sort of forgery detection. I rather like the idea
of using a web interface with built in slowness and some sort
of login process to be able to log a complaint - Consider the
image thing Google is now using before it displays email
addresses.
Jamie
>
> Is this a discussion of 'abuse "on" UseNet', or is it yet another
> demonstration of the problem of caring about the difference
> between 'abuse "of" UseNet' and 'abuse "on" UseNet'? One
> of the problems that drives away newbies from UseNet is that
> plenty of NSPs utterly ignore any complaints at all. Another
> is that plenty of ISPs filter complaints for the of/on issue
> rather than on validity. Sure, it's an unlimited amount of work
> to filter for validity, but only if it's done by hand ...
>
<SNIP>
Doug so what do you think about the request for
the possiblity of a UDP against Shaw cable for
their massive amonuts of spam due to their
insecure network.
Shaw is clearly abusing the usenet and isn't
properly securing their network. From what
I have been told by one of the people that
work in their own abuse department they
admitted to me that they have a problem
with their customers setting up wireless
networks and not properly securing them.
Then these networks are being hijacked
by these spammers in what can be described
as a "drive by spamming".
Shaw Cable seems to also ignore most complaints
and are doing very little to stop the flow of
the spam orginating from their network both via
email and posts to the usenet.
David Ritz
On Thu, 8 Mar 2007 12:58:13 -0600,
in article <1173380...@sp6iad.superfeed.net>,
Jamie <dark...@darkshado.ca> wrote:
J> I would like open up a discussion about the possiblity of a Usenet
J> Death Penalty against Shaw cable. AKA shawcable.net, shaw.ca,
J> sjrb.ca
Jamie,
For such a lengthy article, there really isn't much content. Since
this is a request for discussion regarding an Usenet Death Penalty,
I've taken the liberty of appropriately trimming away a lot of the
irrelevancies, ie. SMTP and DNS issues, which have nothing to do
with what I believe to be the issue at hand.
Now, please take a deep breath or two. If you continue to allow
yourself to be baited into flame wars, here, you will most
assuredly find your way into my killfile. While I can't speak for
Tim, I'll note that other individuals have lost their ability to
post here, because they were unable to resist participating in
flame wars, trolling and troll-baiting.
<...>
J> significant amounts of spam has originated from Shaw's network
J> with no response from them.
I'm sorry, but this appears to assume facts which are not in
evidence. I, for one, have received some excellent feedback from
Shaw. I'll also point out, that its going to be more helpful, if
you were to focus on the specific issue, and be prepared to back up
your assertions with facts.
In addition to reacquainting Shaw's abuse desk with the DSRS
(Deja Spam Research Service), I've made the following gziped
archives available to their staff.
$ zgrep Client *shaw*.gz | count
55056 20070119_shaw_68.146.249.27_rnews.txt.gz:
X-Trace-PostClient-IP: 68.146.249.27
43985 20070307_shaw_70.66.196.99_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.196.99
26636 20070201_shaw_68.146.229.23_head.txt.gz:
X-Trace-PostClient-IP: 68.146.229.23
17938 20070308_shaw_70.66.196.99_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.196.99
10654 20070208_shaw_68.146.196.189_head.txt.gz:
X-Trace-PostClient-IP: 68.146.196.189
7747 20070211_shaw_68.146.244.86_head.txt.gz:
X-Trace-PostClient-IP: 68.146.244.86
3619 20070204_shaw_68.144.109.35_rnews.txt.gz:
X-Trace-PostClient-IP: 68.144.109.35
3305 20070203_shaw_68.144.74.102_head.txt.gz:
X-Trace-PostClient-IP: 68.144.74.102
3210 20070308_shaw_70.66.194.39_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.194.39
2510 20070207_shaw_68.145.49.74_rnews.txt.gz:
X-Trace-PostClient-IP: 68.145.49.74
20 20070203_shaw_68.144.74.102_rnews.txt.gz:
X-Trace-PostClient-IP: 68.144.74.102
J> Also up to today at least Shaw was accepting abuse complaints to
J> ab...@shaw.ca and interne...@sjrb.ca
[snip 60 lines regarding an SMTP configuration error at Shaw.ca]
[snip 14 additional lines regarding voice mail]
The configuration error, which caused your complaint to bounce, has
been addressed, as I understand it.
J> I feel that I have taken every step possible to resolve this
J> problem.
I believe that is your position.
My position, on the other hand is, that the options are just
beginning to be explored. I feel that progress is beginning to be
made. It's even possible that your request for this discussion
helped get the ball rolling. A clue appears to be making its way
slowly up the food chain. (This is never an easy job.)
J> Bellow is a sample spam which is originating from Shaw's news
J> servers and customers.
[snip 27 lines of quoted drive-by spam]
J> Spam came though Shaw's new server at 24.64.223.206 and the IP of
J> the customer's machine is 70.66.196.99
[snip nslookups]
J> The lack of a response even up today is totally unacceptable on
J> the part of Shaw Cable and the spam is widely posted to many
J> different groups and numerous abuse complaints have been sent
J> about the spam spewing from Shaw's news servers but they are
J> unresponsive and they seem unwilling to do anything to stop the
J> abuse.
Over the years, I've dealt with Shaw's abuse desk, more than just
a few times. My experience suggests that they are actually fairly
expedient, in finding remedies to network abuse issues. This is
not to suggest, that I am not also frustrated by the current
series of drive-by hijackings. Speaking in quite general terms, my
extended experience with Shaw's Acceptable Policy Department has
been a very positive one.
To date, Shaw's overall role has been merely a reactive one. I'm
now attempting to help them move to a far more proactive position.
J> Shaw cable is already being considered a spam source and has been
J> blocked on certain block lists.
[snip 71 lines regarding SMTP block-list issues]
J> Just by checking though google groups you can see that Shaw Cable
J> has had a very shady past.
J> More spam samples cam be found in Google Groups going back many
J> years right up to currently. They have consistently ignored spam
J> complaints and spam continues to spew from Shaw's news servers.
J> [<http://tinyurl.com/2jwpfr>]
This seems to be a misplaced sightings report.
J> [<http://tinyurl.com/2sv6lx>]
This shows four copies of one drive-by spam made it into nana.*.
It suggests the groups.google.com needs better spam filtering.
J> [<http://tinyurl.com/26bbxq>]
J> [<http://tinyurl.com/26bbxq>]
These point tosightings reports.
J> http://groups.google.com/groups?scoring=d&q=24.71.223.147+group:*abuse*
J> http://groups.google.com/groups?scoring=d&q=24.64.223.206+group:*abuse*
These are queries based on Shaw's user cache proxies, which,
unfortunately, do not reveal much of anything. Again, narrowing
your focus to the issue of Usenet abuse, would be a bit more
helpful.
J> [<http://tinyurl.com/2mzzsx>]
This is a google query based on one hijacked user IP address.
J> [<http://tinyurl.com/2g5xwy>]
This is a MMF report in nana.sightings, from 2003, which has
nothing to do with the current climate at Shaw.
J> [<http://tinyurl.com/22k7st>]
J> [<http://tinyurl.com/2299q8>]
These are queries based on Shaw's user cache proxies, which,
unfortunately, do not reveal much of anything.
J> [<http://tinyurl.com/2f3cz6>]
This points to two of your nana.sightings reports.
j> [<http://tinyurl.com/3cnp2n>]
J> Back on August 21 2002 Shaw was again one of the top spam cancels
J> again with over 3400 cancels.
J> Spam Cancel Statistics for 21 Aug 2002
I'm sorry, Jamie, but I seem to be a little lost. While I am
familiar with the current set of circumstances, which moved you to
bring this UDP discussion forward, you haven't provided much, upon
which to base your request.
What, pray tell, do statistics on cyberspam cancels, which are four
and a half years old, have to do with the issue at hand?
[snip 25 lines regarding spam cancels]
Jamie, while those old statistics may be interesting, they dealt
with an entirely different type of security issue. These old
issues were dealt with in an expedient manner. If they had not
been, there would have been a lot more spam issuing forth from
Shaw, than we are currently experiencing. The particular spam
gang responsible for the glitches you're observing in Andrew
Gierth's old statistics were responsible for as many as 400K
spammed posts, in any given twenty four hour period.
Shaw was able to address these incidents, in a far more expedient
fashion, than any number of other broadband providers, without
anyone suggesting that a UDP against Shaw was an appropriate course
of action.
The same, cannot be said, for several other broadband providers,
in the same general time frame.
J> The spam has not let up since the UDP against @Home back in 2000
J> and all of their partners. Which Shaw was one of them.
This is a series of events with which I am more than passingly
familiar. I would highly recommend reading about it, in some
detail, rather than simply pointing out that various discussions
came to pass.
I'll point out that, while Shaw, Rogers and home.nl were included
under the @Home UDP, in January, 2000, they were not a part of the
problem, which led to this UDP being called. I'll also note that
this UDP never proceeded to an active state.
[snip 17 lines regarding irrelevant DNS matters]
J> A list of Shaw's news servers can be found at
J> http://www.smr-usenet.com/tech/shaw.shtml
I regret that I am currently enjoined from accessing this site,
although I am quite confident that I would be able to identify any
and all of Shaw's news-peers, should the need arise.
I feel that this discussion is, at best, premature.
- --
David Ritz <dritz+...@suespammers.org>
"This isn't a win/lose kind of thing. If there's a UDP, we all lose.
If the abuse stops, we all win." - Jeremy Nixon
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
Comment: PGP Public Keys: <http://dritz.mako.ath.cx/keys.txt>
iQCVAwUBRfNHSKdkAgrqVVPRAQF2xgP/Ynjne65sBT1AezkuUx7e5f39R85Gm8u9
ph9CcN5ZHah+MDfFnJoQkZy9gQl1jcnSR1HIlbt6JvXcUX17+6zIOWqUJnEdcnp3
LoqJtj49FOT9sG+PqxuSS2B2qYwoFKcuC43Zo8r/eJcJZ+q1KP6I6aF1IL5HYYFe
y4skbNhGqMU=
=oQfR
-----END PGP SIGNATURE-----
Jamie
>
> Jamie,
>
> For such a lengthy article, there really isn't much content. Since
> this is a request for discussion regarding an Usenet Death Penalty,
> I've taken the liberty of appropriately trimming away a lot of the
> irrelevancies, ie. SMTP and DNS issues, which have nothing to do
> with what I believe to be the issue at hand.
>
> Now, please take a deep breath or two. If you continue to allow
> yourself to be baited into flame wars, here, you will most
> assuredly find your way into my killfile. While I can't speak for
> Tim, I'll note that other individuals have lost their ability to
> post here, because they were unable to resist participating in
> flame wars, trolling and troll-baiting.
>
Well maybe if the group was moderated a bit better
we wouldn't have this problem these trollers
should never have been able to get in here in
the first place.
Tim should disallow posts from these two individuals
to this group. But yet I still continue to see that
he authorizes the posts. Why I don't know they
are not bringing anything good to this group.
> <...>
>
> J> significant amounts of spam has originated from Shaw's network
> J> with no response from them.
>
> I'm sorry, but this appears to assume facts which are not in
> evidence. I, for one, have received some excellent feedback from
> Shaw. I'll also point out, that its going to be more helpful, if
> you were to focus on the specific issue, and be prepared to back up
> your assertions with facts.
>
David you are obviously either just trolling this group
or are pretty blind beacuse I have provided massive amounts
of spam samples and documentation showing that since
the last UDP against @Home which Shaw was a part
of that the spam has continued to increase and
that Shaw has very long history of abuse and refuse to
do anything to stop it.
Shaw is has done very little in the past 6 years
to stop the flow of spam coming from thier network.
I already have backed up my facts with a lot of evidence
that you either seemed to miss reading or just plain
ignored. Go back and read my complaint again.
> In addition to reacquainting Shaw's abuse desk with the DSRS
> (Deja Spam Research Service), I've made the following gziped
> archives available to their staff.
>
<SNIP>
>
> [snip 60 lines regarding an SMTP configuration error at Shaw.ca]
>
> [snip 14 additional lines regarding voice mail]
>
> The configuration error, which caused your complaint to bounce, has
> been addressed, as I understand it.
Even though the bouncing problem was addressed
Shaw still isn't doing anything about the complaints
they recieve and that is part of the problem here.
And the SMTP problem shows that Shaw is not willing
to implement very much to actually stem the flow of
spam from thier residential customers. it just strengthens
my position against Shaw and shows even more as to why
Shaw should be totally blocked from both the usenet
and mail.
Shaw refuses to implement any kind of authorization
features so far on their newservers (AUTH INFO)
that would essentially put an end to the spam
right there. Shaw has not made up thier mind
yet about setting up some ACLs on thier residential
customers to block port 25 to stop the flow of
spam from thier infected customers which is the
reason for the request for the UDP against Shaw.
>
> I believe that is your position.
>
> My position, on the other hand is, that the options are just
> beginning to be explored. I feel that progress is beginning to be
> made. It's even possible that your request for this discussion
> helped get the ball rolling. A clue appears to be making its way
> slowly up the food chain. (This is never an easy job.)
This isn't beginnig to be explored it has been 6 years
since the last UDP and spam still flows quite freely
from Shaw's network. After the last UDP they should have
implemented a lot of these features to stop spam from
flowing from thier news server such as requiring authentication
before posting. Shaw has had 6 long years to implement all
of this and has had plenty of time.
This discussion is far from premature and is needed
the abuse that has come out of Shaw's network has
gone on for WAY too long.
>
> Over the years, I've dealt with Shaw's abuse desk, more than just
> a few times. My experience suggests that they are actually fairly
> expedient, in finding remedies to network abuse issues. This is
> not to suggest, that I am not also frustrated by the current
> series of drive-by hijackings. Speaking in quite general terms, my
> extended experience with Shaw's Acceptable Policy Department has
> been a very positive one.
>
> To date, Shaw's overall role has been merely a reactive one. I'm
> now attempting to help them move to a far more proactive position.
You can't help them move into a proactive position because the upper
management at Shaw is dragging its heals at implementing
any kind of measures to actually stop the spam from orginating from
their network via both mail and news.
I have suggested several things that could help them
improve thier security but if they are unwilling
to implement these features then there really is nothing
else that can be done by me or anyone else.
At best they are not even reactive in a lot of cases. A lot of times
complaints still get passed by when they are emailed in.
>
> J> [<http://tinyurl.com/2jwpfr>]
>
> This seems to be a misplaced sightings report.
It is a complaint about more spam comming from Shaw's
news servers again. It is yet another sample.
Shows that I am not the only one that is sick
of the spam comming from Shaw's usenet server.
>
> J> [<http://tinyurl.com/2sv6lx>]
>
> This shows four copies of one drive-by spam made it into nana.*.
> It suggests the groups.google.com needs better spam filtering.
>
> J> [<http://tinyurl.com/26bbxq>]
> J> [<http://tinyurl.com/26bbxq>]
this shows that Shaw needs to increase thier security
of thier network. Not that groups.google.com needs better
filtering. Again no authentication on Shaw's news server
which would put an end to this spam comming from
these hijacked networks. Something Shaw has not
implemented on thier news servers.
>
> These point tosightings reports.
>
> J> http://groups.google.com/groups?scoring=d&q=24.71.223.147+group:*abuse*
> J> http://groups.google.com/groups?scoring=d&q=24.64.223.206+group:*abuse*
>
> These are queries based on Shaw's user cache proxies, which,
> unfortunately, do not reveal much of anything. Again, narrowing
> your focus to the issue of Usenet abuse, would be a bit more
> helpful.
They show you a lot go back again and take a look at the
large number of spam orginating from thier network.
http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
ead/da15a4b290163ada/1f24e2d39222baa0?lnk=st&q=24.71.223.147+group%3A*abuse*
&rnum=7#1f24e2d39222baa0
It shows that thier news server is being used
to post a lot of this garbage and shows many abuse
complaints in there. Actually take a look at the data
which is obviously something you didn't do and immediately
dismissed it with out even actually looking at it.
There are MANY examples in there but obviously
you didn't care to actually take a look.
I was not going to post the exact link for
every spam that came directly from Shaw's
news server.
>
> J> [<http://tinyurl.com/2mzzsx>]
>
> This is a google query based on one hijacked user IP address.
Yes yet another example an exact link to one of the
hijacked machines, very good you actually read this one.
>
> J> [<http://tinyurl.com/2g5xwy>]
>
> This is a MMF report in nana.sightings, from 2003, which has
> nothing to do with the current climate at Shaw.
It has everything to do with Shaw since
the last UDP against them in 2000 shows
how spam has continued to flowly free from
their network. it has everything to do with
it. Again you have wrongfully dismissed data.
> J> [<http://tinyurl.com/22k7st>]
> J> [<http://tinyurl.com/2299q8>]
>
> These are queries based on Shaw's user cache proxies, which,
> unfortunately, do not reveal much of anything.
yes they do they are more spam from Shaw. Again you have
attempted to wrongly dissmiss my data. actually go
though there and READ the complaints there are a LOT
of spam samples comming from these news servers.
Again I am NOT going to post thousands of links
directly to EVERY spam sample comming from Shaw's
news servers.
The only reason why I believe you are trying
to dismiss all of my Data is because you
have a personal problem with me like many
others and are trying to discredit the data
I have provided because of that. Maybe a form of
revenge I dunno.
>
> J> [<http://tinyurl.com/2f3cz6>]
>
> This points to two of your nana.sightings reports.
yes they are two more exact links to spam I did post
several samples with links directly to the spam samples
but I was not going to do so for thousands of spams
that came from thier network.
>
> j> [<http://tinyurl.com/3cnp2n>]
>
> J> Back on August 21 2002 Shaw was again one of the top spam cancels
> J> again with over 3400 cancels.
>
> J> Spam Cancel Statistics for 21 Aug 2002
>
> I'm sorry, Jamie, but I seem to be a little lost. While I am
> familiar with the current set of circumstances, which moved you to
> bring this UDP discussion forward, you haven't provided much, upon
> which to base your request.
>
> What, pray tell, do statistics on cyberspam cancels, which are four
> and a half years old, have to do with the issue at hand?
>
> [snip 25 lines regarding spam cancels]
It has everything again to do with it clearly showing that
since the LAST UDP threat against @Home / shaw that spam has
continued to climb from thier network and that Shaw has
done very little if anything to stop the flow of spam
comming from their news server.
I have provided a lot of information which you have ignored
and try to dismiss. You are not reading all the information
you obviously just skimmed though everything with out
properly reading all the data. those two URLs show a
lot of spam samples comming
It does not matter that it is a different kind of abuse
or not it is STILL spam spewing from thier news server.
It shows how little Shaw really has done over the past
6 years to stop the abuse comming from their network.
Spam has flowed freely from Shaw's network and the
data which I posted about email spammers they
support currently which you tried to dismiss above
are probly the ones responsible for posting that
garbage. Shaw at best has a very grey and shady history
of harbour spammers and allowing them to abuse their
network.
Shaw hasn't addressed very much at all and they
still continue to harbour spammers on thier network
to this day which is what I was attempting to show
above and which you so quickly dismissed.
You don't think that they are spamming the usenet
newsgroups too? I am sure they are! using proxys
or what ever other means they can to hide thier
true IP. Hard to prove, yes possible that
they are doing it VERY!
I have read about it and infact I am quite aware
of it.
They were a part of the @home UDP and that
should have been a wake up call to Shaw
that when they left @home (More like @home
crumbled). And it crumbled a while after
the UDP threat against @home.
FYI Don't tell me I don't know what
is going on considering
at that time I was working for Shaw.
I know more then you guys probly did
about the UDP at that time.
Shaw since they have setup thier
own news servers has done nothing to stem the
flow of abuse from them the servers are not even
setup properly. Shaw has had at least 6 years
to implement the needed security on their
news server and has failed to do so.
>
> J> A list of Shaw's news servers can be found at
>
> J> http://www.smr-usenet.com/tech/shaw.shtml
>
> I regret that I am currently enjoined from accessing this site,
> although I am quite confident that I would be able to identify any
> and all of Shaw's news-peers, should the need arise.
>
> I feel that this discussion is, at best, premature.
The discussion is from from premature and you are very
wrong. You have made false assumptions though out
this whole reply and have obviously not even
read all of the Data I presented.
I say the only thing that is premature is your
reply Mr. Ritz.
Please go back and actually read all the data
presented before replying.
The reasons for the UDP against Shaw is very
simular to the ones for the UDP against @home.
-Lack of action on the part of the abuse deptarment.
-Refuses to boot known abusers.
-increasing volumes of spam comming from thier network.
-Insecurity in thier network
All the same reasons yet again. Shaw never learned
a thing from the @Home UDP.
Here are some articles about the UDP of @home.
http://groups.google.ca/group/alt.fan.sailor-moon/browse_frm/thread/3ae1e136
ce6894c7/d4c69c0b35b5c973?lnk=st&q=UDP+%40home&rnum=20#d4c69c0b35b5c973
http://groups.google.ca/group/comp.sys.mac.comm/browse_frm/thread/184acb0586
01bb97/cc1085d5e6c12468?lnk=st&q=UDP+%40home&rnum=27#cc1085d5e6c12468
>
> - --
> David Ritz <dritz+...@suespammers.org>
> "This isn't a win/lose kind of thing. If there's a UDP, we all lose.
> If the abuse stops, we all win." - Jeremy Nixon
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP Desktop 9.0.6 (Build 6060)
> Comment: PGP Public Keys: <http://dritz.mako.ath.cx/keys.txt>
>
> iQCVAwUBRfNHSKdkAgrqVVPRAQF2xgP/Ynjne65sBT1AezkuUx7e5f39R85Gm8u9
> ph9CcN5ZHah+MDfFnJoQkZy9gQl1jcnSR1HIlbt6JvXcUX17+6zIOWqUJnEdcnp3
> LoqJtj49FOT9sG+PqxuSS2B2qYwoFKcuC43Zo8r/eJcJZ+q1KP6I6aF1IL5HYYFe
> y4skbNhGqMU=
> =oQfR
> -----END PGP SIGNATURE-----
Jamie
but refuses to do so.
http://community.roxen.com/developers/idocs/rfc/rfc3977.html
+-------------------+--------------------------+--------------------+
| Label | Meaning | Definition |
+-------------------+--------------------------+--------------------+
| AUTHINFO | Authentication | [NNTP-AUTH] |
| SASL | Supported SASL | [NNTP-AUTH] |
| | mechanisms | |
This would put an end pretty well to the
spamming of the usenet newsgroups via
the hijacked insecure networks. But Shaw
refuses to implement the needed security
to stop the abuse.
http://www.mibsoftware.com/userkt/nntpext/0031.htm
AUTHINFO is used to inform a server about the identity of
a user of the server. In all cases, clients must provide
this information when requested by the server. Servers are
not required to accept authentication information that is
volunteered by the client. Clients must accommodate servers that
reject any authentication information volunteered by the client.
There are three forms of AUTHINFO in use. The original version,
an NNTP v2 revision called AUTHINFO SIMPLE and a more recent
version which is called AUTHINFO GENERIC.
Lots of good articles available via google
http://www.google.ca/search?num=100&hl=en&safe=off&q=AUTHINFO+NNTP&btnG=Sear
ch&meta=
Jamie
> On Sat, 10 Mar 2007 19:41:23 -0600, Jamie <col...@darkshado.ca>
> wrote:
>
> >Now this is what Shaw cable NEEDS to implement
> >but refuses to do so.
> >
> >http://community.roxen.com/developers/idocs/rfc/rfc3977.html
> >
> > +-------------------+--------------------------+--------------------+
> > | Label | Meaning | Definition |
> > +-------------------+--------------------------+--------------------+
> > | AUTHINFO | Authentication | [NNTP-AUTH] |
>
> You seem to have missed the post in which it was pointed out that Shaw
> is running news software that doesn't include this capability. Yes,
> they could change software or perhaps modify their setup to use
> external authentication systems, but it would be a pretty major
> undertaking that would likely take a year to implement across a
> network as big as theirs.
>
I never did see that post. Do you know what news software
Shaw is currently using on its servers?
The problem is Lionel is what the rest of the
world is supose to do for the next year are we
suppose to just sit back and continue to allow
the drive by spammings to continue for the next
year while Shaw takes its time and upgrades
all of its news server.
Personally I really don't know why Shaw even still provides
news service. Both Rogers and Sympatico have stoped providing
news service totally and have told thier customers to find thier
own news providers. Really it isn't that bad of an idea for
Shaw to do either. Tell thier customers they are no longer
providing news service and shut down the news servers
for good like both Rogers and Sympatico did.
Rogers stop providing news server on December 15 2005
and Sympatico shortly after that in the Spring of
2006.
http://bell.newshosting.com/bell/faq.php#anchor1
Really there are a lot of cheap usenet providers
out there. Come up with a list of them for
the Shaw users and tell them there to go sign up
for a cheap usenet account if they really want
usenet access that bad.
Really its a pain in the ass for an ISP anyways having
to worry about completion and retention and all the
other problems that comes with running a news server
I am sure that thier resources can be better used in
improving the security of their network.
If its going to take them a year to update
all of their news server then I don't see
any other choice then them going this route
unless you have some other ideas.
Bottom line is the rest of the usenet newsgroups
can't continue to be spammed for a year while
Shaw upgrades their news servers to support
AUTHINFO.
This is also a good explination as to why
Shaw should do ACLs on thier routers
to block access to port 25 for thier
residential customers. It explains it
quite well.
http://www.dslreports.com/faq/8457
Again I am sure that Shaw's resources
could be put to better use securing thier
network instead of fussing with their
news server all the time.
Shaw's upper management has to make a very
quick decision as to what they are going to
do, something that so far Shaw has been
unable to do. All I know is that this
drive by spamming can't continue on and
Shaw needs to get thier network under control.
Rob Kelk
Hash: SHA1
On Sat, 10 Mar 2007 19:27:11 -0600, Jamie <col...@darkshado.ca> wrote:
>David Ritz <dritz+...@suespammers.org> writes:
<snip>
>I already have backed up my facts with a lot of evidence
>that you either seemed to miss reading or just plain
>ignored. Go back and read my complaint again.
Judging from the post to which you replied, he looked at the evidence
you produced, analyzed it, and found it insufficient. He then invited
you to produce more evidence. "Go back and read my complaint again" is
not new evidence.
<snip>
>It shows that thier news server is being used
>to post a lot of this garbage and shows many abuse
>complaints in there. Actually take a look at the data
>which is obviously something you didn't do and immediately
>dismissed it with out even actually looking at it.
>
>There are MANY examples in there but obviously
>you didn't care to actually take a look.
Please don't presume to say what someone else did or didn't do,
especially when what the person actually wrote indicates the exact
opposite of what you claim the person didn't do. Such tactics only
weaken your overall position.
>I was not going to post the exact link for
>every spam that came directly from Shaw's
>news server.
If you seriously want a UDP, then you have to be prepared to do exactly
that.
You're the one who wants the rest of us to do this work (for free, I
might add); thus, you're the one who's going to have to convince us
that it's in our best interests to do this work. If convincing us
means presenting the evidence that the more-respected members of this
group request, then it's up to you to spend the time to gather and
present that evidence.
>>
>> J> [<http://tinyurl.com/2mzzsx>]
>>
>> This is a google query based on one hijacked user IP address.
>
>Yes yet another example an exact link to one of the
>hijacked machines, very good you actually read this one.
Please do not use patronizing language such as this toward the people
from whom you are requesting a favour.
>> J> [<http://tinyurl.com/2g5xwy>]
>>
>> This is a MMF report in nana.sightings, from 2003, which has
>> nothing to do with the current climate at Shaw.
>
>It has everything to do with Shaw since
>the last UDP against them in 2000 shows
>how spam has continued to flowly free from
>their network. it has everything to do with
>it. Again you have wrongfully dismissed data.
Incorrect - Shaw has already dealt with this four-year-old matter;
attempting to raise it again only weakens your position.
<snip>
>>
>> I'm sorry, Jamie, but I seem to be a little lost. While I am
>> familiar with the current set of circumstances, which moved you
>> to
>> bring this UDP discussion forward, you haven't provided much,
>> upon
>> which to base your request.
>>
>> What, pray tell, do statistics on cyberspam cancels, which are
>> four
>> and a half years old, have to do with the issue at hand?
>>
>> [snip 25 lines regarding spam cancels]
>
>It has everything again to do with it clearly showing that
>since the LAST UDP threat against @Home / shaw that spam has
>continued to climb from thier network and that Shaw has
>done very little if anything to stop the flow of spam
>comming from their news server.
Spam has continued to climb from almost _every_ server. Is the rate of
increase of spam from Shaw's servers greater than that from other
servers? If yes, then you need to present more evidence of that than
you already have. If no, then I also fail to see how
four-and-a-half-year-old posts apply to the matter at hand.
>I have provided a lot of information which you have ignored
>and try to dismiss. You are not reading all the information
>you obviously just skimmed though everything with out
>properly reading all the data. those two URLs show a
>lot of spam samples comming
No, those two URLs show a lot of spam samples _came_ from Shaw. They
show nothing about the current state of affairs.
<snip>
>FYI Don't tell me I don't know what
>is going on considering
>at that time I was working for Shaw.
So, what did your contacts within Shaw say when you brought this
information to them? (Since you used to work there, you no doubt have
some contacts within the organization, no?) If you haven't taken this
step yet, then a UDP is definitely premature.
<snip>
- --
Rob Kelk Personal address (ROT-13): eboxryx -ng- tznvy -qbg- pbz
Any opinions here are mine, not ONAG's.
ott.* newsgroup charters: <http://onag.pinetree.org>
Any Usenet message claiming to be from me but posted from any server
other than individual.net is a forgery. Please filter out such
messages if you have the capability.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBRfRVGQKYYCCCxJ/PEQLpmQCfb6F2UowFnlgvFRDz1AJHdD72sq8An1DB
dpDSTBWmr/97dVeSlZv4zLoI
=4BLb
-----END PGP SIGNATURE-----
Macon @unknown.invalid <http://www.guymacon.com/
Doug Freyburger wrote:
>In some sense, the content of a complaint doesn't need to be
>important. Log the complainer, the complainee, the originating
>NSP of the post. Build a table per complainee where the
>bigger it gets the more likely to pull the account. Build a table
>per complainer where the more complaints logged against
>complainees with low scores the lower those complaints are
>heeded, but have the table recalculate so being the first to
>complain about a new socket isn't a problem. Also build a
>table per NSP to rate badness. Then set a threshold to start
>dropping posts of complainees, reports by complainers, and
>ultimately posts by a sufficiently bad NSP.
>
>Wouldn't an automated method like this end up helping?
>Until it becomes known and gamed by a script. It would have
>to have some sort of forgery detection. I rather like the idea
>of using a web interface with built in slowness and some sort
>of login process to be able to log a complaint - Consider the
>image thing Google is now using before it displays email
>addresses.
The above method does not identify net-abusers. It identifies
those who are doing things that many people dislike. That
dislike may be because of abuse of the net, abuse on the net,
unpopular political or religious views, or it may simply reflect
the person being framed or joe-jobbed. It's a good start, but
a human has to evaluate the content of the complaints to tell
which kind of disliked person the compaints are about.
BTW, the "image thing Google is now using" is called CAPTCHA.
See [ http://en.wikipedia.org/wiki/Captcha ], especially the
part about defeating CAPTCHAs.
--
Guy Macon
<http://www.guymacon.com/>
Graham Drabble
news:guest.20070311002010$59...@news.killfile.org:
> David Ritz <dritz+...@suespammers.org> writes:
>> <...>
>>
>> J> significant amounts of spam has originated from Shaw's
>> network J> with no response from them.
>>
>> I'm sorry, but this appears to assume facts which are not in
>> evidence. I, for one, have received some excellent feedback
>> from Shaw. I'll also point out, that its going to be more
>> helpful, if you were to focus on the specific issue, and be
>> prepared to back up your assertions with facts.
>>
>
> David you are obviously either just trolling this group
> or are pretty blind beacuse I have provided massive amounts
> of spam samples and documentation showing that since
> the last UDP against @Home which Shaw was a part
> of that the spam has continued to increase and
> that Shaw has very long history of abuse and refuse to
> do anything to stop it.
Accusing David of trolling here is probably one of the worst tactics
I've seen from someone proposing a UDP, I really recommend you do
some research.
I think part of your problem is you are not being Usenet specific
enough, what Shaw do in mail is pretty much totally irrelevent to
whether they should get a UDP. 6 year old history is not much more
use.
> Shaw refuses to implement any kind of authorization
> features so far on their newservers (AUTH INFO)
> that would essentially put an end to the spam
> right there. Shaw has not made up thier mind
> yet about setting up some ACLs on thier residential
> customers to block port 25 to stop the flow of
> spam from thier infected customers which is the
> reason for the request for the UDP against Shaw.
Unless their is a huge amount of problems from Shaw that use a
mail2news gateway I don't see what blocking port 25 [0] has to do
with an NNTP UDP.
AUTHINFO might help but given how easily sniffed it is from a
legitimate customer's use I'm not convinced it's that useful.
> I have suggested several things that could help them
> improve thier security but if they are unwilling
> to implement these features then there really is nothing
> else that can be done by me or anyone else.
>
> At best they are not even reactive in a lot of cases. A lot of
> times complaints still get passed by when they are emailed in.
At what level have you been dealing with them? Unless you're dealing
at a level above (probably way above) the first line abuse desk then
you can't talk too much about them refusing.
Also can you be specific about what Usenet features you've suggested
and what there reaction was?
> It has everything again to do with it clearly showing that
> since the LAST UDP threat against @Home / shaw that spam has
> continued to climb from thier network and that Shaw has
> done very little if anything to stop the flow of spam
> comming from their news server.
Anything much over a year old is probably not relevent to what Shaw's
policy is now and it is that which matters.
> Spam has flowed freely from Shaw's network and the
> data which I posted about email spammers they
> support currently which you tried to dismiss above
> are probly the ones responsible for posting that
> garbage. Shaw at best has a very grey and shady history
> of harbour spammers and allowing them to abuse their
> network.
>
> Shaw hasn't addressed very much at all and they
> still continue to harbour spammers on thier network
> to this day which is what I was attempting to show
> above and which you so quickly dismissed.
>
> You don't think that they are spamming the usenet
> newsgroups too? I am sure they are! using proxys
> or what ever other means they can to hide thier
> true IP. Hard to prove, yes possible that
> they are doing it VERY!
If you want to have a UDP taken seriously you need to do a lot better
than say it is possible that they are spamming usenet. Spam runs from
the same source that have continued for at least 12 hours after
reporting are what's needed. Prove that the abuse is their and that
Shaw don't block it once they know about it. Blocking in advance
would be nice but I don't think a failure to do so is a UDP offence.
[0] I personally consider blocking any outgoing port to mean a
provider isn't providing a complete service, all I want is an IP
address, routing and a DNS resolver, I'll handle the rest myself.
--
Graham Drabble
http://www.drabble.me.uk/
Jamie
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> Judging from the post to which you replied, he looked at the evidence
> you produced, analyzed it, and found it insufficient. He then invited
> you to produce more evidence. "Go back and read my complaint again" is
> not new evidence.
>
Who the heck are you Rob Kelk to tell me that i need
to provide more information? I have provided the information
already and he didn't go though and read it and examine
it he immediately tried to dismiss it. ALL the information
that is needed is already there.
And again I will tell you to go read the orginal document
beacuse all the INFORMATION is there. That last guy
is extremely ignorant and didn't even examine all of the
information I provided and has made an incorrect
decision.
Did you even bother to look at it or just skim though it
as well. Because if you did then youi would not be saying
this.
PEOPLE BEFORE YOU REPLY ACTUALLY READ THE INFORMATION
FULLY there is a LOT of spam comming from Shaw's news
server.
<SNIP>
>
> Please don't presume to say what someone else did or didn't do,
> especially when what the person actually wrote indicates the exact
> opposite of what you claim the person didn't do. Such tactics only
> weaken your overall position.
>
I will because obviously you people are NOT reading
the information presented because there are
a lot of spam samples there which he immediately
tried to dismiss.
So what one of the NANANE trolls are you posting
under another name?
>
> >I was not going to post the exact link for
> >every spam that came directly from Shaw's
> >news server.
>
> If you seriously want a UDP, then you have to be prepared to do exactly
> that.
>
> You're the one who wants the rest of us to do this work (for free, I
> might add); thus, you're the one who's going to have to convince us
> that it's in our best interests to do this work. If convincing us
> means presenting the evidence that the more-respected members of this
> group request, then it's up to you to spend the time to gather and
> present that evidence.
You are extremely ignorant all the information already
has been presented. Many times over! GO AND READ THE
ORGINAL post to request a UDP against Shaw.
All the evidence needed is already presented but
if you are just too stupid to understand it
and can't interperate it then thats not my
problem.
>
>
>
> Incorrect - Shaw has already dealt with this four-year-old matter;
> attempting to raise it again only weakens your position.
NO WRONG I am showing that Shaw has done nothing about
abuse since 2000. And how do you know it was delt with?
Do you work for Shaw at that time? How can you say
that it was delt with. You don't know what was done.
What I am showing here is that the stem of abuse has
not slowed down since 2000 and has continued since the
last UDP.
>
>
> <snip>
>
>
>
<SNIP>
>
> No, those two URLs show a lot of spam samples _came_ from Shaw. They
> show nothing about the current state of affairs.
>
>
> <snip>
>
>
> >FYI Don't tell me I don't know what
> >is going on considering
> >at that time I was working for Shaw.
>
> So, what did your contacts within Shaw say when you brought this
> information to them? (Since you used to work there, you no doubt have
> some contacts within the organization, no?) If you haven't taken this
> step yet, then a UDP is definitely premature.
>
>
> <snip>
>
>
> - --
> Rob Kelk Personal address (ROT-13): eboxryx -ng- tznvy -qbg- pbz
> Any opinions here are mine, not ONAG's.
> ott.* newsgroup charters: <http://onag.pinetree.org>
>
> Any Usenet message claiming to be from me but posted from any server
> other than individual.net is a forgery. Please filter out such
> messages if you have the capability.
>
> -----BEGIN PGP SIGNATURE-----
> Version: PGP 7.0.4
>
> iQA/AwUBRfRVGQKYYCCCxJ/PEQLpmQCfb6F2UowFnlgvFRDz1AJHdD72sq8An1DB
> dpDSTBWmr/97dVeSlZv4zLoI
> =4BLb
> -----END PGP SIGNATURE-----
The contacts at Shaw are saying they are still waiting for
upper management to make an a decision on the port 25 filtering
and there is NO sign of them even attempting to implement
any kind of AUTH INFO on their news server.
So the flow of spam will continue for years to come unless
a UDP is issued against Shaw. If you read my orginal
complaint you would have saw that I already contacted
Shaw. This is just yet more proof that people are not reading
my orginal post.
Jamie
Steve Watt
Jamie <col...@darkshado.ca> wrote:
>Rob Kelk <rob...@deadspam.com> writes:
>
>> Judging from the post to which you replied, he looked at the evidence
>> you produced, analyzed it, and found it insufficient. He then invited
>> you to produce more evidence. "Go back and read my complaint again" is
>> not new evidence.
>
>Who the heck are you Rob Kelk to tell me that i need
>to provide more information? I have provided the information
Do you have any clue who David Ritz is? Free hint: A UDP requires a
number of major sites to take action. David is an admin of a major
site. If you're trying to convince people of the validity of a UDP,
David Ritz is one of those people.
I won't comment on Rob, except to say that his tone in this posting
is calmer than yours.
>I will because obviously you people are NOT reading
>the information presented because there are
>a lot of spam samples there which he immediately
>tried to dismiss.
No, you are posting a substantial amount of irrelevant information.
Quoting SPEWS or Spamhaus is irrelevant, because those services
concern themselves with *EMAIL* spam. USENET is not email.
>So what one of the NANANE trolls are you posting
>under another name?
You are increasingly sounding like a kook.
>> >I was not going to post the exact link for
>> >every spam that came directly from Shaw's
>> >news server.
>>
>> If you seriously want a UDP, then you have to be prepared to do exactly
>> that.
Indeed, it appears that you can't provide those links from
your defensive response.
>> You're the one who wants the rest of us to do this work (for free, I
>> might add); thus, you're the one who's going to have to convince us
>> that it's in our best interests to do this work. If convincing us
>> means presenting the evidence that the more-respected members of this
>> group request, then it's up to you to spend the time to gather and
>> present that evidence.
>
>You are extremely ignorant all the information already
>has been presented. Many times over! GO AND READ THE
>ORGINAL post to request a UDP against Shaw.
OK, let's do that.
} http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
} abee35ab1905b40a/b5d49fc392116041?lnk=st&q=&rnum=3#b5d49fc392116041
This dates to July 14, 2004. Too old to take action...
} http://groups.google.ca/groups/search?q=%22When+stocks+are+down+the+company+
} is+making+money+take+the+cash+then+and+get+into+something+you+can+be+proud+o
} f%22+group%3Anews.admin.net-abuse.*&start=0&lr=&safe=off&num=10&filter=0
Your own complaint in (entertainingly) nanae, plus a few copies of a single
spam.
} http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
} ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
} up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
Hal Murray and your sightings from Feb 13 2007. At least they're fresh.
} http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
} ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
} up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
An exact duplicate of the previous.
} http://groups.google.com/groups?scoring=d&q=24.71.223.147+group:*abuse*
Except for this thread's hit, this is 2005.
} http://groups.google.com/groups?scoring=d&q=24.64.223.206+group:*abuse*
An interesting choice: There's a good article in there from David Ritz,
who you are dismissing, about decoding shaw's NNTP headers, and some
useful DSRS reports. And also a discussion about the nature of the drive-by
spammer.
} http://groups.google.com/groups?q=70.67.89.64+group%3A*abuse*&start=0&scorin
} g=d&filter=0
Mostly this retuns this thread. One USENET sighting report, one email.
} http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
} ead/3ebec386a18127c7/95ac15b46fde5f8d?lnk=st&q=24.71.223.159+group%3A*abuse*
} &rnum=4#95ac15b46fde5f8d
A sighting in Jan 2003.
} http://groups.google.com/groups?q=24.71.223.159+group%3A*abuse*&start=10&sa=
} N&scoring=d&
All of these articles date to 2002.
} http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
} ead/5a5174831f1d219a/759d132c7068807f?lnk=st&q=24.70.95.211+group%3A*abuse*&
} rnum=2#759d132c7068807f
A sightings report from you. (At least it's current.)
} http://groups.google.com/group/news.admin.net-abuse.bulletins/browse_frm/thr
} ead/ceee65d855eda9cc/e7834c074a316475?lnk=st&q=24.71.223.159+group%3A*abuse*
} &rnum=8#e7834c074a316475
A 2002 spam cancels report. Much too old.
>All the evidence needed is already presented but
>if you are just too stupid to understand it
>and can't interperate it then thats not my
>problem.
I now remind you of something you wrote in your original post:
} I would humbly request that a Usenet Death Penalty (UDP)
} be brought against Shaw Cable for the above reasons.
Reread the third word of the sentence you wrote. Think about
that word.
>> Incorrect - Shaw has already dealt with this four-year-old matter;
>> attempting to raise it again only weakens your position.
>
>NO WRONG I am showing that Shaw has done nothing about
>abuse since 2000. And how do you know it was delt with?
>Do you work for Shaw at that time? How can you say
>that it was delt with. You don't know what was done.
You can demonstrate a handful of spams over the last year, by
looking in .sightings. That is not a sufficient level of abuse,
in most reasonable peoples' opinions, to UDP a site.
>What I am showing here is that the stem of abuse has
>not slowed down since 2000 and has continued since the
>last UDP.
The rate of USENET spam coming out of shaw.ca is nowhere near
the levels reached by @Home in 2000.
[ snip ]
>> >FYI Don't tell me I don't know what
>> >is going on considering
>> >at that time I was working for Shaw.
>>
>> So, what did your contacts within Shaw say when you brought this
>> information to them? (Since you used to work there, you no doubt have
>> some contacts within the organization, no?) If you haven't taken this
>> step yet, then a UDP is definitely premature.
>
>The contacts at Shaw are saying they are still waiting for
>upper management to make an a decision on the port 25 filtering
>and there is NO sign of them even attempting to implement
>any kind of AUTH INFO on their news server.
Please explain why port 25 filtering will help with USENET
spam. Or are you bringing up this point to attempt to show
a pattern of inaction by Shaw management? If so, be clear.
>So the flow of spam will continue for years to come unless
>a UDP is issued against Shaw. If you read my orginal
>complaint you would have saw that I already contacted
>Shaw. This is just yet more proof that people are not reading
>my orginal post.
The flow of spam will continue.
Each ISP will be a source of spam from time to time. Spammers
are like that. What matters is not the fact that some amount
of spam comes from a site, but how that site reacts to the
spam.
If your messages to the abuse department at shaw use the same
tone as your messages to this newsgroup, you are probably not
getting any response because you pissed off the op that fielded
the email. Opening with a verbal attack is a good way to get
your complaint utterly ignored.
Now, before you reply and flame me, slow down and think a bit:
You are coming out in front of a lot of USENET admins, asking
a number of people to cancel (and honor the cancels) for each
post coming from Shaw's servers. That's what a UDP means, in
case you're not aware. The people who implement UDPs are
looking at the tone you use, that you can present a cohesive
argument for why a UDP should be instituted, and you're
responding with personal attacks.
--
Steve Watt KD6GGD PP-ASEL-IA ICBM: 121W 56' 57.5" / 37N 20' 15.3"
Internet: steve @ Watt.COM Whois: SW32-ARIN
Free time? There's no such thing. It just comes in varying prices...
Jamie
<SNIP>
>
> I won't comment on Rob, except to say that his tone in this posting
> is calmer than yours.
Thats too funny that you can tell the "TONE" of a person by
reading a usenet post. Thats a lot of BS.
>
> >I will because obviously you people are NOT reading
> >the information presented because there are
> >a lot of spam samples there which he immediately
> >tried to dismiss.
>
> No, you are posting a substantial amount of irrelevant information.
> Quoting SPEWS or Spamhaus is irrelevant, because those services
> concern themselves with *EMAIL* spam. USENET is not email.
>
I did post a subtantial amount of information they
just refuse to take the time to be able to go
though this information. I posted articles about
usenet spam and clearly showed ABUSE comming from
their usenet server. Another one who can't seem
to READ MY POSTS.
> >So what one of the NANANE trolls are you posting
> >under another name?
>
> You are increasingly sounding like a kook.
Reason to believe that individual "Rob" is just
one of the many usenet kooks posting
under another name.
>
>
> Indeed, it appears that you can't provide those links from
> your defensive response.
I have provided more then enough of a defense and there
is more then enough reason for a UDP against Shaw
cable. Excessive Cross Posting (ECP) is more then enough
of a reason alone. Go read my lastest post and
read it FULLY not half assed.
>
> >> You're the one who wants the rest of us to do this work (for free, I
> >> might add); thus, you're the one who's going to have to convince us
> >> that it's in our best interests to do this work. If convincing us
> >> means presenting the evidence that the more-respected members of this
> >> group request, then it's up to you to spend the time to gather and
> >> present that evidence.
> >
> >You are extremely ignorant all the information already
> >has been presented. Many times over! GO AND READ THE
> >ORGINAL post to request a UDP against Shaw.
>
> OK, let's do that.
>
> }
>
>http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
> } abee35ab1905b40a/b5d49fc392116041?lnk=st&q=&rnum=3#b5d49fc392116041
>
> This dates to July 14, 2004. Too old to take action...
Nope not too old I am SHOWING that Shaw Cable has a
LONG HISTORY of abuse and that this is NOT
a new thing for Shaw. The insecure networks
issue is NOT the start of thier abuse it has
been ongoing for YEARS? What part of that don't
you people understand.
NO one is going to issue a UDP if an ISP just
has a few issues with no past. I am showing
that abuse is NOT new from Shaw and has been
ongoing since 2000 and the @home UDP.
Geesh what part of that don't you people understand!
Cripes!
>
> }
>
>http://groups.google.ca/groups/search?q=%22When+stocks+are+down+the+company+
> }
>
>is+making+money+take+the+cash+then+and+get+into+something+you+can+be+proud+o
> } f%22+group%3Anews.admin.net-abuse.*&start=0&lr=&safe=off&num=10&filter=0
>
> Your own complaint in (entertainingly) nanae, plus a few copies of a single
> spam.
>
> }
>
>http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
> }
>
>ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
> } up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
>
> Hal Murray and your sightings from Feb 13 2007. At least they're fresh.
>
> }
Good you can finally read. You are choosing what you
want to read and what you dont' want to accept. Thats
no good. Keep an open mind. Something the people
in this group are not doing. Everyone seems to be
siding with Shaw cable. I think that if it was anyone
else posting this request it would go though but people
are disputing it and siding with a spammy ISP like Shaw
simply because it is me posting the request.
>
>http://groups.google.ca/group/news.admin.net-abuse.sightings/browse_frm/thre
> }
>
>ad/bf9cbbca734c6744/b7d0eafdbead51e0?lnk=st&q=%22Hot+Celebrity+Gossip%22+gro
> } up%3Anews.admin.net-abuse.*&rnum=1#b7d0eafdbead51e0
>
> An exact duplicate of the previous.
>
> } http://groups.google.com/groups?scoring=d&q=24.71.223.147+group:*abuse*
>
> Except for this thread's hit, this is 2005.
>
> } http://groups.google.com/groups?scoring=d&q=24.64.223.206+group:*abuse*
>
> An interesting choice: There's a good article in there from David Ritz,
> who you are dismissing, about decoding shaw's NNTP headers, and some
> useful DSRS reports. And also a discussion about the nature of the
> drive-by
> spammer.
>
Who said I am dismissing anything that is your
choice of words not mine.
> }
>
>http://groups.google.com/groups?q=70.67.89.64+group%3A*abuse*&start=0&scorin
> } g=d&filter=0
>
> Mostly this retuns this thread. One USENET sighting report, one email.
>
> }
>
>http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
> }
>
>ead/3ebec386a18127c7/95ac15b46fde5f8d?lnk=st&q=24.71.223.159+group%3A*abuse*
> } &rnum=4#95ac15b46fde5f8d
>
> A sighting in Jan 2003.
>
> }
>
>http://groups.google.com/groups?q=24.71.223.159+group%3A*abuse*&start=10&sa=
> } N&scoring=d&
>
> All of these articles date to 2002.
>
> }
>
>http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
> }
>
>ead/5a5174831f1d219a/759d132c7068807f?lnk=st&q=24.70.95.211+group%3A*abuse*&
> } rnum=2#759d132c7068807f
>
> A sightings report from you. (At least it's current.)
>
> }
>
>http://groups.google.com/group/news.admin.net-abuse.bulletins/browse_frm/thr
> }
>
>ead/ceee65d855eda9cc/e7834c074a316475?lnk=st&q=24.71.223.159+group%3A*abuse*
> } &rnum=8#e7834c074a316475
>
> A 2002 spam cancels report. Much too old.
Again read above it is NOT too old I am showing
a clear history of abuse from Shaw and that abuse
orginating from thier network is nothing
new.
>
>
> >All the evidence needed is already presented but
> >if you are just too stupid to understand it
> >and can't interperate it then thats not my
> >problem.
>
> I now remind you of something you wrote in your original post:
>
> } I would humbly request that a Usenet Death Penalty (UDP)
> } be brought against Shaw Cable for the above reasons.
>
> Reread the third word of the sentence you wrote. Think about
> that word.
BITE ME!
>
> >> Incorrect - Shaw has already dealt with this four-year-old matter;
> >> attempting to raise it again only weakens your position.
> >
> >NO WRONG I am showing that Shaw has done nothing about
> >abuse since 2000. And how do you know it was delt with?
> >Do you work for Shaw at that time? How can you say
> >that it was delt with. You don't know what was done.
>
> You can demonstrate a handful of spams over the last year, by
> looking in .sightings. That is not a sufficient level of abuse,
> in most reasonable peoples' opinions, to UDP a site.
I demonstrated MORE then a hand full go back and actually
read the complaints you are dismissing a lot of valid information.
You are obviously just too ignorant to understand what
the hell I am doing and what i am trying to prove if that
is the case then just please stop posting you are
just making an ass of yourself.
>
> >What I am showing here is that the stem of abuse has
> >not slowed down since 2000 and has continued since the
> >last UDP.
>
> The rate of USENET spam coming out of shaw.ca is nowhere near
> the levels reached by @Home in 2000.
Yes it is again you have not even looked at all the information.
>
> [ snip ]
>
> >
> >The contacts at Shaw are saying they are still waiting for
> >upper management to make an a decision on the port 25 filtering
> >and there is NO sign of them even attempting to implement
> >any kind of AUTH INFO on their news server.
>
> Please explain why port 25 filtering will help with USENET
> spam. Or are you bringing up this point to attempt to show
> a pattern of inaction by Shaw management? If so, be clear.
I am saying they need to implement it to stop spam
from the mail servers as well. Implementing just
AUTH INFO will stop the spam from thier news servers
but spam will continue to flow freely from all those
incorrectly setup mail servers and zombied machines
on shaw's network. they need to implement BOTH
security measures to properly secure thier WHOLE network.
>
> >So the flow of spam will continue for years to come unless
> >a UDP is issued against Shaw. If you read my orginal
> >complaint you would have saw that I already contacted
> >Shaw. This is just yet more proof that people are not reading
> >my orginal post.
>
> The flow of spam will continue.
>
> Each ISP will be a source of spam from time to time. Spammers
> are like that. What matters is not the fact that some amount
> of spam comes from a site, but how that site reacts to the
> spam.
>
> If your messages to the abuse department at shaw use the same
> tone as your messages to this newsgroup, you are probably not
> getting any response because you pissed off the op that fielded
> the email. Opening with a verbal attack is a good way to get
> your complaint utterly ignored.
Only from ignorant people like you who have no clue
what they are talking about and dismiss information
with out even reading it.
>
> Now, before you reply and flame me, slow down and think a bit:
> You are coming out in front of a lot of USENET admins, asking
> a number of people to cancel (and honor the cancels) for each
> post coming from Shaw's servers. That's what a UDP means, in
> case you're not aware. The people who implement UDPs are
> looking at the tone you use, that you can present a cohesive
> argument for why a UDP should be instituted, and you're
> responding with personal attacks.
Listen I dunno who the hell you are but I am quite aware
of what a UDP is. And a UDP is definately needed against
Shaw. Now just go away and go crawl back under
your rock again. I am sick of people like you
who are so ignorant and have no clue of what I am
trying to do here and posting messages like this one.
I am sick of it. I am trying to make the usenet
a better place and get rid of the usenet spam
problem orginating from a network with a lot of
security problems. Simply because some people have
a problem with me they are making every attempt to
stop this request. Well then screw you all
you can choke on your spam.
David Ritz
On Sun, 11 Mar 2007 13:14:42 -0600,
in article <45f44f4c...@news.individual.net>, Rob Kelk wrote:
>> David Ritz <dritz+...@suespammers.org> writes:
RK> <snip>
>> I already have backed up my facts with a lot of evidence
>> that you either seemed to miss reading or just plain
>> ignored. Go back and read my complaint again.
RK> Judging from the post to which you replied, he looked at the
RK> evidence you produced, analyzed it, and found it insufficient.
RK> He then invited you to produce more evidence. "Go back and read
RK> my complaint again" is not new evidence.
Rob,
Perhaps to most telling example of this, is the "<SNIP>" of the
data points, which might actually be used to add weight to
Jamie's argument. I'll reinstate them to the discussion.
>>> $ zgrep Client *shaw*.gz | count
>>> 55056 20070119_shaw_68.146.249.27_rnews.txt.gz:
X-Trace-PostClient-IP: 68.146.249.27
>>> 43985 20070307_shaw_70.66.196.99_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.196.99
>>> 26636 20070201_shaw_68.146.229.23_head.txt.gz:
X-Trace-PostClient-IP: 68.146.229.23
>>> 17938 20070308_shaw_70.66.196.99_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.196.99
>>> 10654 20070208_shaw_68.146.196.189_head.txt.gz:
X-Trace-PostClient-IP: 68.146.196.189
>>> 7747 20070211_shaw_68.146.244.86_head.txt.gz:
X-Trace-PostClient-IP: 68.146.244.86
>>> 3619 20070204_shaw_68.144.109.35_rnews.txt.gz:
X-Trace-PostClient-IP: 68.144.109.35
>>> 3305 20070203_shaw_68.144.74.102_head.txt.gz:
X-Trace-PostClient-IP: 68.144.74.102
>>> 3210 20070308_shaw_70.66.194.39_rnews.txt.gz:
X-Trace-PostClient-IP: 70.66.194.39
>>> 2510 20070207_shaw_68.145.49.74_rnews.txt.gz:
X-Trace-PostClient-IP: 68.145.49.74
>>> 20 20070203_shaw_68.144.74.102_rnews.txt.gz:
X-Trace-PostClient-IP: 68.144.74.102
These files are still available, via HTTP, to anyone interested in
seeing what these drive-by incidents look like. Just prefix the
file names, which begin "2007," with <http://dritz.mako.ath.cx/>.
========================================================================
I went back, and ran a search of my local archives, of Andrew
Gierth's Cancelled Spam Statistics, dated between Thu, 2 Apr 1998
03:23:05 -0600 and Sun, 08 Jun 2003 03:22:34 -0500. While the
result of this query remains largely irrelevant to this
discussion, it may go a long way toward countering Jamie's
perception that Shaw is historically unresponsive to network abuse
issues. The raw result of that search can be found at
<http://dritz.mako.ath.cx/20070311_shaw_scs_search.txt>.
My analysis of over five years worth of data, indicates that within
this time frame, Shaw only made it into this report, on a total of
402 dates. Of those 402 dates, cancels issued against Shaw
originated posts exceeded 10K, on only twenty seven (27) dates. Of
these, virtually all dealt with proxy=>NNTP hijackings. Most date
to the summer of 2002, a time when Usenet spam levels were
significantly higher than they are today, and were largely due to a
single Canadian spam-gang. See <http://tinyurl.com/2onreu>.
<aside>
These proxy=>NNTP hijackings largely predate the rise of proxy=>MX
spamming. The maximum number of posts, coming through just one of
these proxy=>NNTP hijackings, within a single twenty four (24)
hour period, were approximately 280K, via an AnalogX proxy,
running on a vidoetron.ca user's Windows box.
I'll note that the thousand or so security alerts I issued, during
this period, are not part of the public record. Anyone interested
in seeing examples of these reports, should contact me at the
Reply-To address in this article. They have no place in this
discussion.
</aside>
Shaw dealt with each and every hijacking report they received from
me, swiftly and to my satisfaction. The same cannot be said about
any number of other consumer broadband providers.
In closing, I'll note, that I have not noticed any of the drive-by
alpha-spam, which prompted this discussion, in the past three days.
As I noted, previously, in crediting Jamie in bringing this
discussion forward, it is possible that he assisted in moving the
clue up the food chain.
- --
David Ritz <dritz+...@suespammers.org>
"The Zen nature of a spammer resembles a cockroach,
except that the cockroach is higher up on the evolutionary chain."
- Peter Olson, Delphi Information Engineer; 27-AUG-1998
-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.0.6 (Build 6060)
Comment: PGP Public Keys: <http://dritz.mako.ath.cx/keys.txt>
iQCVAwUBRfTR1KdkAgrqVVPRAQEgXgP/YwX9ddEIA44yrSTE5YMtj+ItLNME22KX
92vHZJ/rZnvDOo9J5jNjZ/jxNHvn1/S8kZa6Z/pRfiqSVaFkHG8x5uloarGSkTyn
Xp0KvvdhONQochPyxDHlV0hftd4LETE27NRi0qVF+0W1p2ZwEqFu5muubuHb6noq
V1lRHfGwM7A=
=8QN+
-----END PGP SIGNATURE-----
Etaoin Shrdlu
> I did post a subtantial amount of information they
> just refuse to take the time to be able to go
> though this information. I posted articles about
> usenet spam and clearly showed ABUSE comming from
> their usenet server. Another one who can't seem
> to READ MY POSTS.
That's because they know who you are after they googled for "Jamie Baillie
spammer".
You just reaped what you sowed.
Now just vanish and be forgotten.
Jamie
> Le 11 Mar 2007, Jamie <col...@darkshado.ca> a écrit :
>
> > I did post a subtantial amount of information they
> > just refuse to take the time to be able to go
> > though this information. I posted articles about
> > usenet spam and clearly showed ABUSE comming from
> > their usenet server. Another one who can't seem
> > to READ MY POSTS.
>
> That's because they know who you are after they googled for "Jamie Baillie
> spammer".
>
> You just reaped what you sowed.
>
> Now just vanish and be forgotten.
>
no it isn't it is just the stupidity of
some users.
It has nothing to do with your fake websites
with all your lies and defamitory usenet
posts.
Sorry I am here to stay and if you don't like
that then TOUGH! It is assholes like
you Etaion Shrdlu that need to disappear
forever.
Tim I thought this was a moderated group please
start MODERATING this group and stop trolls
like this from spamming this thread.
Jamie
information being posted about this.
First off I am NOT just posting evidence of the
current wireless network problem that shaw is
experiencing but also a PAST history
from Shaw Cable showing that abuse from Shaw
Cable is NOT a new thing but has been ongoing for
many years.
So don't say oh the past posts have been delt
with and just try and dismiss them. Far as
anyone knows it could still be the same people
that were spamming in the past from Shaw that
may be hijacking the wifi networks now and
continues to spam the usenet newsgroups.
What I am trying to show is that Shaw has a
LONG history of abuse and that the Wifi networks
issue is NOT the first problem Shaw has had.
Here are some past abuse issues about
Shaw spammers.
http://tinyurl.com/3a4gz5
http://preview.tinyurl.com/yqh6y5
http://tinyurl.com/28lsbz
The URL at
http://preview.tinyurl.com/yqh6y5*
Shows how long of a history Shaw has had.
Shaw has not learned anything and
SPAM continues to freely flow from
Shaw Cable and that is what the above
URLs are there to show that and back
up this statement.
Shaw has had a history of abuse and
a very long one they have done very
little to stop the flow of spam from their
network Since the collapse of @home shortly
after the UDP threat against them back in
2000.
Shaw Cable has a LONG abuse history and the recent WIFI issues
is far from the first problem from Shaw. Shaw refuses
to boot thier spammers and properly secure thier
network and servers. (IE: News server / Mail servers)
Repeated complaints to Shaw are just ignored.
Here are some of the recent drive
by spammings.
"^*^*^^ Hot Smutty Videos ^*^*^"
"(WOW!) were back! HUGe ASS TITS VIDEO!!!"
"^^^ 100% Free Porn ^^^"
January 19 - 20 2007
Spammed to 50+ groups.
"~^~~^~^ Amazing Real Booby Downloads ~^~^~^~^"
January 21 2007
spammed to a total of 45+ groups.
" ^*^*^^*^*^* Barely Legal Babes! ^*^^*^*^*^^"
January 27 2007
Spammed to 30+ newsgroups
http://tinyurl.com/2wruk9
"8===D(!) Hot Ontario Amateur Porn Videos (_Y_)"
Feb 2 - 3 2007
spammed to a total of 30+ groups.
http://tinyurl.com/2qsw5r
http://tinyurl.com/36kals
"Make 1 million in 6 weeks or less"
Feb 13 2007
Spammed to a total of 290+
groups.
http://tinyurl.com/29dfpo
http://tinyurl.com/ytqmoz
"Hot Celebrity Gossip "
Spamrun on Feb 13 - Feb 18 2007
spammed to a total of 45 different
newsgroups.
"Make 1.5 million in 11 minutes" &
"Make 1.5 million in 10 minutes"
http://alberta-oilsands.blogspot.com/
Feb 15 - 18 2007
Spammed to a total of 270+
groups.
"Free flash games"
Feb 19 2007
Spammed to a total of 250+
groups
I think that in this post made
by another person complaining
about the amount of spam says
it all about Shaw
"At least 19 floods to 1000's of newsgroups through Shaw's Calgary news
server (64.59.135.176) and Shaw's Edmonton news serve (24.70.95.207)
since 21 January including 3 late yesterday through today."
"Shaw keeps telling me that something has been done
but then there's more spam."
"Free Huge Boobies Video Downloads"
"Jessica Simpson Stripshow Free Movie Download"
"Huge Tits"
"Enormous Tits"
"Big Boobies Video Downloads"
"Enormous Tits - IGNORE THIS SHIT"
Feb 23 - 28 2007
spammed to a total of 240+ groups.
http://tinyurl.com/2tfx28
http://tinyurl.com/3xhy9q
Feb 20 - 22 2007
"Alberta Car Home Auto Commercial
Insurance Calgary and Edmonton"
Spammed to a total of 30+ groups.
http://tinyurl.com/2msp47
http://tinyurl.com/2qrch4
Feb 22 2007
"Register for adsense"
Spammed to a total of 60+
groups.
http://tinyurl.com/2keh6t
http://tinyurl.com/393cp4
"^*^*^*^* Tsa Cover-up Attempt ^*^*^*^*
"This lids off on this one"
"Usenet Spam: Cover up attempt"
"Register for Adsense"
"Huge Penis Contest ..."
Feb 22 2007
Spammed to a total of whoping 500+
groups.
"When stocks are down the company
is making money take the cash"
Spammed to a total of 3 different
newsgroups.
Spamrun from Shaw on March 6 2007
I am not the only one suggesting
that A UDP be brought against Shaw.
There is obviously more support
for a UDP then you think.
More examples at
The Excessive Cross Posting (ECP) is
more then enough reason alone for
a UDP against Shaw Cable.
The amount of spam comming from Shaw cable is
staggering and a UDP is definately needed
here. A UDP against Shaw is not premature like
some would like to claim and the data provided
backs this up. A UDP against Shaw is needed
now. Shaw has to immediately act to stop
this flow of spam comming from thier news
server and properly secure thier network
and news servers before a UDP would be lifted.
There is no way the rest of the world should be
suject to Shaw's spam from say the next
year while they take thier time upgrading thier news
servers so it supports AUTHINFO.
Rob Kelk
Hash: SHA1
On Sun, 11 Mar 2007 18:59:18 -0600, Jamie <col...@darkshado.ca> wrote:
>Rob Kelk <rob...@deadspam.com> writes:
>
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>>
>> Judging from the post to which you replied, he looked at the
>> evidence you produced, analyzed it, and found it insufficient. He
>> then invited you to produce more evidence. "Go back and read my
>> complaint again" is not new evidence.
>>
>
>Who the heck are you Rob Kelk to tell me that i need
>to provide more information?
I'm a member of ONAG (the Ottawa News Administrators Group), as you
would have discovered if you had bothered to follow the link in my
.signature.
> I have provided the information
>already and he didn't go though and read it and examine
>it he immediately tried to dismiss it. ALL the information
>that is needed is already there.
Mr. Ritz thinks differently; since he's one of the people who actually
implements UDPs, his opinion is the one that matters.
<snip>
>I will because obviously you people are NOT reading
>the information presented because there are
>a lot of spam samples there which he immediately
>tried to dismiss.
>
>So what one of the NANANE trolls are you posting
>under another name?
You may retract that slander right now, mister.
<snip>
- --
Rob Kelk Personal address (ROT-13): eboxryx -ng- tznvy -qbg- pbz
Any opinions here are mine, not ONAG's.
ott.* newsgroup charters: <http://onag.pinetree.org>
Any Usenet message claiming to be from me but posted from any server
other than individual.net is a forgery. Please filter out such
messages if you have the capability.
-----BEGIN PGP SIGNATURE-----
Version: PGP 7.0.4
iQA/AwUBRfVhmgKYYCCCxJ/PEQJ4oQCdHKu+XdohdQ7Tb5uuw9aMtxdQg8AAn0K3
mC9vpQmTEYDv0cYPJO2iuxQQ
=nJ3r
-----END PGP SIGNATURE-----
Tim Skirvin
> Tim I thought this was a moderated group please start MODERATING this
> group and stop trolls like this from spamming this thread.
The group is robo-moderated, actually. But if you think that this
is really a problem, I could probably be convinced to stop the thread by
blocking the main offender.
- Tim Skirvin (tski...@killfile.org)
Moderator, much of news.admin.net-abuse.*
--
http://www.killfile.org/~tskirvin/nana/ news.admin.net-abuse.*
http://www.killfile.org/donations.html killfile.org donations
Jamie
> On Mon, 12 Mar 2007 04:55:40 -0600, Jamie <col...@darkshado.ca>
> wrote:
>
> >Ok so certian people are complaining about not enough
> >information being posted about this.
> >
> >First off I am NOT just posting evidence of the
> >current wireless network problem that shaw is
> >experiencing but also a PAST history
> >from Shaw Cable showing that abuse from Shaw
> >Cable is NOT a new thing but has been ongoing for
> >many years.
>
> Jamie, you're saying this to people who're much more familiar with
> abuse histories from numerous NSPs than you are. If they (especially
> David R.) say they're familiar with Shaw's abuse history, you can take
> their word for it. You are /not/ helping your case.
> If you actually have the requested data, & you want to advance your
> case, please supply it.
>
And you don't know what you are talking about I am aware
of the abusive past. Nor did I say that at all Lionel
again that is YOU saying that NOT me.
I already have supplied a lot of data try going back
and actully fully reading my orginal post and my
2nd posting I just made with more data in in. But
then again you never thought of actually reading
that one did you? Stop telling me to post
more data when I already have.
Jamie
Jamie
> Jamie <col...@darkshado.ca> writes:
>
> > Tim I thought this was a moderated group please start MODERATING this
> > group and stop trolls like this from spamming this thread.
>
> The group is robo-moderated, actually. But if you think that this
> is really a problem, I could probably be convinced to stop the thread by
> blocking the main offender.
>
> - Tim Skirvin (tski...@killfile.org)
> Moderator, much of news.admin.net-abuse.*
FYI the main offender is Etaion Shrdlu and Geoff Brozny.
If you get them to stop spamming the thread then every
thing will be fine.
Jamie
Geoff Brozny
> On Mon, 12 Mar 2007 09:41:45 -0600, Tim Skirvin
>
> Unfortunately, Jamie has a disability that makes it unlikely that
> he'll behave himself, so that is probably a good idea. There are
> already too many threads like this in NANAU & NANAE.
>
The bad thing is, he will just morph, or do other things to get his
posts to show up here, then when that fails, he will then go after
whoever he thinks the upstream for killfile.org is. He already tried to
get my connectivity cut off for the single post I made a few days ago in
this thread, imagine what he will try to do to Tim if he blocks him.
geoff
Jamie
about the Shaw spammers.
I have already posted one document
containing more information about
the Shaw spam problem.
I notice that no one is even paying any
attention to the new data I posted about
this problem.
http://groups.google.ca/group/news.admin.net-abuse.policy/browse_frm/thread/
6adb16c2fa3cd578/1bd8d51138403edb?lnk=st&q=Re%3A+%5BRFD%5D+A+call+for+Usenet
+Death+Penalty+against+Shaw+Cable&rnum=2#1bd8d51138403edb
All the Data you need IS there and clearly shows
the high amounts of spam comming from Shaw's
network.
"Make 1million in 6 weeks or less"
http://legal-rx.blogspot.com/index.html
Spamrun from Feb 12 - 14 2007
Spammed to 290+ groups.
http://groups.google.com/group/news.admin.net-abuse.sightings/browse_frm/thr
ead/5a5174831f1d219a/759d132c7068807f?lnk=st&q=24.70.95.211+group%3A*abuse*&
rnum=2#759d132c7068807f
http://groups.google.ca/groups/search?q=http%3A%2F%2Flegal-rx.blogspot.com%2
Findex.html&start=0&filter=0
"Dui Lawyer Killed by client"
spamrun on Feb 8 - 10 2007
http://groups.google.ca/groups/search?q=http%3A%2F%2Fdue-law.blogspot.com&st
art=0&filter=0
Spammed to 50+ groups.
http://Ontario.news.jobshopcanada.com/job_details/1985916/Industrial+
http://groups.google.ca/group/de.admin.net-abuse.announce/browse_frm/thread/
3845ed9e63885de2/a279a9e1be7d0ceb?lnk=st&q=64.59.135.176&rnum=16#a279a9e1be7
d0ceb
10 postings on 17 Jan 2007, 19 Jan 2007, 20 Jan 2007, 21 Jan 2007
Substantively identical, advertising the same service:
Hot Smutty Videos
Each posted to exactly one group. All together these are:
de.alt.dateien.misc
de.alt.dateien.weibsbilder
Extent of the spam:
BI BI2 ACI MESSAGE-ID
--------------------------------------------------
1.000 1.000 4 <PJgrh.688078$R63.422969@pd7urf1no>
1.000 1.000 4 <5oksh.715013$5R2.171689@pd7urf3no>
1.000 1.000 4 <gO%rh.686808$1T2.458622@pd7urf2no>
1.000 1.000 4 <SPFsh.737621$5R2.709039@pd7urf3no>
1.000 1.000 4 <gO%rh.686807$1T2.65919@pd7urf2no>
1.000 1.000 4 <SPFsh.737620$5R2.231614@pd7urf3no>
1.000 1.000 4 <OJgrh.677437$5R2.477517@pd7urf3no>
1.000 1.000 4 <3BSsh.753432$1T2.148975@pd7urf2no>
1.000 1.000 4 <2BSsh.753431$1T2.256673@pd7urf2no>
1.000 1.000 4 <5oksh.715012$5R2.482633@pd7urf3no>
--------------------------------------------------
10.000 10.000 40
According to <Result-festlegung-bi-06-05-1...@dana.de>
(http://home.snafu.de/hweede/debi.txt) the limit for the
BI in de.* is 5.
Headers of one such posting:
Path:
news.albasani.net!newsfeed.freenet.de!newspeer1.nwr.nac.net!border2.nntp.dca
.giganews.com!nntp.giganews.com!pd7cy1no!pd7cy2no!shaw.ca!pd7urf1no.POSTED!5
3ab2750!not-for-mail
X-Trace-PostClient-IP: 68.146.240.32
From: Kelvin<homeyl...@ghetonews.com>
Newsgroups: de.alt.dateien.weibsbilder
Subject: Testing
X-Newsreader: Mozilla/4.0 (comp4tible; MSIE 5.0; Windows BS; Zbinladen
Poster)
Content-Type: text/html
Lines: 26
Message-ID: <PJgrh.688078$R63.422969@pd7urf1no>
Date: Wed, 17 Jan 2007 03:28:47 GMT
NNTP-Posting-Host: 64.59.135.176
X-Complaints-To: a...@shaw.ca
X-Trace: pd7urf1no 1169004527 64.59.135.176 (Tue, 16 Jan 2007 20:28:47 MST)
NNTP-Posting-Date: Tue, 16 Jan 2007 20:28:47 MST
Organization: Shaw Residential Internet
http://groups.google.ca/groups/search?q=64.59.135.176&qt_s=Search+Groups
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
9a5e9d7a99b62573/ace60305df5b05f5?lnk=st&q=64.59.135.176&rnum=100#ace60305df
5b05f5
10 postings on 17 Jan 2007, 19 Jan 2007, 20 Jan 2007, 21 Jan 2007
Substantively identical, advertising the same service:
Hot Smutty Videos
Each posted to exactly one group. All together these are:
de.alt.dateien.misc
de.alt.dateien.weibsbilder
Extent of the spam:
BI BI2 ACI MESSAGE-ID
--------------------------------------------------
1.000 1.000 4 <PJgrh.688078$R63.422969@pd7urf1no>
1.000 1.000 4 <5oksh.715013$5R2.171689@pd7urf3no>
1.000 1.000 4 <gO%rh.686808$1T2.458622@pd7urf2no>
1.000 1.000 4 <SPFsh.737621$5R2.709039@pd7urf3no>
1.000 1.000 4 <gO%rh.686807$1T2.65919@pd7urf2no>
1.000 1.000 4 <SPFsh.737620$5R2.231614@pd7urf3no>
1.000 1.000 4 <OJgrh.677437$5R2.477517@pd7urf3no>
1.000 1.000 4 <3BSsh.753432$1T2.148975@pd7urf2no>
1.000 1.000 4 <2BSsh.753431$1T2.256673@pd7urf2no>
1.000 1.000 4 <5oksh.715012$5R2.482633@pd7urf3no>
--------------------------------------------------
10.000 10.000 40
According to <Result-festlegung-bi-06-05-1...@dana.de>
(http://home.snafu.de/hweede/debi.txt) the limit for the
BI in de.* is 5.
Headers of one such posting:
Path:
news.albasani.net!newsfeed.freenet.de!newspeer1.nwr.nac.net!border2.nntp.dca
.giganews.com!nntp.giganews.com!pd7cy1no!pd7cy2no!shaw.ca!pd7urf1no.POSTED!5
3ab2750!not-for-mail
X-Trace-PostClient-IP: 68.146.240.32
From: Kelvin<homeyl...@ghetonews.com>
Newsgroups: de.alt.dateien.weibsbilder
Subject: Testing
X-Newsreader: Mozilla/4.0 (comp4tible; MSIE 5.0; Windows BS; Zbinladen
Poster)
Content-Type: text/html
Lines: 26
Message-ID: <PJgrh.688078$R63.422969@pd7urf1no>
Date: Wed, 17 Jan 2007 03:28:47 GMT
NNTP-Posting-Host: 64.59.135.176
X-Complaints-To: a...@shaw.ca
X-Trace: pd7urf1no 1169004527 64.59.135.176 (Tue, 16 Jan 2007 20:28:47 MST)
NNTP-Posting-Date: Tue, 16 Jan 2007 20:28:47 MST
Organization: Shaw Residential Internet
Again as I said in my last post the Excessive Cross
Posting (ECP) is more then enough reason for a
UDP against Shaw cable.
You people need to start looking at all the Data
I am presenting. I have presented MORE then enough
of a reason for a UDP against Shaw Cable.
Marc Bissonnette
news:guest.20070313032035$43...@news.killfile.org:
[snip]
> You people need to start looking at all the Data
> I am presenting. I have presented MORE then enough
> of a reason for a UDP against Shaw Cable.
And you need to start acting more maturely when people disagree with you.
Yours is *one* opinion. Even in the chaotic democracy that is Usenet, your
opinion alone is insufficient for a UDP to be implemented.
--
Marc Bissonnette
Looking for a new ISP? http://www.canadianisp.com
Largest ISP comparison site across Canada.
col...@darkshado.ca
> Jamie <col...@darkshado.ca> altered the spacetime fabric by disgorging
> news:guest.20070313032035$43...@news.killfile.org:
>
> [snip]
>
> > You people need to start looking at all the Data
> > I am presenting. I have presented MORE then enough
> > of a reason for a UDP against Shaw Cable.
>
> And you need to start acting more maturely when people disagree with you.
>
> Yours is *one* opinion. Even in the chaotic democracy that is Usenet, your
> opinion alone is insufficient for a UDP to be implemented.
>
>
>
Thats BS You need to grow up a bit and stop
trolling this newsgroup.
The data I posted about the spam comming
from SHAW *IS* enough of a reason for
Marc Bissonnette
> Marc Bissonnette <dragnet\_@_/internalysis.com> writes:
>
>> Jamie <col...@darkshado.ca> altered the spacetime fabric by
>> disgorging news:guest.20070313032035$43...@news.killfile.org:
>>
>> [snip]
>>
>> > You people need to start looking at all the Data
>> > I am presenting. I have presented MORE then enough
>> > of a reason for a UDP against Shaw Cable.
>>
>> And you need to start acting more maturely when people disagree with
>> you.
>>
>> Yours is *one* opinion. Even in the chaotic democracy that is Usenet,
>> your opinion alone is insufficient for a UDP to be implemented.
>>
>>
>>
>
> Thats BS You need to grow up a bit and stop
> trolling this newsgroup.
Not only is that the pot calling the kettle black, but telling it it's made
of iron and exposed to heat on a regular basis.
You need to stop attacking people with whom you perceive a disagreement
with. You will not find a single admin willing to entertain your ideas when
you do nothing but enjoin them with infantile insults and general noise
with your responses.
> The data I posted about the spam comming
> from SHAW *IS* enough of a reason for
> a UDP against Shaw Cable.
In *your* opinion, which you have yet to find a single person to agree with
you regarding it's severity or relevancy.
Deal with it.
Hal Murray
>Thats BS You need to grow up a bit and stop
>trolling this newsgroup.
>
>The data I posted about the spam comming
>from SHAW *IS* enough of a reason for
>a UDP against Shaw Cable.
If you think there is sufficient data, they please go ahead
and implement the UDP on all the news servers that you control.
If you want other people to do the same, you should probably
pay attention to the suggestions that have been made in this thread.
--
These are my opinions, not necessarily my employer's. I hate spam.
Jamie
Yet more lies from this troll. There are others who
are also asking for a UDP against Shaw because they
recogonize that the spam comming from Shaw's server
is a threat. Other people are in support
of a UDP against Shaw they actually have a clue
you do NOT.
The proof is bellow now do you want to retract
your statement? actually dont' even bother
posting again you are just making an ass
of yourself. Do everyone a favour and stop
posting all together and trolling this
group.
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
279acb168859f17e/fa9076d62b760ddd?lnk=st&q=Shaw+UDP&rnum=8#fa9076d62b760ddd
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
d75f9ca0f1d5c05b/36dbf1191ea8c278?lnk=st&q=Shaw+UDP&rnum=1#36dbf1191ea8c278
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
48819e44da9bf6c9/b2404df163a77bf0?lnk=st&q=Shaw+UDP&rnum=2#b2404df163a77bf0
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
abee35ab1905b40a/b5d49fc392116041?lnk=st&q=Shaw+UDP&rnum=3#b5d49fc392116041
http://groups.google.ca/group/alt.fr.misc.engeulades/browse_frm/thread/204c0
ee8ffb0e5df/6844833882c5adf6?lnk=st&q=Shaw+UDP&rnum=4#6844833882c5adf6
http://groups.google.ca/group/news.admin.net-abuse.usenet/browse_frm/thread/
4122d53f0bd07b4f/6b142ed60dfea1f7?lnk=st&q=Shaw+UDP&rnum=6#6b142ed60dfea1f7
Bye bye Troll *PLONK* When you can get your facts
straight I might unblock you in a year or so.
There has been quite a few requests for a UDP
against Shaw currently and in the past
due to thier spammy ways.
I say the request be honored and shaw be UDPed
till such time as they properly secure their
network and servers.
Jamie
Seth Breidbart
Jamie <col...@darkshado.ca> wrote:
>Tim Skirvin <tski...@killfile.org> writes:
>> The group is robo-moderated, actually. But if you think that this
>> is really a problem, I could probably be convinced to stop the thread by
>> blocking the main offender.
Tim's message seems to have disappeared here. I wonder who might have
cancelled it.
>FYI the main offender is Etaion Shrdlu and Geoff Brozny.
The main offender has posted more to this thread than both of them
together.
Seth
Cletis Perkins
>
> FYI the main offender is Etaion Shrdlu and Geoff Brozny.
> If you get them to stop spamming the thread then every
> thing will be fine.
>
HAHAHA Fuck HAHA!!!! Fuck you made fuck an ASS of your fuck self here
dip shit cunt!!! Your a Fuck Nigger SpamFuck!!! Fuck how the fuck can
you be so fuck stupid????
Fuck for those fuck interested in bringing this fuck criminal spammer
to fuck justice, you can find him fuck at fuck
Jamie Baillie
3-42 Saranac Blvd
North York, ON
Canada, M6A 2G5
Home Phone #: 416-781-0627
Cell Phone #: 416-450-1717
Fuck take care of this dipfuck now!!! Fuck!
Cletis.
Cletis Perkins
wrote:
>
> That's because they know who you are after they googled for "Jamie Baillie
> spammer".
>
> You just reaped what you sowed.
>
> Now just vanish and be forgotten.
>
Fuck fuck you fagget shit! Fuck you fuck in Canada fuck you do some
shit and get rid of spamfuck for fuck us!!! then fuck perhaps fuck you
will get fuck some respect with the KKK fuck ok? Fuck quit jacking off
you fag and fuck get to work pinco shit fuck. Fuck SpamFuck is stupid
fuck as a bitch as they fuck get. Fuck we do not need you to fuck post
shit in here bitch. Fuck.
Cletis.
Chris Lewis
> David Ritz <dritz+...@suespammers.org> writes:
> > I'm sorry, but this appears to assume facts which are not in
> > evidence. I, for one, have received some excellent feedback from
> > Shaw. I'll also point out, that its going to be more helpful, if
> > you were to focus on the specific issue, and be prepared to back up
> > your assertions with facts.
> >
> David you are obviously either just trolling this group
> or are pretty blind beacuse I have provided massive amounts
> of spam samples and documentation showing that since
> the last UDP against @Home which Shaw was a part
> of that the spam has continued to increase and
> that Shaw has very long history of abuse and refuse to
> do anything to stop it.
David is neither blind nor trolling. As one of the past implementors
of UDPs (I think I participated in all of them that ever occured),
I can assure you that David is _it_ as far as UDP process/history
goes. If he says that Shaw wasn't part of the Home UDP, and in fact
that the Home UDP never took place, he's right.
He did "our" research, grunt work and announcements. His analysis,
investigative abilities and record keeping are second to none.
The rest of us did the easy part. Implementing the UDP.
Given the time frame, I would have participated in the Home UDP.
I didn't, because it didn't happen.
> I already have backed up my facts with a lot of evidence
> that you either seemed to miss reading or just plain
> ignored. Go back and read my complaint again.
David went through your evidence, as did I, and threw out everything
that had _nothing_ whatsoever to do with justifying a Usenet UDP or
was way too old to be relevant. Duplicate reports of the same
many year old incidents are irrelevant. Complaining about DNS
configuration is irrelevant. Etc.
Shaw is actually quite responsive. I sometimes work with Shaw
at a very high level and they handle things promptly.
Shaw _certainly_ has severe problems in the email space (the only major
Canadian ISP not yet doing outbound port 25 blocking), but that has
nothing whatsoever to do with a Usenet UDP.
If you want to present a case for a UDP, you need to show evidence
of substantial numbers of current and ongoing abuse-of-Usenet issues
that persist beyond a day or two after Shaw being told about them.
--
Chris Lewis,
Age and Treachery will Triumph over Youth and Skill
It's not just anyone who gets a Starship Cruiser class named after them.
Etaoin Shrdlu
> According to Jamie <col...@darkshado.ca>:
>> David you are obviously either just trolling this group
> David is neither blind nor trolling. As one of the past implementors
> of UDPs (I think I participated in all of them that ever occured),
> I can assure you that David is _it_ as far as UDP process/history
You may be advised to do some research on Google with "Jamie Baillie
Spammer", and find out with whom you are currently arguing.
Sorry.
Rebecca Ore
>
> Do you have any clue who David Ritz is? Free hint: A UDP requires a
> number of major sites to take action. David is an admin of a major
> site. If you're trying to convince people of the validity of a UDP,
> David Ritz is one of those people.
>
Correction. David Ritz is probably the world's living authority on UDPs, how
to manage and coordinate them, and even better, how to get sites to avoid them.
He's a friend to many major site administrators, but I don't believe he is
himself an admin at this point.
Edward A. Falk
Chris Lewis <cle...@nortel.com> wrote:
>
>Given the time frame, I would have participated in the Home UDP.
>I didn't, because it didn't happen.
Chris speaks truth.
UDP against @Home was announced on 12 Jan 2000, scheduled to begin on
18 Jan. @Home responded on 13 Jan that they would deal with the problem
and the UDP was called off.
http://groups.google.com/group/news.admin.net-abuse.usenet/msg/6550f70c4f1a7f02
http://www.rahul.net/falk/news.html#HomeUDP3
http://www.rahul.net/falk/udpnews.html#athome
--
-Ed Falk, fa...@despams.r.us.com
http://thespamdiaries.blogspot.com/
Howard Knight
: David Ritz is probably the world's living authority on UDPs...
I prefer the word "expert" instead of "authority". Sorry to
nit-pick. :-)
Howard