Who is peering all these spams ostensibly from Google Groups?

[Wally J]

Who is peering all these spams ostensibly from Google Groups?
<http://groups.google.com/g/comp.mobile.android>

In the past few weeks, what I'll call "indonesian" spam has been
increasing but not to the level of this "movie" spam which is now
hundreds per day (at least it is on the Android newsgroup).

While the headers look like they're coming from Google Groups,
I'm aware that headers could be forged such that it could be
coming from a rogue nntp server sending all this spam.

But then why are the reputable nntp news server admins peering
these spams?

I realize every line in the header can be spoofed (even the
path can have information injected into it), but I don't know
how to read headers well.

Is there any way to tell from the header who is peering them.
To help you answer this question, below are just 3 random spams.

========< cut here for random spams >========
X-Received: by 2002:a0c:ed31:0:b0:67a:b50a:cf46 with SMTP id u17-20020a0ced31000000b0067ab50acf46mr63374qvq.7.1701623906718; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
X-Received: by 2002:a05:6870:f293:b0:1fb:2688:896e with SMTP id u19-20020a056870f29300b001fb2688896emr1145397oap.8.1701623906460; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:18:26 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S
NNTP-Posting-Host: 202.46.68.61
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d2da9b7d-4ac6-43dc...@googlegroups.com>
Subject: [.WATCH.] Renaissance: A Film By Beyoncé Watch (FullMovie) Free Online ON STREAMINGS
From: Atto Lorse <atto...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:18:26 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 3761
Xref: . comp.mobile.android:110200
========< cut here for random spams >========
X-Received: by 2002:a05:6214:1fc4:b0:67a:262e:35b5 with SMTP id jh4-20020a0562141fc400b0067a262e35b5mr642984qvb.9.1701622417293; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
X-Received: by 2002:a9d:5cc6:0:b0:6d8:1345:7de4 with SMTP id r6-20020a9d5cc6000000b006d813457de4mr1630461oti.7.1701622417090; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 08:53:36 -0800 (PST)
In-Reply-To: <f5e007ca-f669-4d58...@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx
NNTP-Posting-Host: 118.179.109.17
References: <f5e007ca-f669-4d58...@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f09f38dc-333c-4e8a...@googlegroups.com>
Subject: Re: [.WATCH.] It Came from Dimension X Watch (.FullMovie.) Free Online On STREAMINGS
From: Derrick Matthews <derrickma...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 16:53:37 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 5359
Xref: . comp.mobile.android:110194
========< cut here for random spams >========
X-Received: by 2002:a05:622a:103:b0:423:72a5:a7da with SMTP id u3-20020a05622a010300b0042372a5a7damr969557qtw.8.1701624819984; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
X-Received: by 2002:a9d:6a8f:0:b0:6d8:8052:2ec8 with SMTP id l15-20020a9d6a8f000000b006d880522ec8mr627917otq.2.1701624819695; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
Path: .!news2.arglkargh.de!2.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:33:39 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8
NNTP-Posting-Host: 93.177.75.198
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <fa356544-c7a3-4d01...@googlegroups.com>
Subject: **Wish 2023 free '.Fullmovie.' Online English HD 720p, 480p
From: Raden Surya Sigadiraja <radensurya...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:33:39 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 16654
Xref: . comp.mobile.android:110202
--
TIA

[The Doctor]

In article <ukinav$m4i7$1...@paganini.bofh.team>,

More reason to depeer Google GRoups now!
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

[Wally J]

The Doctor <doc...@doctor.nl2k.ab.ca> wrote

> More reason to depeer Google GRoups now!

I don't know what "depeer" means, but I suspect it means to nuke it.
Sometimes nuking is appropriate. Most of the time it's too drastic.

Cutting out this spam should be as easy as not peering it - should it not?
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this spam?

But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.

For example, I'm assuming that none of this spam actually is coming from
google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.

How can we tell who peered it first from the originating rouge nntp server?

Here's a thread which brought up the subject where each recipient has to
figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
Like this thread, posted today, trying to solve this exact problem.
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>

The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.

So I 'suspect' that it's coming from a rogue nntp news server.
Which is why I'm asking the question that I'm asking.

[Grant Taylor]

On 12/3/23 14:10, Wally J wrote:
> Who is peering all these spams ostensibly from Google Groups?

Ostensibly any news master that is not filtering Google Groups carte
blanch is peering / feeding these articles. Few are directly peered
with Google, more are downstream peers.



Grant. . . .

[Grant Taylor]

On 12/3/23 14:29, Wally J wrote:
> I don't know what "depeer" means, but I suspect it means to nuke it.

Depeering means to no longer carry any articles from a news server.

> Sometimes nuking is appropriate. Most of the time it's too drastic.
>
> Cutting out this spam should be as easy as not peering it - should it not?

It's relatively easy to filter out /everything/ from Google.

It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.

> For example, I'm assuming that none of this spam actually is coming from
> google posters - I'm assuming it's all coming from a roge nntp server who
> is impersonating a google groups poster.

Every single one that I've looked at the message /has/ /in/ /fact/
originated from Google and been sent out to Usenet at large.

> How can we tell who peered it first from the originating rouge nntp server?

Google is the rogue NNTP server that is the source of the spam.

> Here's a thread which brought up the subject where each recipient has to
> figure out on his own newsreader how to nuke this spam which purports to
> come from Google Groups (I suspect it comes from a rogue

You suppose wrong.

The spam /is/ originating from Google.

> The only reason I doubt this spam is coming from google users is Google
> would put a stop to this - but it's been happening for weeks on end.

HA! If only.

Google is an extremely bad for Usenet and an even worse steward for the
Dejanews archive.

> So I 'suspect' that it's coming from a rogue nntp news server.

You suspect wrong.

> Which is why I'm asking the question that I'm asking.
>
> Who is peering all these spams ostensibly from Google Groups?

Look at the Path: headers to answer your own questions.



--
Grant. . . .

[Marco Moock]

Am 03.12.2023 um 16:29:06 Uhr schrieb Wally J:

> The Doctor <doc...@doctor.nl2k.ab.ca> wrote
>
> > More reason to depeer Google GRoups now!
>
> I don't know what "depeer" means, but I suspect it means to nuke it.
> Sometimes nuking is appropriate. Most of the time it's too drastic.

Removing the peering to google groups. Only server that currently peer
can do that.
If all of them removed the peering, post can't go from GG to other
servers and vice-versa.

> Cutting out this spam should be as easy as not peering it - should it
> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>

It is possible to filter for injection-info.
Google Groups places a correct header and the path also matches that.

> I'm not for knee-jerk reactions, but targeted surgical strikes.
> Maybe the problem is a single reliable news server is peering this
> spam?

No, the problem is Google because Google doesn't stop people from
abusing their services.

> But I don't know enough about headers to determine who is peering it.
> I can read the path but I know the path can have injected components.

Forging a path is possible, but rather unlikely.
Direct peers of GG can confirm that the path isn't forged.

> For example, I'm assuming that none of this spam actually is coming
> from google posters - I'm assuming it's all coming from a roge nntp
> server who is impersonating a google groups poster.

Wrong summption.

> How can we tell who peered it first from the originating rouge nntp
> server?

You can find who peers if you write a script and extract the patrh
header and extract only the servers that are left of the googel groups
part.

Path:
eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail


E.g. news.highwinds-media.com peer with Google.

> The only reason I doubt this spam is coming from google users is
> Google would put a stop to this - but it's been happening for weeks
> on end.

No, Google doesn't care about it. They also don't care about spam on
their web services nor abuse from their IP ranges hosted for others.

[candycanearter07]

On 12/3/23 14:36, Grant Taylor wrote:
> On 12/3/23 14:29, Wally J wrote:
>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.
>
>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it
>> not?
>
> It's relatively easy to filter out /everything/ from Google.
>
> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

Yeah. I just filter everything from Google.
--
user <candycane> is generated from /dev/urandom

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.

Hi Grant,

Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
been able to figure it out on my own. Thanks for being nice about my faux
pas. It was stupid of me to not realize that's what it had meant.

Especially since that was my whole point.

How do you de-peer the spams (which I suspect are not coming from Google).
<https://groups.google.com/g/comp.mobile.android>
(EDIT: I see below that you suspect they _are_ coming from Google though.)

There are hundreds just today alone that anyone can see are clearly spam.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it not?
>
> It's relatively easy to filter out /everything/ from Google.

I am almost 86 so I lived through the days when we'd complain to a host
admin that someone spammed us once in a month or two, and then I lived
through making my own procmail filters on SunOS, so I'm familiar with the
fact that it's just plain stupid to filter out everything from Google.

People do it all the time.
But only stupid people do it.

A smart admin would have a smarter filter than "everything".
Worse....

I suspect NONE of this spam is actually coming from Google anyway.
(But I just saw below that you suspect they _are_ coming from Google.)

For a filter, it's the same thing of course, but isn't it different to an
nntp server who can tell where it's coming from better than I can tell?

> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

I'm sure that's why they seem to be changing up the subject, headers, from,
injection information, etc. in those headers.

I'm almost certain (based on the modus operandi) that NONE of them are
actually coming from Google servers but I saw below that you're sure they
are, so I'd just ask how you know since almost everything in the header can
be forged (as far as I know) except for the final path in the header.

>> For example, I'm assuming that none of this spam actually is coming from
>> google posters - I'm assuming it's all coming from a roge nntp server who
>> is impersonating a google groups poster.
>
> Every single one that I've looked at the message /has/ /in/ /fact/
> originated from Google and been sent out to Usenet at large.

Oh. Really? I didn't see this until now. I was pretty sure none was coming
from Google simply because they'd put a stop to abuse pretty quickly you'd
think. And this is clearly abuse.

Is there a way (that works) to _complain_ to Google about it?
Maybe they care?

>> How can we tell who peered it first from the originating rouge nntp server?
>
> Google is the rogue NNTP server that is the source of the spam.

I understand belatedly that you believe that - but how can you tell?
I can't tell.

Sure the message-ID is an indication.
And the newsreader. But that can be forged.

About the only thing that can't be forged are sections of the path.
But they can 'inject' stuff into the path that is meaningless.

So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)

We have to confirm if it's coming from Google because the solution then is
at Google whereas if they're just spoofing Google, the solution is
elsewhere.

>
>> Here's a thread which brought up the subject where each recipient has to
>> figure out on his own newsreader how to nuke this spam which purports to
>> come from Google Groups (I suspect it comes from a rogue
>
> You suppose wrong.
>
> The spam /is/ originating from Google.

By now I see that you feel strongly it's coming from Google.
But how do you know?

And more importantly, how does "de-peering" happen so that it stops?

>> The only reason I doubt this spam is coming from google users is Google
>> would put a stop to this - but it's been happening for weeks on end.
>
> HA! If only.
>
> Google is an extremely bad for Usenet and an even worse steward for the
> Dejanews archive.

I lived through DejaNews so I'm aware of what you say, and I certainly know
a google search on the real google.com is different in functionality than a
search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
least DejaGoogle exists.

I use it only for a lookup/search/reference engine, which it's very good at
but I wouldn't even think of posting using Google Groups for all the
reasons that nobody would be caught dead using AOL in the olden days.

>> So I 'suspect' that it's coming from a rogue nntp news server.
>
> You suspect wrong.

OK. So you think it's coming from Google. And that means Google either
doesn't know about it - or - Google isn't doing anything about it.

Is there any way to "complain" to Google to figure out which it is?

>
>> Which is why I'm asking the question that I'm asking.
>>
>> Who is peering all these spams ostensibly from Google Groups?
>
> Look at the Path: headers to answer your own questions.

The PATH (read right to left of course) isn't meaningful when anyone clever
can inject components into it.

I don't know what portion of the path is inviolable though.
Do you?

Assuming they're injecting into the path, what part of the path in the
previously listed spams do you think are actually real?

[Tom Furie]

Wally J <walte...@invalid.nospam> writes:

> Grant Taylor <gta...@tnetconsulting.net> wrote

>> Google is the rogue NNTP server that is the source of the spam.
>
> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

> About the only thing that can't be forged are sections of the path.
> But they can 'inject' stuff into the path that is meaningless.
>
> So how do you know that it's really coming from Google servers?
> (I strongly suspect it is not for the reasons I already stated.)

>> Look at the Path: headers to answer your own questions.
>
> The PATH (read right to left of course) isn't meaningful when anyone clever
> can inject components into it.
>
> I don't know what portion of the path is inviolable though.
> Do you?
>
> Assuming they're injecting into the path, what part of the path in the
> previously listed spams do you think are actually real?

Look at the path on a random sampling of posts, they will likely come
into your news server from a variety of its peers. Look to see where the
path reconverges...

Are these "Google impersonators" going to go to the effort of spoofing
that many differing path components?

[Wally J]

Marco Moock <mm+use...@dorfdsl.de> wrote

> Removing the peering to google groups. Only server that currently peer
> can do that.
> If all of them removed the peering, post can't go from GG to other
> servers and vice-versa.

OK. Grant also said the spam is really coming from Google servers, which is
disappointing at best, and almost criminal at worst - but it is what it is.

Certainly we can all blindly filter out EVERYTHING from Google Groups.
And maybe that's what we'll have to do as I don't think I've ever seen a
Usenet post from a Google Groups' poster that held any pertinent value.

But before I do that, I still think there must be a better way, where what
some people do on c.m.a is check a whitelist and then plonk if not in it.

But that's gonna be newsreader-specific code (unlike procmail was).

>> Cutting out this spam should be as easy as not peering it - should it
>> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
> It is possible to filter for injection-info.
> Google Groups places a correct header and the path also matches that.

Hmmmmm.... The purpose of this thread wasn't to create my own filter (as I
could always have done that) but let me look at the injection information.

Previous Spam 1:
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Previous Spam 2:
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx

Previous Spam 3:
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8

If that's not spoofed, then the only thing I'd need is to filter
out anything with "google-groups.googlegroups.com" if it's real.

What I'll do in a subsequent post is see if I can add that one line
to my header - and if I can - which I suspect I can - it's not reliable.

But maybe I can't. I don't know. I'm not all that clever.
But I know how to use Telnet so I can try it. Later.

Even so, any of us can filter it out but the problem is at the
peering, so now I understand the suggestion of "de-peering" better!

>
>> I'm not for knee-jerk reactions, but targeted surgical strikes.
>> Maybe the problem is a single reliable news server is peering this
>> spam?
>
> No, the problem is Google because Google doesn't stop people from
> abusing their services.

Got it.
If that's the case, then there are only three possible solutions:
a. Solve it at Google
b. Solve it at the peering level
c. Solve it as the user level

One by one, that's what I will try to do, where you can help (royal you)
by letting me know if there is a way to complain to Google about it.

>> But I don't know enough about headers to determine who is peering it.
>> I can read the path but I know the path can have injected components.
>
> Forging a path is possible, but rather unlikely.
> Direct peers of GG can confirm that the path isn't forged.

As I said, I'm astounded Google is allowing this to happen when
they won't even let me log into my long-time email from the VPN
service I've been using for years - but Google is Google after all.

If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
is truly coming from Google servers, then that's where the solution lies.

>> For example, I'm assuming that none of this spam actually is coming
>> from google posters - I'm assuming it's all coming from a roge nntp
>> server who is impersonating a google groups poster.
>
> Wrong summption.

I haven't seen proof. But I openly instantly and readily admit that
I don't know what any of you know, so I will accept that it's google.

>> How can we tell who peered it first from the originating rouge nntp
>> server?
>
> You can find who peers if you write a script and extract the patrh
> header and extract only the servers that are left of the googel groups
> part.

That's assuming the "google groups part" isn't itself forged though.

> Path:
> eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>
> E.g. news.highwinds-media.com peer with Google.

Shit. Highwinds doesn't give a shit. You probably know that.
I've complained to them many times in the past. They do nothing.

Hell, Rod Speed issued instructions to murder me using Highwinds.
Just because I was able to get Paolo Amaroso to blacklist a.h.r.
And they didn't even care (although I did call the FBI about it).

Even Google put his email on a suspension once I wrote a formal
letter which included the report to the FBI - but I don't know
what happened of it as they told me never to contact him ever.

That was hard enough.

It's even worse with Highwinds because I'm sure legitimate posters
must use it (do they?). If so, then highwinds can't be de-peered.

I was hoping it was someone reputable, like Steve or Jesse
or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

Bummer. Highwinds is one of the worst in my opinion, at least in
terms of getting spammers booted.

Is there someone at highwinds you'd recommend we contact to
solve this - or has that long ago already been done (I suspect)?

>> The only reason I doubt this spam is coming from google users is
>> Google would put a stop to this - but it's been happening for weeks
>> on end.
>
> No, Google doesn't care about it. They also don't care about spam on
> their web services nor abuse from their IP ranges hosted for others.

That's a big problem. I'm pretty persistent but even I had to try hard to
talk to a human in Mountainview when I needed a change in their routing.

Finally after many calls (it's essentially impossible to get someone unless
you know someone who knows exactly the someone you need to talk to) I was
able to get it fixed, but the elapsed time was months in between.

It might even be worse here because at least Google cares about Maps.

Does anyone know of a way to _complain_ about it that exists somewhere?

[Wally J]

Wally J <walte...@invalid.nospam> wrote

> What I'll do in a subsequent post is see if I can add that one line
> to my header - and if I can - which I suspect I can - it's not reliable.

OK. I tried with a couple of news servers (Ivo's & Ray's).

I set the "injection-info" header to this (from the spam).
Add_Headers = Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Both servers the error below (which you knew but I did not).
"Posting article failed: Can't set system Injection-Info: header

Unless there's a compliant nntp server, I'll accept that the
Injection-Info header can't be (trivially easily) forged.

At least not with a simple "telnet newsserver 119" session.

Thanks for letting me know I can filter on that line.
But this is best taken up with the powers that be in this order.

1. Google
2. Peers
3. Users

[Wally J]

Tom Furie <t...@furie.org.uk> wrote

>> Assuming they're injecting into the path, what part of the path in the
>> previously listed spams do you think are actually real?
>
> Look at the path on a random sampling of posts, they will likely come
> into your news server from a variety of its peers. Look to see where the
> path reconverges...
>
> Are these "Google impersonators" going to go to the effort of spoofing
> that many differing path components?

OK. Sorry for being dense. I am way behind but trying to catch up.

The solution can only be in this order (as far as I can tell).

1. Google
2. Peers
3. Users

I'm probably with most of you that nothing good ever came out of
a google groups post to Usenet so working backward, the users
can all filter on the system "Injection-Info: header" (which
moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
prevented that (as they should).

I'm wary that they can set up their own rogue server to allow
spoofing of that header but then I defer to your experience
and your sensible logic above that they'd have to fool peers.

So I'll belatedly accept Google is letting this happen.
With that in mind, I'm willing to "complain" to google.

But of course, I don't have any special connections other than
I live close to Mountainview and some of my buddies used to work there.

The two questions would be to ask:
a. Who wants to try to complain to Google (I'll try), and,
b. Who can get a hold of the highwinds server (they suck).

Note that I don't think either will be all that fruitful.
But I wonder if it's only highwinds that sucks (I've dealt
with them in the past and they just ignored everything).

Other than having every user filter out a google injection info,
what else can we do to stop these hundreds of spams daily?

[Grant Taylor]

On 12/3/23 17:07, Wally J wrote:
> Hi Grant,

Hi Wally,

> Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
> been able to figure it out on my own.

Apology returned to sender as unnecessary.

> Thanks for being nice about my faux
> pas. It was stupid of me to not realize that's what it had meant.

You're welcome.

I believe that people trying to engage in civil conversation deserve
civil responses.

I don't think stupid. If anything, unaware. But, you are now aware,
and therefor a little bit better off. :-)

> Especially since that was my whole point.

;-)

> How do you de-peer the spams (which I suspect are not coming from Google).

You don't de-peer individual messages. You de-peer ... peer news servers.

Few news servers directly peer with Google.

Most news servers peer with other news server(s) that eventually peer
with Google.

So the only way that most news server administrators have to de-peer
Google, in a manner of speaking, is to not allow messages from Google
into their news server.

> (EDIT: I see below that you suspect they _are_ coming from Google though.)
>
> There are hundreds just today alone that anyone can see are clearly spam.
> <https://i.postimg.cc/6pj29c6f/spam01.jpg>

Yep.

> I am almost 86 so I lived through the days when we'd complain to a host
> admin that someone spammed us once in a month or two, and then I lived
> through making my own procmail filters on SunOS, so I'm familiar with the
> fact that it's just plain stupid to filter out everything from Google.

I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
is a little bit different.

You may think it stupid that I have blocked all Google messages on my
server. But you are as free to have your opinion as I am to have mine. ;-)

The question is how much time is a news administrator willing to spend
combating spam before they block a site entirely?

Would you continue to accept messages from a small individual news
server if 1 in 1,000 server legitimate and the other 999 were blatant
spam? What if that was a university? What if it was google? What if
it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
when you would block an entire site because of the ratio of ham to spam?
Does the size of the site make any difference?

For me personally, I was spending an hour or more a day fighting Google
spam and only getting to enjoy participating in conversations like this
for about 15 minutes a day. After about two weeks of that, I decided to
try filtering Google for a few days to see what I thought of it. I've
got to say that I'm enjoying that 15 minutes on Usenet again and the
hour (plus) of time that I've gotten back every day.

Given that Usenet is flood full, all my peers that peer with someone
other than me can get their messages from Google another way.

I get to run my server the way that I want to. I choose to run my
server in a way that makes me happy, or at the very least doesn't
actively make me unhappy and want to shut it down.

> People do it all the time.
> But only stupid people do it.

I guess I'm a stupid person then.

> A smart admin would have a smarter filter than "everything".
> Worse....

I suspect you aren't intending to make a personal attack. But I'll ask
you politely to not insult people who make their own choice, even if you
don't agree with it.

> I suspect NONE of this spam is actually coming from Google anyway.
> (But I just saw below that you suspect they _are_ coming from Google.)
>
> For a filter, it's the same thing of course, but isn't it different to an
> nntp server who can tell where it's coming from better than I can tell?

NNTP servers have a modicum of trust in each other. As in only NNTP
peers are allowed to specify the Path header. Meaning that it's
considerably more difficult for a /client/ to provide a forged path.

All of the Google spam samples that I looked at had everything indicate
that it was from Google; Path, Message-ID, From, etc. -- I no longer
have any articles that originated from Google on my server as I had my
server search through nearly 28 million messages to remove any messages
from Google. -- That's how strongly I believe the spam originates from
Google.

Just about everybody else I've talked to believes the messages originate
from Google.

I can't recall anyone actually saying that the messages originate elsewhere.

There are those that keep an open mind and allow for the possibility
that they originate elsewhere.

Google is notoriously non-responsive for dealing with problems
originating from them into many ecosystems, Usenet is just the one being
discussed here.

As a former Google employee, I know how the people who supposedly are
responsible for -- what I call -- the Google Groups Usenet gateway treat
it at best as an also ran service.

Google has a quite bad reputation as being a source of spam in the email
community. All you need to do is look at the mailop / NANOG / Spammers
Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find
hundreds of people talking about Google being the source of spam email
and Usenet articles.

There is exceedingly little doubt that Google is a source of massive
amounts of spam.

I have not seen any evidence that supports that someone is trying to
frame Google by pretending to be them. -- I'd be quite curious to see
any such statements.

Google has responded to previous complaints about a few groups by making
them read-only. At which point the spammers shift to different
newsgroups. But this game of whack-a-mole is untenable and extremely slow.

While at Google I witnessed them take 18 months to halfheartedly and
ineffectively slow down, but not actually stop, spam originating from
calendar invites.

I experienced Google refusing to allow creation of new newsgroups for
something that had a long history and pattern of newsgroups. I was
ready to submit a change for the Windows 10 newsgroup to be created but
was told that my change would be rejected and to not bother. I asked
about the Firefox and Thunderbird newsgroups when Mozilla announced
discontinuation of their (outsourced) news servers and was told to not
even bother.

I wholeheartedly believe that Google /is/ the source of the spam that
appears to be from them and that they are not the victim of an attack.

> I'm sure that's why they seem to be changing up the subject, headers, from,
> injection information, etc. in those headers.

I think one of the reasons that there are so many different clusters of
similarities is because there are so many spammers each sending their
own type of spam.

A quote from a well known science fiction movie comes to mind, "You will
never find a more wretched hive of scum and villainy." Mos Eisley^W^W
Google.

> I'm almost certain (based on the modus operandi) that NONE of them are
> actually coming from Google servers but I saw below that you're sure they
> are, so I'd just ask how you know since almost everything in the header can
> be forged (as far as I know) except for the final path in the header.

I'd be very interested in how / why you are as certain that the messages
aren't originating from Google as I am that they are.

Please elaborate with a rebuttal to my comments above.

> Oh. Really? I didn't see this until now. I was pretty sure none was coming
> from Google simply because they'd put a stop to abuse pretty quickly you'd
> think. And this is clearly abuse.

Google want's you to think that they put a stop to spam quickly. But in
effect, they don't. (See above about well respected places to see
complaints.)

> Is there a way (that works) to _complain_ to Google about it?
> Maybe they care?

I'm not aware of anything that works.

> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

Deduction / accumulation of many observations / experience working with
the beast that is Google.

> Sure the message-ID is an indication.
> And the newsreader. But that can be forged.

The Path: header is quite a bit more difficult to forge without being a
news peer.

I'm not aware of any (reputable) news server daemon / configuration that
allows someone to spoof the Path: header.

Sure, news servers can feed peers spoofed Path: headers. But it's quite
difficult to do the original spoof without a corroborating news server.

I strongly suspect that if there was a corroborating news server /
administrator that was the source of the articles, the multiple people
spending hours a day fighting this blight would have identified it and
de-peered them without filtering Google.

The vast majority of people want to not filter Google. The sad reality
is that just about everybody has some point that filtering Google seems
reasonable to them. It's simply a question of what that point is. --
There's a crude joke that finishes with "we've already established that,
now we're just negotiating price".

> About the only thing that can't be forged are sections of the path.

Exactly.

> But they can 'inject' stuff into the path that is meaningless.

As I indicated above, injecting something into the Path can only be done
by /news/ /servers/. It's not something that properly configured news
servers allow clients to do.

As such, the injection is not something that end users can do.

> So how do you know that it's really coming from Google servers?
> (I strongly suspect it is not for the reasons I already stated.)

Deja vu. ;-)

> We have to confirm if it's coming from Google because the solution then is
> at Google whereas if they're just spoofing Google, the solution is
> elsewhere.

I hope that I've elaborated why I'm convinced that the spam is
originating at Google.

But I think it's worse than just needing to talk to Google.

At this point I believe that Google is actually complicit in their
negligent to do anything about it.

N.B. I don't consider making specific groups read-only in a game of
whack-a-mole to be sufficient.

N.B. I consider that Google's action of making some groups read-only to
be tantamount to admission that said group was a source of spam.

> By now I see that you feel strongly it's coming from Google.
> But how do you know?

Deja vu.

> And more importantly, how does "de-peering" happen so that it stops?

There is actual de-peering wherein the news servers that are actually /
directly peered with Google turn off the connection with Google.

Then there is filtering like what some of us have done wherein we make
our down-stream servers simply refuse to accept any articles that come
from Google.

There are multiple ways to detect if an article comes from Google. The
best is to look for postnews.google.com and / or
google-groups.googlegroups.com in the Path. Some choose to filter based
on part of the Message-ID: header. Still others choose to filter based
on the From: email address.

I have configured cleanfeed on my news server to reject messages from
postnews.google.com and google-groups.googlegroups.com. As such, my
server is happy to have articles from @gmail.com email addresses. -- I
doubt that anyone will bother spoofing a Message-ID:. But I'm happy to
have @gmail.com users send email through non-Google news servers.

> I lived through DejaNews so I'm aware of what you say, and I certainly know
> a google search on the real google.com is different in functionality than a
> search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
> least DejaGoogle exists.

As time passes, more and more of the access to Usenet articles through
Google Groups is taken away.

I wanted to see if I could see the Path: for spam in Google Groups as it
would be remarkably short if the spam existed in Google Groups and was
originating in Google Groups. But, sadly, "Show original message" is
greyed out.

> I use it only for a lookup/search/reference engine, which it's very good at
> but I wouldn't even think of posting using Google Groups for all the
> reasons that nobody would be caught dead using AOL in the olden days.

In my not so humble opinion, AOL at it's worst still has a better
reputation than Google currently does amongst news and email administrators.

If Google wasn't as big as they are, more admins would have blocked them
already.

It is only Google's size that causes admins to hesitate.

> OK. So you think it's coming from Google. And that means Google either
> doesn't know about it - or - Google isn't doing anything about it.

I very strongly believe that it's the latter; Google isn't doing
anything (effective) about it.

> Is there any way to "complain" to Google to figure out which it is?

I wasn't able to find anything effective while I was on the inside. In
fact, I was given -- let's go with -- the cold shoulder brush off and
actively discouraged to try to make things better.

> The PATH (read right to left of course) isn't meaningful when anyone clever
> can inject components into it.

But my understanding and working premises is that /not/ /just/ /anyone/
can spoof the Path: header.

> I don't know what portion of the path is inviolable though.
> Do you?

Both all of it for the average user and none of it for a news administrator.

My working understanding / premises is that news servers do not accept a
Path: header from end users. News servers only accept Path: headers
from other news servers. The news server appends it's name / path to
the left side of the Path: header contents.

As such, the only way to get postnews.google.com and / or
google-groups.googlegroups.com into the path without actually passing
through it is for a news server, or someone with news peer level access.

As you can probably see from a number of newsgroups, the text-only news
server community is relatively small and cooperative as well as being
well motivated to stop the spam.

I remain convinced that if there was someone pretending to be Google
originating this spam, that the community would have an idea and would
be working to depeer them.

> Assuming they're injecting into the path, what part of the path in the
> previously listed spams do you think are actually real?

I have not seen any reason to doubt the Path: because of the special
nature of the Path: header.

Maybe I'm wrong. If I am, please correct / enlighten me. I'd like to
learn more.

But everything that I've experienced thus far either directly indicates
or supports that the spam is originating from Google Groups.

[Grant Taylor]

On 12/3/23 18:07, Wally J wrote:
> OK. Sorry for being dense. I am way behind but trying to catch up.

Dense is okay.

You are asking intelligent questions and seem to want to understand and
learn.

I appreciate people who want to learn to understand in order to
formulate their own opinion.

This is true even if the opinion differs or you inadvertently call
someone stupid by referencing their actions.

> The solution can only be in this order (as far as I can tell).
> 1. Google
> 2. Peers
> 3. Users

Yes.

> I'm probably with most of you that nothing good ever came out of
> a google groups post to Usenet

I have personally had good conversations with people posting to Usenet
via Google Groups.

Sadly, I can no longer have discussions with those people as long as
they continue to use Google Groups.

Sadly, they are in the far minority, way less than 1%, of the messages
coming from Google.

> so working backward, the users
> can all filter on the system "Injection-Info: header" (which
> moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
> prevented that (as they should).

I don't know how protected the Injection-Info: header is. There's a
good chance that it is as protected as the Path: header.

> I'm wary that they can set up their own rogue server to allow
> spoofing of that header but then I defer to your experience
> and your sensible logic above that they'd have to fool peers.

News servers trust what peers send them. That's part of what is special
about being a peer news server.

As such, a rogue news server operator could inject malicious articles by
leveraging their access to spoof headers to cast shade on someone else.

Thankfully there are far fewer news administrators / peers than there
are end users of said servers.

> So I'll belatedly accept Google is letting this happen.
> With that in mind, I'm willing to "complain" to google.

By all means, please do.

But I suggest you not hold your breath.

> But of course, I don't have any special connections other than
> I live close to Mountainview and some of my buddies used to work there.

Used to work there hits quite close to home for me. -- I am one of the
7,000 in the U.S.A. / 12,000 around the world that found I no longer had
any access late January.

> The two questions would be to ask:
> a. Who wants to try to complain to Google (I'll try), and,

I suspect that more people have tried complaining in various ways;
between news masters peered with Google complaining directly to Google
to end users marking messages as spam in Google Groups.

> b. Who can get a hold of the highwinds server (they suck).

I don't know.

> Note that I don't think either will be all that fruitful.

I suspect it's far easier to get a hold of High Winds than trying to get
Google to do anything.

> But I wonder if it's only highwinds that sucks (I've dealt
> with them in the past and they just ignored everything).

Sounds like Google.

Though I got active rejections / "don't go there" while working inside
of / for the beast.

> Other than having every user filter out a google injection info,
> what else can we do to stop these hundreds of spams daily?

We can have the far fewer news administrators filter postnews.google.com
and / or google-groups.googlegroups.com hosts from their servers.

[Grant Taylor]

On 12/3/23 17:33, Wally J wrote:
> OK. Grant also said the spam is really coming from Google servers, which is
> disappointing at best, and almost criminal at worst - but it is what it is.

Yes, it's extremely disappointing.

> Certainly we can all blindly filter out EVERYTHING from Google Groups.

How many people need to take action to clean up after one bad but big
peer before the peer is made to go away?

> And maybe that's what we'll have to do as I don't think I've ever seen a
> Usenet post from a Google Groups' poster that held any pertinent value.

As I said elsewhere, I've had good conversations with people that post
to Usenet from Google Groups. It does happen.

> But before I do that, I still think there must be a better way, where what
> some people do on c.m.a is check a whitelist and then plonk if not in it.

How complicated of a filter do you want to set up and maintain?

> But that's gonna be newsreader-specific code (unlike procmail was).

Yep.

> But maybe I can't. I don't know. I'm not all that clever.
> But I know how to use Telnet so I can try it. Later.

Kudos for speaking NNTP via telnet. :-)

> Even so, any of us can filter it out but the problem is at the
> peering, so now I understand the suggestion of "de-peering" better!

The problem is Google.

Google is the singular source of the problem of spam from Google Groups.
The news servers / administrators peered with Google are less of the
problem. They are simply trying to be a common carrier and carry all
articles equally.

The peers aren't the source of the spam.

Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
with Google".

> As I said, I'm astounded Google is allowing this to happen when
> they won't even let me log into my long-time email from the VPN
> service I've been using for years - but Google is Google after all.

Google has incentive to block you from using a VPN. I can't articulate
what that incentive is, but I understand that your use of a VPN
adversely impacts their business model.

> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
> is truly coming from Google servers, then that's where the solution lies.

Yep.

> Even Google put his email on a suspension once I wrote a formal
> letter which included the report to the FBI - but I don't know
> what happened of it as they told me never to contact him ever.

Sadly, I suspect it's going to take something like a police / FBI report
to get attention of the people you need.

> That was hard enough.

Yep. Getting Google to stop spam that doesn't impact them in a segment
that they don't make any money from, that will be difficult.

This is especially true if Google is avoiding the backlash of shutting
down -- what I call -- their Google Groups Usenet gateway.

> It's even worse with Highwinds because I'm sure legitimate posters
> must use it (do they?). If so, then highwinds can't be de-peered.

HighWinds can be de-peered just like Google can be.

> I was hoping it was someone reputable, like Steve or Jesse
> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

If you want to get an individual person to rattle Google's cage, try to
get someone like Tavis Ormandy of Google's Project Zero.

> Finally after many calls (it's essentially impossible to get someone unless
> you know someone who knows exactly the someone you need to talk to) I was
> able to get it fixed, but the elapsed time was months in between.

That was for a broken routing issue.

Now just imagine for something that is working as intended / designed /
configured.

> It might even be worse here because at least Google cares about Maps.

Yep.

> Does anyone know of a way to _complain_ about it that exists somewhere?

Nope.

[Grant Taylor]

On 12/3/23 17:45, Wally J wrote:
> Both servers the error below (which you knew but I did not).
> "Posting article failed: Can't set system Injection-Info: header

Yep.

You're obviously not a configured / recognized peer and thus not allowed
to provide the Injection-Info: header.

I suspect that the Path: header is equally well protected.

> Unless there's a compliant nntp server, I'll accept that the
> Injection-Info header can't be (trivially easily) forged.

Hence why I say that end users can't spoof the Injection-Info: or the
Path: header.

This has to come from a trusted peer or the purported source.

> At least not with a simple "telnet newsserver 119" session.

*nod*

> Thanks for letting me know I can filter on that line.

So ... does this mean that you are starting to think about filtering all
messages from Google, at least in the newsgroup that you're interested in?

> But this is best taken up with the powers that be in this order.
>
> 1. Google

Almost certainly deaf ears and / or don't care.

> 2. Peers

Likely deaf ears and / or don't care.

> 3. Users

Yep.

Users are left to clean up the mess that others make way too often.

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

> Just about everybody else I've talked to believes the messages originate
> from Google.
>
> I can't recall anyone actually saying that the messages originate elsewhere.

OK. Thanks. I apologize for calling folks stupid as even I just now
implemented regex filters to filter out _all_ Google Usenet posts.

It's stupid; but it's the easiest thing to do. I agree. I just did it.
So call me stupid. I get it now.

If people want to post to Usenet, they will just have to know to not use
Google Groups to do it. That's the result. I'm filtering it now myself.

I apologize it took me this long to understand, but now I agree with all
the arguments that the news servers can't do much else given the newservers
they peer with peer with Google, where de-peering isn't as easy as I had
thought it would be.

It would have to be the news server doing EXACTLY what I just did.
Drop all messages coming from Google Groups users.

It's too bad _any_ news servers peer with Google then, it seems.

Namely Highwinds and Giganews (but I'm not sure which are the culprits).

Again, I am sorry I didnt' realize any of this when I had first posted.
It took me a bunch of articles to get up to speed where I see now why "my"
solution will have to be to just filter them _all_ out at receipt. Sigh.

Luckily it's easy as there are at least three headers which are unique.
Injection-Info: google-groups.googlegroups.com...
Message-ID: <...@googlegroups.com>
User-Agent: G2/1.0

Of those three, I can easily see why people prefer the "injection-info".
So now I'm filtering it all out. Sorry for taking so long to come to that
realization. I didn't know about the de-peering issues you brought up.

BTW, there's a project, I see, that tries to help users filter it all out.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Thanks for your help. My biggest hurdle was that I thought Google wouldn't
allow it, and that if it happened, they'd put a stop to it pronto.

I thought it was a fluke.
Someone slipping in an accidentally opened window.
One that Google would close the moment that they realized it was open.
Which is why I thought it more likely it went around Google.

But I have to agree with you that it's actually coming from Google.
Sigh.

I have friends who had worked there and they're all smart guys who know how
to code well. They just have to be given the task by Google Management.

[The Doctor]

In article <ukioei$m66l$1...@paganini.bofh.team>,

Depeer means dropping a newsfeeds as a peer.

[The Doctor]

In article <ukisac$30te6$2...@dont-email.me>,

Same here!

>--
>user <candycane> is generated from /dev/urandom
>

[The Doctor]

In article <ukjopv$bqb$1...@tncsrv09.home.tnetconsulting.net>,

Still paralyse GG by depeering them.

>
>
>--
>Grant. . . .

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

>> Thanks for letting me know I can filter on that line.
>
> So ... does this mean that you are starting to think about filtering all
> messages from Google, at least in the newsgroup that you're interested in?

Well, um, er... it's embarrassing, especially after I said it was stupid to
just filter out all Google Groups posts, but I've already implemented it.

So can I take my words back now? :)
I'm surprised you didn't ream me harder. Thanks for being nice about it.

>
>> But this is best taken up with the powers that be in this order.
>>
>> 1. Google
>
> Almost certainly deaf ears and / or don't care.

Given Google won't even let me log into my own email account on VPN, I
wasn't prepared when I asked the question for the answer to be that google
isn't doing a thing about it. It wasn't one of the considerations I had.

I _still_ think if we get to the right people, we can get them to do
something about it. We just need a way to "tell them".

Tomorrow I'll call Mountainview (but I've been there, done that). The
operator must work on the side for the Gestapo as she'll never give you
anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.

>> 2. Peers
>
> Likely deaf ears and / or don't care.

That's the second shock. I was trying to think logically what the problem
was, assuming it was an accidentally opened window they were climbing in.

But if the window is left open on purpose, then that means the only avenue
left is for each user to filter it out (or for the responsible servers to).

Do I have my understanding correct yet that it's kind of like this?

1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.

Is that kind of how it works?

If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?

>
>> 3. Users
>
> Yep.
>
> Users are left to clean up the mess that others make way too often.

Well. I just did it. I called it stupid. But I have to eat my words.
I thought the right answer was to ask Google to close the window.
Or, worst case, to ask peers to stop peering Google servers.

Now that I'm edified, I still think those are the right answers.
But they'll never happen (based on what folks told me).

So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info

So I picked the Injection info.
Luckily it's easy to do for all people on all newsreaders.

There's even a web site to help them do it.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
--
Usenet is a useful way to meet people who know more than I do.

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

>> And maybe that's what we'll have to do as I don't think I've ever seen a
>> Usenet post from a Google Groups' poster that held any pertinent value.
>
> As I said elsewhere, I've had good conversations with people that post
> to Usenet from Google Groups. It does happen.

I'll ask Andy Burns to post his filters to the thunderbird newsgroup.

Here's a snippet of his conversation earlier today on comp.mobile.android
I have a separate address book called "google whitelist"
I put people in it of I know they're google groups users
I have a message filter that has two rules and two actions
IF "from" ISN'T IN ADDR BOOK "google whitelist"
AND message-id CONTAINS "@googlegroups.com"
THEN mark as read
AND add tag #6
That's thunderbird, I'm sure other clients can do similar

Here's the dejagoogle link to that conversation today:
*fumigation?*
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>
Post:
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/Q6bzV3aKAwAJ>
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/zL-_isyMAwAJ>

Here's a web site trying to do something about it to help users implement
the filter since it's best if one person implements it & the others copy.
<http://twovoyagers.com/improve-usenet.org/index.html>

>
>> But before I do that, I still think there must be a better way, where what
>> some people do on c.m.a is check a whitelist and then plonk if not in it.
>
> How complicated of a filter do you want to set up and maintain?

Well, see above. If we can get one person on each newsreader to post their
"complicated" filter, then everyone benefits. But I get your point.

I, myself... don't feel like _writing_ a complicated filter.
Of course, I'll _implement_ one if someone gives it to me.

Likewise I think with many users.
But I get your point.

I already implemented a blind kill-all filter based on the Injection.

>
>> But that's gonna be newsreader-specific code (unlike procmail was).
>
> Yep.

This site is trying to give newsreader-specific solutions.
<http://twovoyagers.com/improve-usenet.org/index.html>

>> But maybe I can't. I don't know. I'm not all that clever.
>> But I know how to use Telnet so I can try it. Later.
>
> Kudos for speaking NNTP via telnet. :-)

Thanks.

>
>> Even so, any of us can filter it out but the problem is at the
>> peering, so now I understand the suggestion of "de-peering" better!
>
> The problem is Google.

I had trouble believing that. But if they know about it, and don't do
anything about it, then the problem _is_ google, I agree.

They make a newsgroup unusable without filtering them out.

>
> Google is the singular source of the problem of spam from Google Groups.
> The news servers / administrators peered with Google are less of the
> problem. They are simply trying to be a common carrier and carry all
> articles equally.

Yes but. If the peers-with-google dropped their messages, maybe Google
would think twice? Dunno. I'll give Mountainview a call tomorrow.

But last time I called Google to get them to do something was long ago
when I tried to get them to change their dejagoogle URI from this...
<https://groups.google.com/forum/#!forum/newsgroup.name.here>
To this...
<https://groups.google.com/g/newsgroup.name.here>

For example, from this:
<https://groups.google.com/forum/#!forum/news.admin.peering>
<https://groups.google.com/forum/#!forum/news.software.nntp>
<https://groups.google.com/forum/#!forum/comp.mobile.android>

For example, to this:
<https://groups.google.com/g/news.admin.peering>
<https://groups.google.com/g/news.software.nntp>
<https://groups.google.com/g/comp.mobile.android>
etc.

When I created these shortcuts (really long ago for most of them).
<http://tinyurl.com/news-admin-peering>
<http://tinyurl.com/news-software-nntp>
<http://tinyurl.com/comp-mobile-android>
etc.

> The peers aren't the source of the spam.
>
> Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
> with Google".

Well, the solution, as I think everyone agrees, is for Google to do their
job. I'm shocked, actually, that Google allows this. You're not. But I am.

Again, I will call Mountainview and try to get a human (fat chance).
They may give me a way though to file a complaint using my Google Account.
That's how they fixed the Google Maps errors I had told them about.
That took 'em only a month - but I suspect this process will be longer.
If not forever.

>
>> As I said, I'm astounded Google is allowing this to happen when
>> they won't even let me log into my long-time email from the VPN
>> service I've been using for years - but Google is Google after all.
>
> Google has incentive to block you from using a VPN. I can't articulate
> what that incentive is, but I understand that your use of a VPN
> adversely impacts their business model.

Understood. The weird thing though is their coding is so sophomoric that it
even blocks me when I post from a public library to a large group of my
neighbors, but it doesn't block me when I post from home - but get this -
the same account posts to the same neighbors (so it's just bad coding).

>> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
>> is truly coming from Google servers, then that's where the solution lies.
>
> Yep.
>
>> Even Google put his email on a suspension once I wrote a formal
>> letter which included the report to the FBI - but I don't know
>> what happened of it as they told me never to contact him ever.
>
> Sadly, I suspect it's going to take something like a police / FBI report
> to get attention of the people you need.

Yeah. And that took a formal paper letter. They wouldn't accept anything
else but a letter with documentation (which wasn't hard to do but nowadays
we use email for almost everything).

>
>> That was hard enough.
>
> Yep. Getting Google to stop spam that doesn't impact them in a segment
> that they don't make any money from, that will be difficult.
>
> This is especially true if Google is avoiding the backlash of shutting
> down -- what I call -- their Google Groups Usenet gateway.

Well, I'm glad the search engine exists, and I've been a big proponent of
it for many years, as it's much better than some of the others, e.g.,
Narkives:
<https://news.admin.peering.narkive.com>
<https://news.software.nntp.narkive.com>
<https://comp.mobile.narkive.com>
etc.

>
>> It's even worse with Highwinds because I'm sure legitimate posters
>> must use it (do they?). If so, then highwinds can't be de-peered.
>
> HighWinds can be de-peered just like Google can be.

I think it's highwinds and giganews but I don't know much about peering.

>
>> I was hoping it was someone reputable, like Steve or Jesse
>> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
>> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.
>
> If you want to get an individual person to rattle Google's cage, try to
> get someone like Tavis Ormandy of Google's Project Zero.

I don't think they'll ever let me get to a person inside without a person
inside giving me the email, but I will try tomorrow but I don't expect a
miracle.

>
>> Finally after many calls (it's essentially impossible to get someone unless
>> you know someone who knows exactly the someone you need to talk to) I was
>> able to get it fixed, but the elapsed time was months in between.
>
> That was for a broken routing issue.
>
> Now just imagine for something that is working as intended / designed /
> configured.

Yeah. I know. Plus they care about Google Maps being correct.
DejaGoogle they don't (most likely).

>
>> It might even be worse here because at least Google cares about Maps.
>
> Yep.
>
>> Does anyone know of a way to _complain_ about it that exists somewhere?
>
> Nope.

Thanks for being nice to me, especially since I had barged in clueless.
If something comes of my call tomorrow, I'll let you know.
But I don't expect much (and I'm sure you expect even less than I do).
--
The whole point of Usenet is to find people who know more than you do.
And to contribute to the overall tribal knowledge value of the newsgroup.
It's a domino effect where each of us helps the next person in the lineup.

[Tom Furie]

Grant Taylor <gta...@tnetconsulting.net> writes:

> HighWinds can be de-peered just like Google can be.

The follow-on problem there is that in today's world, if your ISP still
offers usenet access, or if you subscribe to a commercial usenet
provider, there's a high probability that what you're connecting with is
in reality nothing more than a front-end to Highwinds/Abavia/Giganews.

At least users of Google Groups *know* they're using Google Groups, even
if they don't understand the distinction between that and usenet.

[Marco Moock]

Am 04.12.2023 um 08:23:15 Uhr schrieb Tom Furie:

> The follow-on problem there is that in today's world, if your ISP
> still offers usenet access, or if you subscribe to a commercial usenet
> provider, there's a high probability that what you're connecting with
> is in reality nothing more than a front-end to
> Highwinds/Abavia/Giganews.

What is the problem here?

[Tom Furie]

Marco Moock <mm+use...@dorfdsl.de> writes:

> What is the problem here?

Unwitting innocents falling foul of the backwash if we get to the point
of feeling the need to shut off from those path components. Not a
significant hurdle, but a factor to be aware of.

Those users likely won't be aware that the server at "news.myisp.com" or
"news.retentionallthewayback.net" or whatever is just one of those bulk
services with a custom facade.

The difference being that Google Groups users know they're using Google
Groups and make the conscious choice as to whether to continue to do so.

[Sn!pe]

Wally J <walte...@invalid.nospam> wrote:

[...]

> As I said, I'm astounded Google is allowing this to happen when
> they won't even let me log into my long-time email from the VPN
> service I've been using for years - but Google is Google after all.

[...]

PMFJI

I successfully use several Gmail accounts with a VPN but I access them
using IMAP with this Mac's native Mail.app. Are you using your browser
and Google's webmail interface? Do you perhaps have a spam-defeating
setting on your VPN? The VPN I use (PIA) has such a setting and it does
make a few websites barf until I switch it off.

--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator.
My pet rock Gordon just said "Klaatu barada nikto."

Google Groups articles not seen here unless poster is whitelisted.

[candycanearter07]

On 12/3/23 23:52, Grant Taylor wrote:
> On 12/3/23 18:07, Wally J wrote:
>> so working backward, the users
>> can all filter on the system "Injection-Info: header" (which
>> moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
>> prevented that (as they should).
>
> I don't know how protected the Injection-Info: header is.  There's a
> good chance that it is as protected as the Path: header.
>

Does that mean they are protected or aren't?

[Tom Furie]

candycanearter07 <n...@thanks.net> writes:

> On 12/3/23 23:52, Grant Taylor wrote:
>> I don't know how protected the Injection-Info: header is.  There's a
>> good chance that it is as protected as the Path: header.
>
> Does that mean they are protected or aren't?

They're non-modifiable by clients.

[Ray Banana]

Thus spake Tom Furie <t...@furie.org.uk>

Unlike the Injection-Info: header, the Path: header must be explicitly
protected by setting strippath to TRUE in readers,conf

,------------------------------------------------------------------------
| strippath
| If set to true, any Path header field provided by a user in a
| post is stripped rather than used as the beginning of the
| Path header field body of the article. This is a boolean
| value and the default is false.
| ^^^^^^
\________________________________________________________________________

man readers.conf (for INN2)

--
Пу́тін — хуйло́
http://www.eternal-september.org

[Grant Taylor]

On 12/4/23 01:02, Wally J wrote:
> OK. Thanks. I apologize for calling folks stupid as even I just now
> implemented regex filters to filter out _all_ Google Usenet posts.

;-)

I absolutely agree that filtering all of Google Groups is
/questionable/. And that news administrators that do so may need to
speak to why they did so. But I maintain that it's their choice to make
how they run their server.

Similarly it's end users choice how they run their news reader.

> It's stupid; but it's the easiest thing to do. I agree. I just did it.
> So call me stupid. I get it now.

I don't think saying that "it's the easiest thing to do" does it justice.

Filtering all of Google Groups is the only thing that I'm aware of that
doesn't miss any spam.

I'd love to learn about another option that doesn't miss the spam while
it does allow the good messages. I keep hoping that someone will
suggest something.

N.B. I don't believe that retroactively removing spam detected after the
fact; e.g. NoCeMs, is viable. -- I applaud people's efforts. But
there are multiple down sides to that system, much of which is people's
ongoing effort / time.

> If people want to post to Usenet, they will just have to know to not use
> Google Groups to do it. That's the result. I'm filtering it now myself.

That is the reality that is forming.

> I apologize it took me this long to understand, but now I agree with all
> the arguments that the news servers can't do much else given the newservers
> they peer with peer with Google, where de-peering isn't as easy as I had
> thought it would be.
>
> It would have to be the news server doing EXACTLY what I just did.
> Drop all messages coming from Google Groups users.
>
> It's too bad _any_ news servers peer with Google then, it seems.

I don't object to the concept of peering with Google, or anyone else,
for that matter. I do object to continuing to peer with an organization
that is clearly a massive source of spam.

> Namely Highwinds and Giganews (but I'm not sure which are the culprits).

Given the nature of Usenet's flood fill methodology, the articles will
eventually make it if there is a path and a receiving news server
doesn't filter them.

> Again, I am sorry I didnt' realize any of this when I had first posted.
> It took me a bunch of articles to get up to speed where I see now why "my"
> solution will have to be to just filter them _all_ out at receipt. Sigh.

I consider that to be learning. You presented valid points / concerns
and you listened to responses. You then came to your own conclusion.
-- I wish a LOT more people would do the same in many aspects of life.

> Luckily it's easy as there are at least three headers which are unique.
> Injection-Info: google-groups.googlegroups.com...
> Message-ID: <...@googlegroups.com>
> User-Agent: G2/1.0

I would discourage filtering on Message-ID: and User-Agent: as I think
that they can much more easily be faked by end users. Maybe I'm wrong.

> BTW, there's a project, I see, that tries to help users filter it all out.
> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Yep. There's lots of effort to clean up the mess that emanates from Google.

> Thanks for your help.

You're welcome.

> My biggest hurdle was that I thought Google wouldn't
> allow it, and that if it happened, they'd put a stop to it pronto.

I've never been a Google fan boy by any stretch of the imagination. But
there was a time when I would have given Google the benefit of the
doubt. That was more like two decades ago. I've seen too much,
experienced too much, hurt too much, cleaned up from too much since then
to do more than keep an open ear / eye.

> I thought it was a fluke.

I wish it was a fluke. Or even a flash in the pan that Google was
/quickly/ reacting to.

> Someone slipping in an accidentally opened window.

Sadly not.

> One that Google would close the moment that they realized it was open.

If only.

> Which is why I thought it more likely it went around Google.

My curmudgeonly experience is that the bigger the institution the slower
that it moves. Leviathan comes to mind.

> But I have to agree with you that it's actually coming from Google.

;-)

> Sigh.

I hoist my beverage in equal dismay at Google's behavior.

> I have friends who had worked there and they're all smart guys who know how
> to code well. They just have to be given the task by Google Management.

Google is now an institution and does what they think is best for them.
The "Don't" sign has fallen over and nobody has bothered to pick up the
mess.

[The Doctor]

In article <ukjucg$slos$1...@paganini.bofh.team>,

Wally J <walte...@invalid.nospam> wrote:
>Grant Taylor <gta...@tnetconsulting.net> wrote
>
>>> Thanks for letting me know I can filter on that line.
>>
>> So ... does this mean that you are starting to think about filtering all
>> messages from Google, at least in the newsgroup that you're interested in?
>
>Well, um, er... it's embarrassing, especially after I said it was stupid to
>just filter out all Google Groups posts, but I've already implemented it.
>
>So can I take my words back now? :)
>I'm surprised you didn't ream me harder. Thanks for being nice about it.
>

I have had enough of GG and unaccountability!

Is that indexed by Google?

>--
>Usenet is a useful way to meet people who know more than I do.

Exactly how I feel.

[The Doctor]

In article <ukk29k$m8d$1...@freeq.furie.org.uk>,

Can we get Highwindsto drop GG like a rock?

[Tom Furie]

doc...@doctor.nl2k.ab.ca (The Doctor) writes:

> Can we get Highwindsto drop GG like a rock?

Unlikely. It seems (hearsay only, I have no direct experience) that
speaking to Highwinds is about as effective as speaking to Google.

[Grant Taylor]

On 12/4/23 01:16, Wally J wrote:
> Well, um, er... it's embarrassing, especially after I said it was stupid to
> just filter out all Google Groups posts, but I've already implemented it.
>
> So can I take my words back now? :)

No. You can't take them back.

But you can learn from them and try to avoid the same mistake in the
future. -- Or so I've been told.

> I'm surprised you didn't ream me harder. Thanks for being nice about it.

Would it have done any good? Would you feel better if I had? I
wouldn't feel better about it.

So ... why put people out if there's no benefit longer than 45 seconds
of me feeling better when venting. ;-)

> Given Google won't even let me log into my own email account on VPN, I
> wasn't prepared when I asked the question for the answer to be that google
> isn't doing a thing about it. It wasn't one of the considerations I had.

I'm genuinely sorry for being party to your experiencing Google falling
off a pedestal. That's never fun and I don't encourage it.

> I _still_ think if we get to the right people, we can get them to do
> something about it. We just need a way to "tell them".

I think it will actually take multiple people. The people to advocate
that there is a problem that needs to be fixed. The people with the
know how to fix the problem. The people to encourage management to
allow the people with the know how to fix the problem. The management
to listen.

> Tomorrow I'll call Mountainview (but I've been there, done that). The
> operator must work on the side for the Gestapo as she'll never give you
> anyone's phone number. But she might give me a "contact" method, which
> likely entails a general Q&A location - but I'll try it nonetheless.

:-/

> That's the second shock. I was trying to think logically what the problem
> was, assuming it was an accidentally opened window they were climbing in.

Sadly nothing as benign as that.

> But if the window is left open on purpose, then that means the only avenue
> left is for each user to filter it out (or for the responsible servers to).

Reluctantly.

> Do I have my understanding correct yet that it's kind of like this?
>
> 1. The spammer logs into google groups and posts mountains of spam.
> 2. Servers just as Giganews & Highwinds peer with Google (I think).
> 3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
> 4. We get the articles from any one of those news servers.
>
> Is that kind of how it works?

Yep.

> If so, then is the culprit first & foremost Google.
> But secondly the servers that peer with Google?

Also true.

Giganews and Highwinds are in a somewhat unique position in that they
can literally de-peer Google as in remove the peering configuration for
Google from their servers.

For the rest of us that don't actually peer with Google, "de-peer"
translates to filter.

> Well. I just did it. I called it stupid. But I have to eat my words.

Trust me when I say that I've had to eat far worse words that I've said
/ typed. -- It's part of why I afford people wider berths when they
may be preparing a foot salad of their own. ;-)

> I thought the right answer was to ask Google to close the window.

I think that it is the most proper / most direct thing to do. Sadly I
think it's the least likely to have any effect.

> Or, worst case, to ask peers to stop peering Google servers.

Sadly, the big peers don't care and are unwilling to take it on the chin
to de-peer Google. After all It's Google, they can do no wrong! <sick>

> Now that I'm edified, I still think those are the right answers.
> But they'll never happen (based on what folks told me).

That seems to be the unpalatable reality.

> So I implemented a complete plonk already.
> I could have picked any of the three headers
> a. Message id
> b. Newsreader
> c. Injection-info

I take it that Path: wasn't an option for you?

I used Path: as cleanfeed on my news server has explicit support for
banning hosts in the Path: header.

> So I picked the Injection info.
> Luckily it's easy to do for all people on all newsreaders.

ACK

> There's even a web site to help them do it.
> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Yep.

[Grant Taylor]

On 12/4/23 01:54, Wally J wrote:
> I'll ask Andy Burns to post his filters to the thunderbird newsgroup.
>
> Here's a snippet of his conversation earlier today on comp.mobile.android
> I have a separate address book called "google whitelist"
> I put people in it of I know they're google groups users
> I have a message filter that has two rules and two actions
> IF "from" ISN'T IN ADDR BOOK "google whitelist"
> AND message-id CONTAINS "@googlegroups.com"
> THEN mark as read
> AND add tag #6
> That's thunderbird, I'm sure other clients can do similar

Kudos for "mark as read" vs "delete".

That has the benefit of the messages being there if you want to go look
for them. Which is exactly why I do that very thing for email filters.

But Usenet is somewhat different, especially filtering server side.

> Well, see above. If we can get one person on each newsreader to post their
> "complicated" filter, then everyone benefits. But I get your point.

I was thinking more server side to catch each type of spam emanating
from Google Groups while still allowing ham through. That's at least
two orders of magnitude more complicated and an ever changing game of
whack-a-mole.

> I, myself... don't feel like _writing_ a complicated filter.
> Of course, I'll _implement_ one if someone gives it to me.

*nod*

> Likewise I think with many users.
> But I get your point.

;-)

> Thanks.

You're welcome.

I'd have to look up NNTP as I don't do it often enough. But I used to
do SMTP / POP3 / IMAP weekly and sometimes daily at ${OLD_JOB}.

I find that I'm now occasionally speaking HTTP via telnet or via
OpenSSL's s_client for TLS.

> I had trouble believing that. But if they know about it, and don't do
> anything about it, then the problem _is_ google, I agree.

I can't "like" this statement, no matter how much I agree with it.

> They make a newsgroup unusable without filtering them out.

#HEAVYsigh

> Yes but. If the peers-with-google dropped their messages, maybe Google
> would think twice? Dunno. I'll give Mountainview a call tomorrow.

I suspect that there are multiple, if not many, in Google that would
think "finally, now we can kill that thing that we've been dragging
forward".

> Well, the solution, as I think everyone agrees, is for Google to do their
> job. I'm shocked, actually, that Google allows this. You're not. But I am.

I want to be clear, I used to be shocked. That was years ago. The
shock wore off. The apathy -- I think that's the word that I want --
remains.

> Again, I will call Mountainview and try to get a human (fat chance).

I suspect that you'll eventually get to a human if you try hard and / or
long enough.

I'll be surprised if that human is anything more than a complaints
department / yes person.

I'll be shocked if any good comes from your efforts. Unless you are the
final straw that breaks the camel's back.

> They may give me a way though to file a complaint using my Google Account.
> That's how they fixed the Google Maps errors I had told them about.
> That took 'em only a month - but I suspect this process will be longer.
> If not forever.
>
>

> Understood. The weird thing though is their coding is so sophomoric that it
> even blocks me when I post from a public library to a large group of my
> neighbors, but it doesn't block me when I post from home - but get this -
> the same account posts to the same neighbors (so it's just bad coding).

"sophomoric" is a good way to describe much of what I experienced.

> Yeah. And that took a formal paper letter. They wouldn't accept anything
> else but a letter with documentation (which wasn't hard to do but nowadays
> we use email for almost everything).

The requirement for paper was probably a very low level gate that blocks
multiple orders of magnitude of complaints that they consider to be noise.

> Well, I'm glad the search engine exists,

Please don't get me started on their search engine.

I have a funny thing wherein I expect words that I search for to be in
the (cached version of) the results page.

I use `grep`, `find.exe`, and the likes frequently.

But I'm also a lay human I can't possibly know what I want to search for
and I must be helped / coddled by the LLM feigning AI. <PROJECTILE VOMIT>

> and I've been a big proponent of
> it for many years, as it's much better than some of the others, e.g.,
> Narkives:
> <https://news.admin.peering.narkive.com>
> <https://news.software.nntp.narkive.com>
> <https://comp.mobile.narkive.com>
> etc.
>

> I think it's highwinds and giganews but I don't know much about peering.
>
>

> I don't think they'll ever let me get to a person inside without a person
> inside giving me the email, but I will try tomorrow but I don't expect a
> miracle.

Tavis O. used to be on the blue bird sight that used to start with a T.
I've not been there in a while and have no idea if he is either.

> Yeah. I know. Plus they care about Google Maps being correct.
> DejaGoogle they don't (most likely).

Sadly.

> Thanks for being nice to me, especially since I had barged in clueless.

Please return the favor to someone else. ;-)

> If something comes of my call tomorrow, I'll let you know.

Please do.

> But I don't expect much (and I'm sure you expect even less than I do).

;-)

[Grant Taylor]

On 12/4/23 02:23, Tom Furie wrote:
> The follow-on problem there is that in today's world, if your ISP still
> offers usenet access, or if you subscribe to a commercial usenet
> provider, there's a high probability that what you're connecting with is
> in reality nothing more than a front-end to Highwinds/Abavia/Giganews.

Agreed.

Though I don't see a problem with that in and of itself. Though if I
were an ISP, I would refer to it as outsourced service for ISP customers.

I don't think there is any shame in an ISP outsourcing some services.
They just need to own it and admit it.

[Grant Taylor]

On 12/4/23 03:08, Tom Furie wrote:
> The difference being that Google Groups users know they're using Google
> Groups and make the conscious choice as to whether to continue to do so.

Except the Google Groups users posting to comp.os.vms aren't posting to
a Google Group, they are posting to Usenet. They are experiencing the
very same thing you're lamenting, just the opposite side of the same coin.

[Tom Furie]

That's fair comment, but they *are* doing it through the Google Groups
interface/infrastructure, and therein lies their choice.

[Tom Furie]

Grant Taylor <gta...@tnetconsulting.net> writes:

> I don't think there is any shame in an ISP outsourcing some
> services. They just need to own it and admit it.

Neither do I, sometimes it's just not cost effective to do everything
in-house. Much better all around to hand said service to someone who
specialises in it and can deliver more effectively/efficiently.

Their owning and admitting to doing so, however, is for the most part a
matter of "if only".

[candycanearter07]

Do you mean the "Don't be evil" sign? They took that down recently.

[candycanearter07]

Yeah, you can't control what Google does to its own server.

[Grant Taylor]

On 12/4/23 12:58, candycanearter07 wrote:
> Do you mean the "Don't be evil" sign? They took that down recently.

Yes, I do.

But no, they didn't take the sing down.

The "be evil" is still there.

They pulled an Office Space patch wherein they fixed the accounting
error but didn't tell ${CHARACTER_WHOS_NAME_I_FORGOT} that he was no
longer employed.



Grant. . . .

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

> N.B. I don't believe that retroactively removing spam detected after the
> fact; e.g. NoCeMs, is viable. -- I applaud people's efforts. But
> there are multiple down sides to that system, much of which is people's
> ongoing effort / time.

Frank Slootweg, whom I think you know of, also suggested that the news
server admins were making use of NoCeMs in this post today on c.m.a.
*Spam floods from Google Groups (was fumigation)* by Frank Slootweg
Message-ID: <ukkvm4...@ID-201911.user.individual.net>
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/997jctDYAwAJ>

Frank pointed the Android users to this FAQ for what servers are doing.
'The NoCeM FAQ' <http://www.cm.org/faq.html>

>> If people want to post to Usenet, they will just have to know to not use
>> Google Groups to do it. That's the result. I'm filtering it now myself.
>
> That is the reality that is forming.

I'd point every user to this page (unless you know of better) who
wants/needs an if-not-whitelist-then-blacklist google groups poster.
*Usenet Improvement Project - Google Groups Filters*
<http://twovoyagers.com/improve-usenet.org/index.html>

I'm all about communicating good things so let me know if you know of a
better page for showing nascent users how to use the google filters.

>> It's too bad _any_ news servers peer with Google then, it seems.
>
> I don't object to the concept of peering with Google, or anyone else,
> for that matter. I do object to continuing to peer with an organization
> that is clearly a massive source of spam.

The only three things I've ever had even a teeny tiny bit of success with
Google on a personal level is Rod Speed's murder email, changing Usenet
URIs to the dejagoogle archives and fixing local Google Maps routing.

But it must be getting worse as I'm on the phone right now after going to
<https://about.google/intl/ALL_us/contact-google/>
And then after calling 650-253-0000 (which is a googleplex automated human)
And which only works "Monday to Friday from 8 am to 5 pm PST" where
you say "It's something else" a few times and then they tell you...
"Continue to hold for the next available Agent"

Guess how long I've been on the phone waiting for a human to pick up?
<https://i.postimg.cc/kgFknPX0/google01.jpg> 650-253-0000 phone call
(It's now well over three hours waiting for Google to pick up the phone.)

Note: I use Google Voice on the iPad because it doesn't create an account
on the mothership whereas GV on Android does create that account (if you
don't have any accounts on Android - which I don't for privacy reasons).

While I was waiting, I went to see if there's a contact on Wikipedia.
<https://en.wikipedia.org/wiki/Google_Groups>
Nothing useful there except the DejaNews history we already know.

Still waiting, I looked up "how to contact google for real"
<https://www.businessinsider.com/guides/tech/how-to-contact-google-support>
But they only said what I knew e.g., "Google doesn't want to talk to you".

Still waiting... I searched s'more and found other garbage such as this.
<https://groups.google.com/g/google-usenet>
Or this "chat support" link:
<https://support.google.com/chatsupport/?hl=en>
But all it has is a single article on "Add a Google Group to a space".

>> Namely Highwinds and Giganews (but I'm not sure which are the culprits).
>
> Given the nature of Usenet's flood fill methodology, the articles will
> eventually make it if there is a path and a receiving news server
> doesn't filter them.

In the past, I was able to get spammers booted off the a.h.r. newsgroup
simply by sending the proof to the respective admins, where Paolo
blacklisted the entire group (which was a bit Draconian if you ask me),
but others like Ray Banana just kicked off the OT spammers themselves.

While Steve Crook, Benjamin Gufler, Roman Racine, Jesse Rehmer, Alex
DeJoode, Steen Jensen (as I recall) and a few other reliable news server
admins responded positively (Ray simply asked for valid proof for example),
I never could get any response from the likes of Giganews, Highwinds, or
Individual.net admins.

While the top level problem lies with Google, I think whomever it was that
said the problem also involves those who peer with Google like those three.

>> Again, I am sorry I didnt' realize any of this when I had first posted.
>> It took me a bunch of articles to get up to speed where I see now why "my"
>> solution will have to be to just filter them _all_ out at receipt. Sigh.
>
> I consider that to be learning. You presented valid points / concerns
> and you listened to responses. You then came to your own conclusion.
> -- I wish a LOT more people would do the same in many aspects of life.

Thanks. I have multiple degrees in varying fields and it's amazing both how
much we know and how much we don't know - such that I'm never embarrassed
to let someone know what I don't know - nor to learn from them what they
do.

> I would discourage filtering on Message-ID: and User-Agent: as I think
> that they can much more easily be faked by end users. Maybe I'm wrong.

Absolutely you are correct. The only two headers that I'm aware of that are
"harder" to spoof are the path (which I tested once with Frank Slootweg to
see what we could inject into the path) and now I foound out the injection
header also.

For the PATH: header, as I recall, long ago (depending on the server) we
could inject stuff into it but at some point we lost control & the news
server took it from here (and yes, I saw Wolfgang Weyand's response about
his warning on the default PATH settings allowing more freedom for that).

>
>> BTW, there's a project, I see, that tries to help users filter it all out.
>> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
>
> Yep. There's lots of effort to clean up the mess that emanates from Google.

Heh heh... you should see how much I have to do on my non-rootable Android
Samsung Galaxy A32-5G just to break free of Google's privacy intrusions!
<https://xdaforums.com/m/galaxya325g.11604613/recent-content>

>> I thought it was a fluke.
>
> I wish it was a fluke. Or even a flash in the pan that Google was
> /quickly/ reacting to.

Well, I was "hoping" I could do something given three times I was able to
get Google to do something - but it's been three hours and they still
haven't picked up the phone - so I may have to give up on this tack.

It has been so long that their "endless loop" of songs finally ran out
at around the 185 minute mark! <https://i.postimg.cc/d388rqkj/google02.jpg>

Bearing in mind that Google Groups isn't "exactly" the same as Google
Usenet is, there is this URL that says it allows you to contact them...
"*Contact Owners and Managers of Google Usenet*"
Google Usenet (google...@googlegroups.com)
<https://groups.google.com/g/google-usenet/about>

There is a settings-gear-icon image at top right, which has the option to:
"Send feedback to Google"
1. Tell us what prompted this feedback.
2. A screenshot will help us better understand your feedback.

Here's a screenshot of that which I recommend others do right now.
<https://i.postimg.cc/k462x02X/spam02.jpg>
Which is based on this URL:
<http://groups.google.com/g/comp.mobile.android>
Which is proof of the inordinate amount of spam making the ng unusable.

You're welcome to refer to that spam shot in your request for Google
Groups Usenet to implement spam filters to make ngs usable again.
--
Usenet is a way to discuss topics with people who know more than I do.

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

>> I _still_ think if we get to the right people, we can get them to do
>> something about it. We just need a way to "tell them".
>
> I think it will actually take multiple people. The people to advocate
> that there is a problem that needs to be fixed. The people with the
> know how to fix the problem. The people to encourage management to
> allow the people with the know how to fix the problem. The management
> to listen.

Well, I was hoping to get a hold of a person at Google to make the starting
case, which I think is obvious with this one screenshot alone.

Site: <http://groups.google.com/g/comp.mobile.android>
Group: comp.mobile.android
Results: <https://i.postimg.cc/6pj29c6f/spam01.jpg>

The argument is Google alone is making that newsgroup unreadable.
Even if we filter it out, the _search engine_ is still almost unusable.

Can you imagine looking for "movie editors" on that Android search engine?
Google is breaking their own search engine (about which they should care).

>> Tomorrow I'll call Mountainview (but I've been there, done that). The
>> operator must work on the side for the Gestapo as she'll never give you
>> anyone's phone number. But she might give me a "contact" method, which
>> likely entails a general Q&A location - but I'll try it nonetheless.
>
> :-/

It's currently 205 minutes and the endless loop of songs ran out around the
185 minute so it's just deadly silence at the moment - don't wish me much.
<https://i.postimg.cc/kgFknPX0/google01.jpg>
<https://i.postimg.cc/d388rqkj/google02.jpg>

Good thing I use Google Voice to call Google in Mountainview so I can use
up some of their own free bits waiting more than three hours for them to
pick up the phone by a human... :)

>> 1. The spammer logs into google groups and posts mountains of spam.
>> 2. Servers just as Giganews & Highwinds peer with Google (I think).
>> 3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
>> 4. We get the articles from any one of those news servers.
>>
>> Is that kind of how it works?
>
> Yep.

Thanks. That pretty much answers my original question, at least at the
level that I can do anything about it after understanding that answer.

>> So I implemented a complete plonk already.
>> I could have picked any of the three headers
>> a. Message id
>> b. Newsreader
>> c. Injection-info
>
> I take it that Path: wasn't an option for you?
>
> I used Path: as cleanfeed on my news server has explicit support for
> banning hosts in the Path: header.

Oh. The path? Yeah. It could be useful too. I didn't even think of that.
Thanks for bringing it up. But I already implemented "injection info".
Plus I have tested the PATH: before with Frank Slootweg.
You can, in some cases, mess with it, even as a non-sophisticated user.

>> If so, then is the culprit first & foremost Google.
>> But secondly the servers that peer with Google?
>
> Also true.
>
> Giganews and Highwinds are in a somewhat unique position in that they
> can literally de-peer Google as in remove the peering configuration for
> Google from their servers.
>
> For the rest of us that don't actually peer with Google, "de-peer"
> translates to filter.

I need to do one more thing which is figure out if it's just giganews and
highwinds or if individual.net is also involved. Now that I've filtered out
the spam, I don't see it and the dejagoogle web archives no longer show the
headers (they used to show them, but not anymore).

So I have the cruelly ironic task of removing my filters in order to figure
out the sum total of peers directly to the google spam.

Do you know, offhand, if individual.net is also one of them?
Is there any way to tell other than to look at the PATH headers again?

>> I thought the right answer was to ask Google to close the window.
>
> I think that it is the most proper / most direct thing to do. Sadly I
> think it's the least likely to have any effect.

Here's what might be nice to communicate to the thousands of users.

Here is where they can complain to the powers that be at Google.
They're welcome to attach as an upload my screenshot from yesterday.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>
And the link from whence it came:
<https://groups.google.com/g/comp.mobile.android>
Because that shows the spam has made even Google's web search unusable.

Here's how to tell Google they need to reduce this spam content:

"*Contact Owners and Managers of Google Usenet*"
Google Usenet (google...@googlegroups.com)
<https://groups.google.com/g/google-usenet/about>

There is a settings-gear-icon image at top right, which has the option to:
"Send feedback to Google"
1. Tell us what prompted this feedback.
2. A screenshot will help us better understand your feedback.

Here's a screenshot of that which I recommend others do right now.
<https://i.postimg.cc/k462x02X/spam02.jpg>

The more people who contact Google, teh better, but like you, I'm at the
point that Google must know about it by now - so maybe they don't care.

But maybe not.
I think it's worth a try for everyone to communicate the problem to them.
That link is the only way I know of at the moment.
As calling them isn't gonna happen (it's 216 minutes and counting).

Which is proof of the inordinate amount of spam making the ng unusable.

--
Posting a question on Usenet is an attempt to learn from others who know
more than you do & then to combine our tribal knowledge for all to benefit.

[Frank Slootweg]

Wally J <walte...@invalid.nospam> wrote:
[...]

> Absolutely you are correct. The only two headers that I'm aware of that are
> "harder" to spoof are the path (which I tested once with Frank Slootweg to
> see what we could inject into the path) and now I foound out the injection
> header also.

For the record, I never "tested" spoofing the PATH header with you,
because - being an ex News admin - I knew the PATH header can't be
'spoofed' (read: preloaded) - by a newsreader user - on a properly
configured News server.

By that time, the News server(s) which *did* allow path preloading had
probably already vanished and if it/they hadn't, I wasn't going to
mention its/their name(s).

> For the PATH: header, as I recall, long ago (depending on the server) we
> could inject stuff into it but at some point we lost control & the news
> server took it from here (and yes, I saw Wolfgang Weyand's response about
> his warning on the default PATH settings allowing more freedom for that).

A warning is always good, but I don't think there's currently any
legit server out there which allows path preloading.

[...]

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

> I'd have to look up NNTP as I don't do it often enough. But I used to
> do SMTP / POP3 / IMAP weekly and sometimes daily at ${OLD_JOB}.

I wrote this up once in a tutorial to help users respond to an old expired
article where all they had was teh message id (in the days when Google's
Dejagoogle search engine provided the headers - which they don't do now).

> I find that I'm now occasionally speaking HTTP via telnet or via
> OpenSSL's s_client for TLS.

I use stunnel quite frequently but telnet with encryption is a hassle
as I really don't understand how to do it except to check Steve Crook's
free-certificate expiry dates. :)

>> Well, I'm glad the search engine exists,
>
> Please don't get me started on their search engine.
>
> I have a funny thing wherein I expect words that I search for to be in
> the (cached version of) the results page.
>
> I use `grep`, `find.exe`, and the likes frequently.

Yup. I use "control F" and then "F3" (and shift F3) a lot when using
the dejagoogle search engine to find things I _know_ are there.

Note: Many articles of long ago said that was a big problem
that the dejagoogle search doesn't even find what is _known_ to exist.
<https://www.vice.com/en/article/jp5a77/google-a-search-company-has-made-its-internet-archive-impossible-to-search>

>> Yes but. If the peers-with-google dropped their messages, maybe Google
>> would think twice? Dunno. I'll give Mountainview a call tomorrow.
>
> I suspect that there are multiple, if not many, in Google that would
> think "finally, now we can kill that thing that we've been dragging
> forward".

Remember when AT&T teamed up with the Cuomo bastard to make excuses for why
they dropped all Usenet services from their cable service about 20 years
ago?

All their excuses were only believed by stupid people.
They dropped it for the reason you said above.

They can't make money off us using it.

>> Again, I will call Mountainview and try to get a human (fat chance).
>
> I suspect that you'll eventually get to a human if you try hard and / or
> long enough.

It's currently 235 minutes and waiting. I don't feel like making more
screenshots to prove what I say as I suspect you believe me on this.

> I'll be surprised if that human is anything more than a complaints
> department / yes person.

I'm hoping I get a contact, just like I did in the past to get some minor
things fixed that they cared about (like map routing & google URIs).

> I'll be shocked if any good comes from your efforts. Unless you are the
> final straw that breaks the camel's back.

I would NOT recommend calling them as I've been on for hours, so the only
thing people _can_ do, I think, is explain the situation over here.
<https://i.postimg.cc/k462x02X/spam02.jpg>

1. Go here <https://groups.google.com/g/google-usenet/about>
2. Press the settings-gear-icon image at top right
3. Select "Send feedback to Google"
a. "Tell us what prompted this feedback."
b. "A screenshot will help us better understand your feedback."
Folks can refer to <https://groups.google.com/g/comp.mobile.android>
And they can use this too <https://i.postimg.cc/6pj29c6f/spam01.jpg>

If a few hundred people did that, "maybe" they'd take notice.
--
Each of us on Usenet has a different use model so we learn from each other.

[Wally J]

Frank Slootweg <th...@ddress.is.invalid> wrote

>> Absolutely you are correct. The only two headers that I'm aware of that are
>> "harder" to spoof are the path (which I tested once with Frank Slootweg to
>> see what we could inject into the path) and now I foound out the injection
>> header also.
>
> For the record, I never "tested" spoofing the PATH header with you,

Depends on how you word that. You vehemently disagreed with what I had
stated, and then I proved to you what was possible. We agreed on that
(which, how could we not - because it _was_ possible at that time).

> because - being an ex News admin - I knew the PATH header can't be
> 'spoofed' (read: preloaded) - by a newsreader user - on a properly
> configured News server.

You don't remember challenging me on my statements to the iKooks that the
header can't be changed, Frank? I do. I very well do. Google it. :)

At that time, what could be changed was stuff could be injected.
But only for some servers.

I proved it to you using nothing more than telnet, at that time as I
recall.

> By that time, the News server(s) which *did* allow path preloading had
> probably already vanished and if it/they hadn't, I wasn't going to
> mention its/their name(s).

You need to search on what we discussed. Let me refresh your memory:
a. An iKook said the headers were inviolable
b. I responded, off the cuff, that they're "all" fungible
c. You disputed that (rightly so) but on the technical merits

We covered this twice, Frank. Once then, and once a few years later.
(You forget I have a good memory - and all this is in the public record.)

What happened, years later, is I brought it up and you again refuted it.

Then I tested it in that rebuttal and that's when I learned what can and
can not be done with the path header, as _every_ other header tested in
that communication was fungible (time, date, newsreader, etc.).

I was able to inject stuff into the path, so I agreed with you that any
header that is not fully controlled by the server, is fungible.

And we left it at that.
If we must, I'll dig up the cite as it was on the comp.mobile.android ng.

Note: Both of us were correct from the beginning even as you knew then more
than I did then and you know now more than I do now about this stuff.

What you objected to was the off-hand colloquial use of "all" when my
explanation was I was explaining things to an iKook who didn't have the
capacity to understand it at the level of detail that you do.

>> For the PATH: header, as I recall, long ago (depending on the server) we
>> could inject stuff into it but at some point we lost control & the news
>> server took it from here (and yes, I saw Wolfgang Weyand's response about
>> his warning on the default PATH settings allowing more freedom for that).
>
> A warning is always good, but I don't think there's currently any
> legit server out there which allows path preloading.

Probably true, as I'm well aware you use to run an nntp server as I recall,
so I'll accept what you say as probable fact as I've done my path header
testing at the time we last discussed it long ago.
--
Sensible people will agree with anyone who says something logically sound.

[The Doctor]

In article <ukl1rj$4pj$1...@freeq.furie.org.uk>,

sick!

[Frank Slootweg]

Wally J <walte...@invalid.nospam> wrote:

[Much deleted.]

> What happened, years later, is I brought it up and you again refuted it.
>
> Then I tested it in that rebuttal and that's when I learned what can and
> can not be done with the path header, as _every_ other header tested in
> that communication was fungible (time, date, newsreader, etc.).
>
> I was able to inject stuff into the path, so I agreed with you that any
> header that is not fully controlled by the server, is fungible.
>
> And we left it at that.

Duh! The *point* is that - on a properly configured server - the PATH
header *is* "fully controlled by the server", so it's *not* "fungible".

So as usual a lot of talk, without specifics, let alone proof.

As I said, *some* rogue server(s) allowed preloading the path, so
obviously on that/those server(s) one was "able to inject stuff into the
path". But on a legit server, this was and is not possible.

> If we must, I'll dig up the cite as it was on the comp.mobile.android ng.

Don't "dig up the cite", because that will be only more talk and no
proof, but post a cite which proves you "injected stuff into the path"
of a *legit* server *and* give the Message-ID of that cite.

[...]

[Adam H. Kerman]

Frank Slootweg <th...@ddress.is.invalid> wrote:
>Wally J <walte...@invalid.nospam> wrote:

>[Much deleted.]

>>What happened, years later, is I brought it up and you again refuted it.

>>Then I tested it in that rebuttal and that's when I learned what can and
>>can not be done with the path header, as _every_ other header tested in
>>that communication was fungible (time, date, newsreader, etc.).

>>I was able to inject stuff into the path, so I agreed with you that any
>>header that is not fully controlled by the server, is fungible.

>>And we left it at that.

> Duh! The *point* is that - on a properly configured server - the PATH
>header *is* "fully controlled by the server", so it's *not* "fungible".

> So as usual a lot of talk, without specifics, let alone proof.

> As I said, *some* rogue server(s) allowed preloading the path, so
>obviously on that/those server(s) one was "able to inject stuff into the
>path". But on a legit server, this was and is not possible.

Eyeballing, it's usually obvious what the preloaded portion of the Path
is.

>[...]

[Wally J]

Frank Slootweg <th...@ddress.is.invalid> wrote

> Duh! The *point* is that - on a properly configured server - the PATH
> header *is* "fully controlled by the server", so it's *not* "fungible".

As I said, I'll defer to your knowledge, Frank. Otherwise I have to dig up
the cites but all I want you to do is agree that we discussed this twice.

Now three times.

> So as usual a lot of talk, without specifics, let alone proof.

I'm deferring to you, Frank. I'm not disputing you. I'm only disputing your
comments that we didn't discuss this in the past (twice) - that's all.

> As I said, *some* rogue server(s) allowed preloading the path, so
> obviously on that/those server(s) one was "able to inject stuff into the
> path". But on a legit server, this was and is not possible.

Again (and again and again), I'm agreeing with you Frank.
I never dispute facts. Only fools do that (that's why they're fools).

The only thing I disputed was your statement that we never covered this.
We did. Twice. Now three times.

That's all.

>> If we must, I'll dig up the cite as it was on the comp.mobile.android ng.
>
> Don't "dig up the cite", because that will be only more talk and no
> proof, but post a cite which proves you "injected stuff into the path"
> of a *legit* server *and* give the Message-ID of that cite.

Frank, I'm one of the most logical and sensible people you'll ever have the
pleasure of speaking with anywhere - not just on Usenet - but anywhere.

I look at facts and I assess those facts.
Empirically I test some of the facts.

My assessments are based on the facts.
I rarely guess.

I wouldn't have multiple graduate degrees, Frank, if I always guessed.
You can't pass those science & engineering tests by mere guessing, Frank.

My conclusions are always sound as long as the facts they're based on are.
And I'm not disagreeing with any fact you've presented other than the fact
that we discussed this problem in the past - twice - and now three times.

In _my_ tests, long ago (and one this week) many parts of the header were
fungible (which is why I told the moronic iKooks that the headers were not
inviolate and which is what you originally disputed (rightly so since
_some_ headers are inviolate but it was an off-the-cuff response to a moron
who wouldn't know a PATH: header from an Injection-Info: header.

Suffice to say I agree with you fully that it's a waste of time to even try
to spoof teh PATH: or Injection-Info: for someone like me who has no great
skills other than I can spoof the easy-to-spoof headers on most servers.

What are the easy-to-spoof headers on most nntp servers?

In my experience what the user can specify is usually something like
The subject
The references list
The time zone
The user agent (or newsreader)
The mime version
The character encoding
The message id
The from
The content type
Most X headers
XFaces

That's all I can think of, offhand, but notice I didn't put the path in
that since it shouldn't be fungible for a reasonably well set up server.
--
Logically sensible people base their assessments on facts.

[D]

probably a dumb question, but could a rogue server make article path
headers appear to be downstream from "googlegroups" as the beginning
in a path, when in fact it might not be, but was somehow modified in
order to hide the actual source, e.g. this hypothetical path example:

path: properly.configured.server!...improperly.configured.server!...googlegroups.com

[Grant Taylor]

On 12/5/23 23:31, D wrote:
> probably a dumb question, but could a rogue server make article path
> headers appear to be downstream from "googlegroups" as the beginning
> in a path, when in fact it might not be, but was somehow modified in
> order to hide the actual source, e.g. this hypothetical path example:

I think that a rogue server that peers with other servers would be
allowed to present anything that the rogue server wanted to in the articles.

Well, save for things that the receiving server would (should) reject;
e.g. anything pretending to be the receiving server.

That being said, I don't think that this is very likely as I suspect it
would be a matter of (short amount of) time before this was detected and
UDP applied to said rogue server.



Grant. . . .

[Frank Slootweg]

Wally J <walte...@invalid.nospam> wrote:
> Frank Slootweg <th...@ddress.is.invalid> wrote
>
> > Duh! The *point* is that - on a properly configured server - the PATH
> > header *is* "fully controlled by the server", so it's *not* "fungible".
>
> As I said, I'll defer to your knowledge, Frank. Otherwise I have to dig up
> the cites but all I want you to do is agree that we discussed this twice.
>
> Now three times.

You didn't say we discussed this - which indeed we did - but said we
*tested* this:

<WJ>

Absolutely you are correct. The only two headers that I'm aware of that are
"harder" to spoof are the path (which I tested once with Frank Slootweg to
see what we could inject into the path) and now I foound out the injection
header also.

</WJ>

I objected to *that*, hence I wrote:

<FS>

For the record, I never "tested" spoofing the PATH header with you,

because - being an ex News admin - I knew the PATH header can't be

'spoofed' (read: preloaded) - by a newsreader user - on a properly
configured News server.
</FS>

[...]

> Frank, I'm one of the most logical and sensible people you'll ever have the
> pleasure of speaking with anywhere - not just on Usenet - but anywhere.
>
> I look at facts and I assess those facts.
> Empirically I test some of the facts.
>
> My assessments are based on the facts.
> I rarely guess.

Well, you did this time [1]. Guessing what you wrote, instead of
knowing/checking what you actually wrote, despite my clue-by-four.

EOD.

[...]

[1] Not that it's the only time, far from it.

[Ted Heise]

On 6 Dec 2023 09:41:51 GMT,

Piping up with some trepidation, but feel a need to point out it
may depend on how one interprets "which I tested once with Frank
Slootweg." Wally did say *he* tested it, and the "with" part is
perhaps ambiguous. For example, it could mean "taking into
account input from discussions with Frank." Of course, it could
also mean the testing was done with Frank, which seems to be not
the case.

Ted out.

--
Ted Heise <the...@panix.com> West Lafayette, IN, USA

[Frank Slootweg]

Yes, I know what he wrote was ambiguous (and I'm sure purposely so),
that's why I removed the ambiguity with my "For the record, I never
"tested" ..." response. But he didn't get that (or rather he chose not
to get it).

> Ted out.

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

I agree with everything said above, based on an assessment of the facts.
I'm ignorant. But logical. And sensible.

I don't speak nntp as well as those here, but I would also think that a
rogue server could present anything it wants to present, which is why I
originally had "assumed" this spam wasn't coming from Google's servers.

Of course, someone has to peer it, for us to end up seeing it, but notice
that Google's own DejaGoogle Usenet portal is showing that same spam.
<https://i.postimg.cc/fyCXPjpR/Google-Groups-Usenet-Portal-spam-20231206-730am.jpg>

That fact "implies" that Google is indeed the source of this spam
(since we could "logically assume" that Google users their own servers
for the DejaNews DejaGoogle portal from Google Groups to Usenet).

BTW, I entreaty everyone here to spend a minute to complain to Google:
<https://groups.google.com/g/google-usenet/about>
This is what that interface initially looks like:
<https://i.postimg.cc/3JzWxG3f/please-do-this.jpg>

Then you get the option to send the owners of Google Usenet a complaint.
<https://i.postimg.cc/mgt9kRxV/googlebug3.jpg>

More detailed instructions here:
*Please complain to Google about their spamming of Usenet*
<https://groups.google.com/g/news.admin.peering/c/xxniDVj3ArI>
<https://groups.google.com/g/news.admin.net-abuse.usenet/c/fr5MQcarCMM>
<https://groups.google.com/g/comp.mobile.android/c/hO4JNke1bNc>
--
Together, maybe, just maybe, perhaps we can get someone at Google to care.

[Patrick]

On 6/12/2023, Wally J wrote:
> Of course, someone has to peer it, for us to end up seeing it

The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.

[Wally J]

Frank Slootweg <th...@ddress.is.invalid> wrote

Jesus Christ Frank, you can exasperate even me, and I'm the one who waited
five hours for Google to pick up the phone so it's not easy to fluster me.

Does _every_ post have to be vetted by your lawyer before you accept
that Usenet is a colloquial medium - and not peer-reviewed research?

Please send me the email of your lawyer so he can vet this next post.

A. First, I had responded to an iKook who claimed the newsreader
header was inviolable, and Frank vehemently and repeatedly
disputed that the headers could be munged at all.
B. Then I patiently explained (multiple times) to Frank that
speaking to an ignorant iKook is different than speaking with him.
C. Frank _still_ disputed the facts (as Frank is want to do)...
D. So I again patiently explained to Frank by showing him my tests.

Now we have to deal with this again?
And again?
And again?

Jesus Christ Frank.

Please send me your mom's email so that she can vet this post
to your liking as it still probably isn't explicit enough for you.

I had already written the below response up before I saw this crap.

Frank Slootweg <th...@ddress.is.invalid> wrote

> Well, you did this time [1]. Guessing what you wrote, instead of
> knowing/checking what you actually wrote, despite my clue-by-four.

OK. I admit you didn't test anything. You never do.
You simply disputed everything. You always do.

So is _this summary_ precise enough yet for you Frank?
a. I tested it.
b. We discussed those tests.
c. Three times now.

Is _that_ precise enough of a summary for you, Frank?
--
Let's write down this message-ID so that the next time you dispute every
word said because it's not precise enough for you, we'll have it handy.

[The Doctor]

And Giganews as well!

[Grant Taylor]

On 12/6/23 12:09, Patrick wrote:
> The news.dizum.net admin is peering all of that Google spam.
> Whoever that server admin is, he needs to get a knock at his door.

Remember, the choice to carry a feed or not is up to each news server
administrator.

This applies to all server administrators.

If one server administrator wants to carry news from a spammy source,
that's their prerogative just like it's other news administrators
prerogative if they want to carry news from the previous news administrator.

I find it entertaining how quickly I've seen things progress along the
line from "YOU CAN'T FILTER" to "complain to the admin that isn't
filtering (Google)".

[D]

On Wed, 6 Dec 2023 18:27:54 -0000 (UTC), doc...@doctor.nl2k.ab.ca (The Doctor) wrote:
>In article <ukqdcg$3ev56$1...@novabbs.org>, Patrick <pat...@oleary.com> wrote:
>>On 6/12/2023, Wally J wrote:
>>> Of course, someone has to peer it, for us to end up seeing it
>>
>>The news.dizum.net admin is peering all of that Google spam.
>>Whoever that server admin is, he needs to get a knock at his door.
>
>And Giganews as well!

as for the living legend . . . they better watch out for his cat!
https://dizum.com/

[Frank Slootweg]

Disclaimer: My apologies to the rest of the audience. I'll try to keep
it short, but this personal abuse has to be dealt with.

Wally J <walte...@invalid.nospam> wrote:
[...]

> Does _every_ post have to be vetted by your lawyer before you accept
> that Usenet is a colloquial medium - and not peer-reviewed research?

Yes, Usenet is a colloquial medium. That's why if someone posts
something which isn't quite correct, another poster can clarify/correct
and we all live happily ever after.

*Except* when the first poster is 'Arlen Holder' (or any other of his
eighty or so nyms) who can't handle being corrected, gets his knickers
in a twist and gets into an endless beating around the bush routine.

> Please send me the email of your lawyer so he can vet this next post.
>
> A. First, I had responded to an iKook who claimed the newsreader
> header was inviolable, and Frank vehemently and repeatedly
> disputed that the headers could be munged at all.

And there you fsck up *again*! (Of course) I did no such thing. So you
might as well quit while you're behind.

Do us all a favour: Don't ruin this newsgroup with your nonsensical
rants, like you've done - and are still doing - with so many other
groups.

[Rest of rant deleted.]

[Don]

Yes! ROTFL.

dizum has an anonymity agenda. Although YMMV, an excerpt of pertinent
dizum headers tells /me/ everything there is to know about dizum:

Path: sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
Injection-Info: sewer.dizum.com

Besides dizum, many other news hosts also peer with google-groups.

###

On another note, a change in my own news host's pseudo peers now
provides a proper Path: to implement Stéphane's suggestion:

$BADPATHS=google-groups.googlegroups.com
ME/$BADPATHS:::

Danke,

--
Don, KB7RPU, https://www.qsl.net/kb7rpu
There was a young lady named Bright Whose speed was far faster than light;
She set out one day In a relative way And returned on the previous night.

[Wally J]

Frank Slootweg <th...@ddress.is.invalid> wrote

> who can't handle being corrected

Frank

I'm going to write this to you as if you own adult comprehensive skills.

ACTION FOR FRANK:
1. First, read your own posts in this thread.
2. Then, read mine.

HINT #1:
a. I was corrected numerous times, Frank, e.g., by Grant Taylor.
b. And I took that correction like an adult should, Frank, now didn't I?

HINT #2:
A. You repeatedly ascribed ill intent on my part in your posts, Frank.
B. And then you bring up unrelated privacy issues you don't understand.

REQUEST FOR FRANK:
Act like an adult would, for once, Frank.

ADULT LOGIC:
Yes, Usenet is colloquial.
But don't use that as your paramount excuse to accuse others of ill intent.

In summary, if you can't comprehend what I'm proving to you, then I gave
you far too much credit already for being intelligent enough to do so.

Let's stop this childish idiocy of yours you always foment, Frank.
Please.
--
Usenet is water under the bridge, Frank.
Act civilly to me and I'll respond in kind.

[Grant Taylor]

On 12/6/23 14:38, Wally J wrote:
> a. I was corrected numerous times, Frank, e.g., by Grant Taylor.

Hey now, don't bring me into this. I have a reputation to hold down.

[Sn!pe]

Wally J <walte...@invalid.nospam> wrote:

> Frank Slootweg <th...@ddress.is.invalid> wrote
>
> > who can't handle being corrected
>
> Frank
>
> I'm going to write this to you as if you own adult comprehensive skills.
>

> ACTION FOR FRANK: [deleted to end]
>

I have observed, Wally, that IMO you are very repetitive. You have told
us that you are senior in both years and achievements and your opinions
should be given fair hearing. I can respect that and I think you have
been accorded that privilege by your peers. However, your readers have
only your word for your status.

Your demeanour might equally well be trolling. You exhibit similar
traits to a notorious troll. I hope that is not the case.

--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator.
My pet rock Gordon just said "Don't Be Evil!"

Google Groups articles are not seen here unless poster is whitelisted.

[Wally J]

Sn!pe <snip...@gmail.com> wrote

> I can respect that

Your OT trolling (& personal attacks) attempting to derail this thread are
duly noted; but what you should be respecting is the topic of this thread.

Who do you think is peering all these spams coming out of Google?
We've noted giganews, individual and highwinds so far, but there are more.

Who else have you found to be peering spam emanating from Google groups?

And what do you think the best solution might be to protect the fragile
deja google search engine (which is very useful for millions of lookups)?

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

>> a. I was corrected numerous times, Frank, e.g., by Grant Taylor.
>
> Hey now, don't bring me into this. I have a reputation to hold down.

The point was Frank accused me of something that simply isn't the case.

I know you're joking above but the moment Frank Slootweg starts trolling a
thread with his personal attacks claiming that colloquial speech is ill
intended, the thread gets derailed to whatever Frank wants it to become.

This thread is about peering.
Not about Frank.

Despite that, Frank wants this thread to be all about him - and he's told
us that numerous times - but what I'll do in this thread moving forward to
prevent Frank's attacks is ignore Frank's purposefully off topic trolling.

Frank - *I will only respond to you if you can stay on topic please.*

[Sn!pe]

IMO the DejaNews archive is so debased that it's next to useless.

I take a simple approach to Googlespam - I mark all GG posts as
read unless I have the poster whitelisted. Life is too short to
play whack-a-mole.

I'm sorry if you perceive my respectful comments (which you have
declined to quote) as abusive. I assure you that I am not trolling.
I had a comment to make, I made it, and now I am perfectly content
to disengage. Feel free to have the last word, Wally.

[The Doctor]

In article <1qld835.q80bavucvhs1N%snip...@gmail.com>,

Sn!pe <snip...@gmail.com> wrote:
>Wally J <walte...@invalid.nospam> wrote:
>
>> Sn!pe <snip...@gmail.com> wrote
>>
>> > I can respect that
>> >
>>
>> Your OT trolling (& personal attacks) attempting to derail this thread are
>> duly noted; but what you should be respecting is the topic of this thread.
>>
>> Who do you think is peering all these spams coming out of Google?
>> We've noted giganews, individual and highwinds so far, but there are more.
>>
>> Who else have you found to be peering spam emanating from Google groups?
>>
>> And what do you think the best solution might be to protect the fragile
>> deja google search engine (which is very useful for millions of lookups)?
>>
>
>IMO the DejaNews archive is so debased that it's next to useless.
>

Thank you Google for that!

>I take a simple approach to Googlespam - I mark all GG posts as
>read unless I have the poster whitelisted. Life is too short to
>play whack-a-mole.
>
>I'm sorry if you perceive my respectful comments (which you have
>declined to quote) as abusive. I assure you that I am not trolling.
>I had a comment to make, I made it, and now I am perfectly content
>to disengage. Feel free to have the last word, Wally.
>

I wonder if a class action lawsuit against Google would get their attentino.

>--
>^Ï^. Sn!pe, PA, FIBS - Professional Crastinator.
> My pet rock Gordon just said "Don't Be Evil!"
>
> Google Groups articles are not seen here unless poster is whitelisted.

[Grant Taylor]

On 12/7/23 06:20, The Doctor wrote:
> I wonder if a class action lawsuit against Google would get their attentino.

I'm quite certain that it would get the lawyercats attention.

I don't know what the result of that attention would be. I think it's a
three way split between more of what they are doing now (marking some
groups read-only), actually fixing the spam (to a very large degree), or
termination of the Google Groups Usenet gateway.

[The Doctor]

In article <uksomj$ugp$1...@tncsrv09.home.tnetconsulting.net>,

So a win for the complainant.

>
>
>--
>Grant. . . .
>

[Don]

There's one more thing - dizum is a remailer. And, although it offers a
mail2news gateway, it is not a news host.

[Don]

D wrote:
> Don wrote:
>>Don wrote:

<snip>

>>> dizum has an anonymity agenda. Although YMMV, an excerpt of pertinent
>>> dizum headers tells /me/ everything there is to know about dizum:
>>> Path: sewer!news.dizum.net!not-for-mail
>>> Organization: dizum.com - The Internet Problem Provider
>>> Injection-Info: sewer.dizum.com
>>> Besides dizum, many other news hosts also peer with google-groups.

<snip>

>>>There's one more thing - dizum is a remailer. And, although it offers a
>>mail2news gateway, it is not a news host.
>

> news.dizum.net

Bless you for setting me straight! It makes me very happy to discover the
dizum newshost. It will be immediately put to good use.

news.admin.peering re-added to header in case anyone encounters my bad
info in the group at a later date.

[Wally J]

Don <g...@crcomp.net> wrote

> Bless you for setting me straight! It makes me very happy to discover the
> dizum newshost. It will be immediately put to good use.
>
> news.admin.peering re-added to header in case anyone encounters my bad
> info in the group at a later date.

I happen to use a different news host for each newsgroup (for privacy
reasons, that's why) where I just checked & dizum today is 95.5% Google
spam (1687 new articles, 9 of which made it past my google spam filter).

[Wally J]

Wally J <walte...@invalid.nospam> wrote

> I just checked & dizum today is 95.5% Google
> spam (1687 new articles, 9 of which made it past my google spam filter).

BTW, here's a re-post of what was just posted to the Android newsgroup.
It discusses that articles are pulled and then the filters are run.
In the case of the Android newsgroup today, 95.5% of it is now spam.

======< this is a re-post of that article just now on c.m.a >======


>>>>>> On 2023-12-06 21:22, micky wrote:
>>>>>>> Wow, just now 25 real posts and 2600 spam. Thank goodness for filters.
>>>>>>
>>>>>> Where? I only saw one or two, in this group at least.
>>>>>
>>>>> Don't you understand how it works?
>>>>> It depends whether your service provider is filtering or not.
>>>>>
>>>>> My goodness, Carlos!
>>>>
>>>> Do you really think I didn't know?
>>>>
>>>> You are a fun spoiler.
>>>
>>> On News.Individual.Net there are big holes in the article number
>>> ranges, i.e. where the spam articles were before they got (locally)
>>> canceled.
>>>
>>> For safety reasons, I pull only 50 articles at a time, but because of
>>> the holes, each pull actually pulls only a few or no articles.
>>>
>>> Because today my own posts from yesterday appeared, I found out that
>>> my pulls have a backlog of some 2000 (mostly non-existing) articles.
>>>
>>> So if I'm slow in responding, you know why! :-) Just blame Google
>>> (Groups).
>>
>> Two or three times, start of day, machine booted or coming from
>> suspend/hibernation, Thunderbird asks for permission to download 3000
>> headers. But then just a few actually show up.
>>
>> Maybe TB is just looking at the index number, and as you say, there are
>> holes.

Frank Slootweg <th...@ddress.is.invalid> wrote

> Trying to load 3000 articles is probably enough. Over the past few
> days, I've seen article number deltas of some 2000 per day.

I thank Carlos & Frank for their civil discussion of what's going on.
We can all learn from Frank's assessment of the nntp server facts.

> A newsreader can only ask for headers by article numbers, because
> while it does know past article numbers (and so can ask for the next
> ones), it does not know the message-ids of the next ones (because the
> message-ids are in the headers which it still has to fetch).
>
> So the newsreader only gets the headers for the articles which
> actually exist, not for the (spam) articles which have been (locally)
> canceled by the news server.
>
> So your 3000 headers at a time works for you.

I have my scripts set to download all available headers, which is likely
why I've been noticing slowdowns when only 10 headers show up but it seems
like it's taking the time to download thousands of headers instead.

Thanks for assessing the facts which I have been seeing on my end.

> I OTOH have to do it bit by bit, because my local news server
> (Hamster) does the fetching of headers and articles and I do not want to
> risk loading *other* (than this GG) 'spam', because I keep my groups
> 'forever' (currently upto some 20 years) and Hamster has no way of
> deleting (local cancel) already received articles, so this spam would
> forever pollute my local news server (and hence its disk space, backup,
> etc.).

I use a variety of news servers where I looked into my log file and it
seems the incoming server I used for Android just got almost 1,700 headers.

Only 9 of which showed up after my kill-all-google-spam filters kicked in.
That's about 1/2 of 1% of the messages are real messages. 99.5% are spam.

[Wally J]

The Doctor <doc...@doctor.nl2k.ab.ca> wrote

>>I don't know what the result of that attention would be. I think it's a
>>three way split between more of what they are doing now (marking some
>>groups read-only), actually fixing the spam (to a very large degree), or
>>termination of the Google Groups Usenet gateway.
>>
>
> So a win for the complainant.

It seems pretty clear now, even as it wasn't at all clear to me in the
beginning that what you guys knew is most likely the situation here.

1. Google is (knowingly?) allowing their users to create this spam
2. Google doesn't seem to care some newsgroups are now 95.5% spam
3. People can complain to the Google Groups Usenet portal if they like
<https://groups.google.com/g/google-usenet/about>
4. But that's about it for what you can realistically do with Google
(don't even think about calling them at 650-253-0000 as I've tried)
5. The suggestion of "de-peering" needs to be directed to some servers
(most notably which seem to be highwinds, giganews & individual)

If someone can post the 'de-peering' contacts for those three servers,
then maybe we can send them a message letting them know of the problem.
--
"*Contact Owners and Managers of Google Usenet*"
Google Usenet (google...@googlegroups.com)
<https://groups.google.com/g/google-usenet/about>

[The Doctor]

In article <ul079r$2311s$1...@paganini.bofh.team>,

Wally J <walte...@invalid.nospam> wrote:
>The Doctor <doc...@doctor.nl2k.ab.ca> wrote
>
>>>I don't know what the result of that attention would be. I think it's a
>>>three way split between more of what they are doing now (marking some
>>>groups read-only), actually fixing the spam (to a very large degree), or
>>>termination of the Google Groups Usenet gateway.
>>>
>>
>> So a win for the complainant.
>
>It seems pretty clear now, even as it wasn't at all clear to me in the
>beginning that what you guys knew is most likely the situation here.
>
>1. Google is (knowingly?) allowing their users to create this spam
>2. Google doesn't seem to care some newsgroups are now 95.5% spam
>3. People can complain to the Google Groups Usenet portal if they like
> <https://groups.google.com/g/google-usenet/about>
>4. But that's about it for what you can realistically do with Google
> (don't even think about calling them at 650-253-0000 as I've tried)
>5. The suggestion of "de-peering" needs to be directed to some servers
> (most notably which seem to be highwinds, giganews & individual)
>
>If someone can post the 'de-peering' contacts for those three servers,
>then maybe we can send them a message letting them know of the problem.

That would be one way.

giganews is one peer.

>--
> "*Contact Owners and Managers of Google Usenet*"
> Google Usenet (google...@googlegroups.com)
> <https://groups.google.com/g/google-usenet/about>

[Heiko Schlichting]

Wally J <walte...@invalid.nospam> wrote:
> 5. The suggestion of "de-peering" needs to be directed to some servers
> (most notably which seem to be highwinds, giganews & individual)
>
> If someone can post the 'de-peering' contacts for those three servers,
> then maybe we can send them a message letting them know of the problem.

We follow the discussion here and are aware of the Google spam problem. We
also have some anti-spam measures for our reader servers. But it is really
easy to find our contact address (ne...@individual.net) on
https://news.individual.net/

In the past, issuing a UDP¹ has often not been particularly successful.

Heiko (for Newsmaster-Team of individual.net)

¹ https://en.wikipedia.org/wiki/Usenet_Death_Penalty

[Wally J]

badgolferman <REMOVETHISb...@gmail.com> wrote

> Have you ever gotten any response from Google when contacting them for
> support? I certainly haven't.

Hi badgolferman,
I appreciate your adult request for my experience, since most people don't
have the capability nor desire to help everyone when contacting Google.

The problem hits people in many ways, most of whom don't realize this
because most posters to this child-like Apple newsgroup don't search before
they post a question - so they always start off from a point of ignorance.

Here are just some ways that the rampant 99.5% spam is causing for users:
A. The dejanews/dejagoogle search engine usefulness is almost nullified
B. Innocent news server admins have to deal with de-peering Google spam
C. All of us take a hit when our new server engines filter out 99.5% spam
etc.

Note that the child-like Apple iKooks have no comprehension of the global
problem set simply by them setting a filter to filter out google groups.

On this child-like Apple newsgroup, there's no hope to get a useful action
from iKooks like Alan Baker, Alan Browne, Jolly Roger, Joerg Lorenz, et al.

To answer your question, yes. I have been very successful with Google.
Three times, in fact.
All from either a phone or a web page.

1. Google changed the routing for a private road near where I live.
2. Google simplified the dejagoogle Usenet archive's URI for me
3. Google said they'd investigate Rod Speed's murder solicitation
(which he solicited on Usenet saying his GMail address is valid)

I explained those many times in the past, so above is merely summarized.

I appreciate that you ask if Google responds as there are two kinds of
people on this newsgroup - one of which is purposefully helpful people.

I put you and me in that category.
The iKooks are, by way of stark contrast, _never_ purposefully helpful.

They're the antithesis of me, which is why I despise their very existence.

They wouldn't stick out a finger to help anyone - and - in fact - they'd go
well out of their way to make life miserable for any innocent poster here.

In _that_ respect, I'm glad Lewis & Snit & Rod Speed & nospam are gone.

> As for Google Groups spam, I have found that Eternal-September does a
> decent job of filtering it out.

Eternal September has been one of the better news servers, it seems.

I authored what turned out to be a very informative discussion on the
peering newsgroup, which explain all about the peering issue you speak of.
*Who is peering all these spams ostensibly from Google Groups?*
<https://groups.google.com/g/news.admin.peering/c/AgrNUeZuAkw>

Ray Bananna (Wolfgang Weygan), who is the Eternal-September admin,
responded in that thread (and in many others that I'm aware of).

The bad news servers, apparently, are these three, in order (AFAIK):
1. Highwinds
2. Giganews
3. Individual

But I could be wrong on that as I don't know nntp like Frank Slootweg does.

> However since I compile the monthly
> newsgroup stats I also have an account on a new server which doesn't filter
> out anything and that's the one I use for the stats.

The spam is really terrible - about 99.5% spam on the Android newsgroup.
<https://groups.google.com/g/comp.mobile.android>

> A few weeks ago I had to provide the address of some legitimate Google
> Groups users from another newsgroup who were being blocked by
> Eternal-September. The administrator whitelisted them within a day. Try
> that with Google support...

These three news server admins are, in a word, complete assholes.
1. Highwinds
2. Giganews
3. Individual

However, the news server admins you're speaking about, are not.

In addition to Ray Banana (of eternal september), I too have been very
successful with working with the admins of many nntp servers, such as Paolo
Amaroso (who poisoned alt.home.repair due to the spams from Dean Hoffman,
for example) and from Steve Crook (of mixmin) and from Alex de Jood (of
dizum) and from Ivo Gandolfo (of paganini) and from Roman Racine (albasani)
and from Benjamin Gufler (at Solani) and from Jesse Rehmer (blueworld) and
from Steen Jensen (sunsite) and from Alexander Samoylyk (eponymous), etc.
(all those are offhand AFAIR).

But as you know, Google is different. I tried calling them just this week.
<https://i.postimg.cc/d388rqkj/google02.jpg> (Google at the 3-hour point)

In summary, you can ask for advice on what to do with these newsgroups:
<https://groups.google.com/g/news.admin.peering/>
<https://groups.google.com/g/news.software.nntp>
<https://groups.google.com/g/news.admin.net-abuse.usenet>

Given on this newsgroup the purposefully unhelpful iKooks can't be relied
upon to do anything for anyone, the few remaining adults could do this:
<https://groups.google.com/g/news.admin.peering/c/xxniDVj3ArI/>
--
Getting something done for everyone requires a heart for useful purposes.

[Wally J]

Heiko Schlichting <he...@cis.fu-berlin.de> wrote

> Wally J <walte...@invalid.nospam> wrote:
>> 5. The suggestion of "de-peering" needs to be directed to some servers
>> (most notably which seem to be highwinds, giganews & individual)
>>
>> If someone can post the 'de-peering' contacts for those three servers,
>> then maybe we can send them a message letting them know of the problem.
>
> We follow the discussion here and are aware of the Google spam problem. We
> also have some anti-spam measures for our reader servers. But it is really
> easy to find our contact address (ne...@individual.net) on
> https://news.individual.net/
>

> In the past, issuing a UDPš has often not been particularly successful.

>
> Heiko (for Newsmaster-Team of individual.net)
>

> š https://en.wikipedia.org/wiki/Usenet_Death_Penalty

Oh wow! Brian Gregory was _correct_ about your service, Mr. Schlichting!
<https://groups.google.com/g/news.admin.peering/c/xxniDVj3ArI/m/WfJqjUVPAQAJ>

You _do_ care about this google-groups-99.5%-spam-on-usenet problem!
(Note that I'm surprised. Humbled. Gratified. And humiliated!)

I have never worked with you - but I have tried, in the past, to get
spammers off of the various servers (as explained in articles cited below).

I humbly apologize to you.
Sincerely.
Directly.
And apologetically.

Mea culpa.

Unfortunately, only moments before I saw your article above, I posted this
(which I now belatedly would wish I had learned how to _cancel_ years ago).
<https://groups.google.com/g/news.admin.peering/c/AgrNUeZuAkw/m/wjFb9mb3AAAJ>

I will issue a humble but well-intended sincere retraction of my
deprecating comments about you (where I had accidentally lumped you into
the same category as the news server admins for Highwinds & Giganews).

The very fact you know about the issue & that you care about the issue
enough to respond to the people who most care about Usenet, is gratifying.

I openly and publicly apologize to you for deprecating you moments ago.
I am sorry.

[Frank Slootweg]

[Troll group snecked.]

Wally J <walte...@invalid.nospam> wrote:
[...]

> The bad news servers, apparently, are these three, in order (AFAIK):
> 1. Highwinds
> 2. Giganews
> 3. Individual
>
> But I could be wrong on that as I don't know nntp like Frank Slootweg does.

I have no indication that News.Individual.Net is a direct peer (of
Google Groups), but also no indication of the contrary.

Anyway, the consensus in the relevant groups is that a direct peer is
not in any way "bad". If it was, the admins would have depeered them.

[...]

> These three news server admins are, in a word, complete assholes.
> 1. Highwinds
> 2. Giganews
> 3. Individual

You owe the admin(s) of News.Individual.Net an apology and quick smart
too!

You asked (in this thread) for the "'de-peering' contacts" (which is a
non-concept) - which was unneeded, because it is in plain sight and
standard -, but one the admins of News.Individual.Net responded anyway.
AFAICT, you didn't even bother to respond to him, let alone thank him.

So if there's any "asshole", ....

[...]

[Wally J]

Frank Slootweg <th...@ddress.is.invalid> wrote

> I have no indication that News.Individual.Net is a direct peer (of
> Google Groups), but also no indication of the contrary.

I will now, belatedly, agree with Frank Slootweg that the admins of
News.Individual.Net have responded just recently that
a. They're aware of the issue
b. They care, and,
c. They're doing something about it.

I apologize for deprecating them, which was based on my lack of information
about them. Mea culpa.

> You owe the admin(s) of News.Individual.Net an apology and quick smart
> too!

Thank you Frank for suggesting that apology, which, you'll note, was quick
smart sooner than you even could think imaginable, as you know me well in
that I am always ready to admit my mistakes when I make them (and I do).

It was my mistake alone to lump the admins of Individual with the likes of
Highwinds (whom I've never gotten any response to in _many_ requests) and
Giganews.

I apologize directly and humbly and sincerely to the Individual.net admins.
(If I knew how to cancel via telnet, I would try it if it's possible.

[Frank Slootweg]

Wally J <walte...@invalid.nospam> wrote:
> Heiko Schlichting <he...@cis.fu-berlin.de> wrote

[Most addressed in my response of a little earlier, so only some loose
ends.]

> Oh wow! Brian Gregory was _correct_ about your service, Mr. Schlichting!
> <https://groups.google.com/g/news.admin.peering/c/xxniDVj3ArI/m/WfJqjUVPAQAJ>

Don't use Google Groups URLs, but use message-ids or use both.

Google Groups doesn't show the full article and given the message-id,
users can use other means.

And especially in this (and similar) thread, using *Google Groups*
references is quite silly, don't you agree!?

[...]

> Unfortunately, only moments before I saw your article above, I posted this
> (which I now belatedly would wish I had learned how to _cancel_ years ago).
> <https://groups.google.com/g/news.admin.peering/c/AgrNUeZuAkw/m/wjFb9mb3AAAJ>
>
> I will issue a humble but well-intended sincere retraction of my
> deprecating comments about you (where I had accidentally lumped you into
> the same category as the news server admins for Highwinds & Giganews).

So your qualification and insulting of the Highwinds & Giganews admins
is OK?

[...]

[Frank Slootweg]

Wally J <walte...@invalid.nospam> wrote:
> Frank Slootweg <th...@ddress.is.invalid> wrote
>
> > I have no indication that News.Individual.Net is a direct peer (of
> > Google Groups), but also no indication of the contrary.
>
> I will now, belatedly, agree with Frank Slootweg that the admins of
> News.Individual.Net have responded just recently that
> a. They're aware of the issue
> b. They care, and,
> c. They're doing something about it.
>
> I apologize for deprecating them, which was based on my lack of information
> about them. Mea culpa.
>
> > You owe the admin(s) of News.Individual.Net an apology and quick smart
> > too!
>
> Thank you Frank for suggesting that apology, which, you'll note, was quick
> smart sooner than you even could think imaginable, as you know me well in
> that I am always ready to admit my mistakes when I make them (and I do).

Good.

I saw your apology directly after my response. That happens.

> It was my mistake alone to lump the admins of Individual with the likes of
> Highwinds (whom I've never gotten any response to in _many_ requests) and
> Giganews.

A bad experience is no excuse for public insults, especially not when
the insulted party is not even present. Also you're not their customer.
At best, you're a customer of one of their customers. So any complaints
should go to their customer. Seeing you couldn't be bothered to use the
obvious way to contact the NIN admin(s), I doubt you used the right way
to contact Highwinds/Giganews.

> I apologize directly and humbly and sincerely to the Individual.net admins.
> (If I knew how to cancel via telnet, I would try it if it's possible.

Very few - if any - News servers honour cancel commands/control-messages
from users (or other servers for that matter). Way too easy to abuse.
For all intents and purposes, cancels do not work. (They only worked in
The Good Old Days (TM), when everybody was still behaving.)

[Grant Taylor]

On 12/10/23 14:06, Frank Slootweg wrote:
> Very few - if any - News servers honour cancel commands/control-messages
> from users (or other servers for that matter). Way too easy to abuse.
> For all intents and purposes, cancels do not work. (They only worked in
> The Good Old Days (TM), when everybody was still behaving.)

I wonder if there's any room for, or value in, network providing a
gateway that takes locally originated cancels (preferably from an
authenticated user on the reader server they use) and convert them into
a NoCeM.



Grant. . . .

[Sn!pe]

Wally J <walte...@invalid.nospam> wrote:

[...]

> The iKooks are, by way of stark contrast, _never_ purposefully helpful.
>
> They're the antithesis of me, which is why I despise their very existence.
>
> They wouldn't stick out a finger to help anyone - and - in fact - they'd go
> well out of their way to make life miserable for any innocent poster here.

[...]

Wally J, you are either trolling or just very rude; which is it?

--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator

<snip...@gmail.com>
Google Groups articles seen only if poster whitelisted.
My pet rock Gordon just is.

[D]

On Mon, 11 Dec 2023 00:05:34 +0000, snip...@Use.Reply-To.Address.invalid (Sn!pe) wrote:
>Wally J <walte...@invalid.nospam> wrote:
>[...]
>
>> The iKooks are, by way of stark contrast, _never_ purposefully helpful.
>> They're the antithesis of me, which is why I despise their very existence.
>> They wouldn't stick out a finger to help anyone - and - in fact - they'd go
>> well out of their way to make life miserable for any innocent poster here.
>[...]
>
>Wally J, you are either trolling or just very rude; which is it?

as an amateur and outsider to any of these high-level discussions among
professional news server administrators, it does seem peculiar that the
op of this burgeoning thread message-id ukinav$m4i7$1...@paganini.bofh.team
seems prolific yet discourteous for such an elderly and experienced soul;
exactitude should be the minimum standard for discussing important topics

[Sn!pe]

I too am only an amateur but interested lurker; I've read the whole of
nap and nsn for several months before "Wally J" began this thread.

I note that it was "Wally J" who added the crosspost to
misc.phone.mobile.iphone three articles upthread from this one.

Message-ID: <ul51vm$2k18f$1...@paganini.bofh.team>

While I have no concrete evidence other than style, IMO it's Arlen.

[Heiko Schlichting]

Frank Slootweg <th...@ddress.is.invalid> wrote:
>
> I have no indication that News.Individual.Net is a direct peer (of
> Google Groups), but also no indication of the contrary.

News.Individual.Net is handled on our reader servers. The peering with
Google takes place on our feeder server (newsfeed.fu-berlin.de) which is
operated by the same news admin team. So we are responsible for the
peering, but not for the Spam itself.

We do care about the Spam flood posted via Google Groups but as a German
state university we do not have any influence on Google. But - if
necessary - we would stop our long time peering with Google. Unfortunately,
as an isolated action, this doesn't make a positive difference. We will
continue to follow the discussion here closely.

[D]

On Mon, 11 Dec 2023 01:45:17 +0000, snip...@Use.Reply-To.Address.invalid (Sn!pe) wrote:
>D <nor...@mixmin.net> wrote:
>> On Mon, 11 Dec 2023 00:05:34 +0000,
>> snip...@Use.Reply-To.Address.invalid (Sn!pe) wrote:
>> >Wally J <walte...@invalid.nospam> wrote:
>> >[...]
>> >> The iKooks are, by way of stark contrast, _never_ purposefully helpful.
>> >> They're the antithesis of me, which is why I despise their very existence.
>> >> They wouldn't stick out a finger to help anyone - and - in fact - they'd go
>> >> well out of their way to make life miserable for any innocent poster here.
>> >[...]
>> >Wally J, you are either trolling or just very rude; which is it?
>>
>> as an amateur and outsider to any of these high-level discussions among
>> professional news server administrators, it does seem peculiar that the
>> op of this burgeoning thread message-id ukinav$m4i7$1...@paganini.bofh.team
>> seems prolific yet discourteous for such an elderly and experienced soul;
>> exactitude should be the minimum standard for discussing important topics
>
>I too am only an amateur but interested lurker; I've read the whole of
>nap and nsn for several months before "Wally J" began this thread.
>I note that it was "Wally J" who added the crosspost to
>misc.phone.mobile.iphone three articles upthread from this one.
>Message-ID: <ul51vm$2k18f$1...@paganini.bofh.team>
>While I have no concrete evidence other than style, IMO it's Arlen.

every busy newsgroup has been continually infiltrated and occupied by
"tokyo rose" troll farms promoting obfuscation, confusion, mediocrity,
vanity, politics, religion, sectarianism, demoralization, mendacities,
business as usual; and not only them, but others perhaps unwitting of
the collective process, idealists, activists, and so forth, have each
contributed their own part along the way; alas, no one can fight city
hall; e.g. in the context of hailing the google ghost ship, good luck

[Grant Taylor]

On 12/11/23 02:40, Heiko Schlichting wrote:
> News.Individual.Net is handled on our reader servers. The peering with
> Google takes place on our feeder server (newsfeed.fu-berlin.de) which is
> operated by the same news admin team. So we are responsible for the
> peering, but not for the Spam itself.

ACK

> We do care about the Spam flood posted via Google Groups

DoubleACK

> but as a German state university we do not have any influence on Google.

Do you as a Google peer have any contacts inside of Google?

The last time I tried to interact with the newsmaster(s) at Google ended
poorly with a refusal to create some new groups being created at the
time (either Mozilla adjacent and / or Windows 10) with some other
disheartening outcome.

I would /hope/ -- but not hold my breath -- that you have a bit more
influence /as/ /a/ /peer/ than others around the world / Internet.

> But - if necessary - we would stop our long time peering with Google.

I appreciate that you are willing to de-peer Google if it comes to that.

> Unfortunately,
> as an isolated action, this doesn't make a positive difference. We will
> continue to follow the discussion here closely.

I would encourage you and your colleagues to start thinking about what
actions would warrant de-peering Google to you / your team, along with
any communications you might want to have with Google regarding -- what
I consider to be -- blatant spam spewing from them.

Again, I would hope, that as a peer, you might be able to contact
someone in Google and get them to try to stem the tide.

Thank you for your consideration, whatever that ends up being.

[Grant Taylor]

On 12/11/23 08:24, D wrote:
> hailing the google ghost ship

I like that description. "Google ghost ship" and "hailing" seem to be
apt descriptions that match my opinion of the situation.

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

> Again, I would hope, that as a peer, you might be able to contact
> someone in Google and get them to try to stem the tide.

100% agree with both Grant and Heiko (and much appreciate their actions!).

As with Grant, I was only able to get Google to change their format for the
dejaGoogle URIs, but I was not able to get them to add the Windows
newsgroups or some of the common software newsgroups (tbird, ffox, etc.).

As with Grant, I would "hope" (to dear God I hope, in fact) that you and
the other peers to Google have "some method" of getting a hold of them.

Worst case, there's this URL (which is for the proletariat such as I am).
<https://groups.google.com/g/google-usenet/about>

[Wally J]

Grant Taylor <gta...@tnetconsulting.net> wrote

We have Heiko at Individual trying to hail the Google ghost ship.
What's a good contact for the other two big peers of the Google ghost ship?
I'll volunteer to send them each an email (but I don't expect much of it).

[The Doctor]

In article <kto07r...@mid.uni-berlin.de>,

You will make a difference. In depeering GG from your peers,
you are telling Enough Google! Clean up your act
if you want to be a good netizen.

[The Doctor]

In article <ul78a8$66j$2...@tncsrv09.home.tnetconsulting.net>,

Motion 2nded!

>
>--
>Grant. . . .

[The Doctor]

In article <ul78d8$66j$3...@tncsrv09.home.tnetconsulting.net>,

One for alt.humor .

>
>--
>Grant. . . .

[The Doctor]

In article <ul78r5$2s6eg$1...@paganini.bofh.team>,

About time GG does something about their abuse ,same with GMail.
I make on Twitter, Facebook and Linkedin daily updates on
Google abuse occurs when necessary.