Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Who is peering all these spams ostensibly from Google Groups?

73 views
Skip to first unread message

Wally J

unread,
Dec 3, 2023, 3:10:13 PM12/3/23
to
Who is peering all these spams ostensibly from Google Groups?
<http://groups.google.com/g/comp.mobile.android>

In the past few weeks, what I'll call "indonesian" spam has been
increasing but not to the level of this "movie" spam which is now
hundreds per day (at least it is on the Android newsgroup).

While the headers look like they're coming from Google Groups,
I'm aware that headers could be forged such that it could be
coming from a rogue nntp server sending all this spam.

But then why are the reputable nntp news server admins peering
these spams?

I realize every line in the header can be spoofed (even the
path can have information injected into it), but I don't know
how to read headers well.

Is there any way to tell from the header who is peering them.
To help you answer this question, below are just 3 random spams.

========< cut here for random spams >========
X-Received: by 2002:a0c:ed31:0:b0:67a:b50a:cf46 with SMTP id u17-20020a0ced31000000b0067ab50acf46mr63374qvq.7.1701623906718; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
X-Received: by 2002:a05:6870:f293:b0:1fb:2688:896e with SMTP id u19-20020a056870f29300b001fb2688896emr1145397oap.8.1701623906460; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:18:26 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S
NNTP-Posting-Host: 202.46.68.61
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d2da9b7d-4ac6-43dc...@googlegroups.com>
Subject: [.WATCH.] Renaissance: A Film By Beyoncé Watch (FullMovie) Free Online ON STREAMINGS
From: Atto Lorse <atto...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:18:26 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 3761
Xref: . comp.mobile.android:110200
========< cut here for random spams >========
X-Received: by 2002:a05:6214:1fc4:b0:67a:262e:35b5 with SMTP id jh4-20020a0562141fc400b0067a262e35b5mr642984qvb.9.1701622417293; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
X-Received: by 2002:a9d:5cc6:0:b0:6d8:1345:7de4 with SMTP id r6-20020a9d5cc6000000b006d813457de4mr1630461oti.7.1701622417090; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 08:53:36 -0800 (PST)
In-Reply-To: <f5e007ca-f669-4d58...@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx
NNTP-Posting-Host: 118.179.109.17
References: <f5e007ca-f669-4d58...@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f09f38dc-333c-4e8a...@googlegroups.com>
Subject: Re: [.WATCH.] It Came from Dimension X Watch (.FullMovie.) Free Online On STREAMINGS
From: Derrick Matthews <derrickma...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 16:53:37 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 5359
Xref: . comp.mobile.android:110194
========< cut here for random spams >========
X-Received: by 2002:a05:622a:103:b0:423:72a5:a7da with SMTP id u3-20020a05622a010300b0042372a5a7damr969557qtw.8.1701624819984; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
X-Received: by 2002:a9d:6a8f:0:b0:6d8:8052:2ec8 with SMTP id l15-20020a9d6a8f000000b006d880522ec8mr627917otq.2.1701624819695; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
Path: .!news2.arglkargh.de!2.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:33:39 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8
NNTP-Posting-Host: 93.177.75.198
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <fa356544-c7a3-4d01...@googlegroups.com>
Subject: **Wish 2023 free '.Fullmovie.' Online English HD 720p, 480p
From: Raden Surya Sigadiraja <radensurya...@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:33:39 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 16654
Xref: . comp.mobile.android:110202
--
TIA

The Doctor

unread,
Dec 3, 2023, 3:11:48 PM12/3/23
to
In article <ukinav$m4i7$1...@paganini.bofh.team>,
More reason to depeer Google GRoups now!
--
Member - Liberal International This is doc...@nk.ca Ici doc...@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

Wally J

unread,
Dec 3, 2023, 3:29:10 PM12/3/23
to
The Doctor <doc...@doctor.nl2k.ab.ca> wrote

> More reason to depeer Google GRoups now!

I don't know what "depeer" means, but I suspect it means to nuke it.
Sometimes nuking is appropriate. Most of the time it's too drastic.

Cutting out this spam should be as easy as not peering it - should it not?
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this spam?

But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.

For example, I'm assuming that none of this spam actually is coming from
google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.

How can we tell who peered it first from the originating rouge nntp server?

Here's a thread which brought up the subject where each recipient has to
figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
Like this thread, posted today, trying to solve this exact problem.
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>

The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.

So I 'suspect' that it's coming from a rogue nntp news server.
Which is why I'm asking the question that I'm asking.

Grant Taylor

unread,
Dec 3, 2023, 3:30:30 PM12/3/23
to
On 12/3/23 14:10, Wally J wrote:
> Who is peering all these spams ostensibly from Google Groups?

Ostensibly any news master that is not filtering Google Groups carte
blanch is peering / feeding these articles. Few are directly peered
with Google, more are downstream peers.



Grant. . . .

Grant Taylor

unread,
Dec 3, 2023, 3:36:12 PM12/3/23
to
On 12/3/23 14:29, Wally J wrote:
> I don't know what "depeer" means, but I suspect it means to nuke it.

Depeering means to no longer carry any articles from a news server.

> Sometimes nuking is appropriate. Most of the time it's too drastic.
>
> Cutting out this spam should be as easy as not peering it - should it not?

It's relatively easy to filter out /everything/ from Google.

It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.

> For example, I'm assuming that none of this spam actually is coming from
> google posters - I'm assuming it's all coming from a roge nntp server who
> is impersonating a google groups poster.

Every single one that I've looked at the message /has/ /in/ /fact/
originated from Google and been sent out to Usenet at large.

> How can we tell who peered it first from the originating rouge nntp server?

Google is the rogue NNTP server that is the source of the spam.

> Here's a thread which brought up the subject where each recipient has to
> figure out on his own newsreader how to nuke this spam which purports to
> come from Google Groups (I suspect it comes from a rogue

You suppose wrong.

The spam /is/ originating from Google.

> The only reason I doubt this spam is coming from google users is Google
> would put a stop to this - but it's been happening for weeks on end.

HA! If only.

Google is an extremely bad for Usenet and an even worse steward for the
Dejanews archive.

> So I 'suspect' that it's coming from a rogue nntp news server.

You suspect wrong.

> Which is why I'm asking the question that I'm asking.
>
> Who is peering all these spams ostensibly from Google Groups?

Look at the Path: headers to answer your own questions.



--
Grant. . . .

Marco Moock

unread,
Dec 3, 2023, 3:44:03 PM12/3/23
to
Am 03.12.2023 um 16:29:06 Uhr schrieb Wally J:

> The Doctor <doc...@doctor.nl2k.ab.ca> wrote
>
> > More reason to depeer Google GRoups now!
>
> I don't know what "depeer" means, but I suspect it means to nuke it.
> Sometimes nuking is appropriate. Most of the time it's too drastic.

Removing the peering to google groups. Only server that currently peer
can do that.
If all of them removed the peering, post can't go from GG to other
servers and vice-versa.

> Cutting out this spam should be as easy as not peering it - should it
> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>

It is possible to filter for injection-info.
Google Groups places a correct header and the path also matches that.

> I'm not for knee-jerk reactions, but targeted surgical strikes.
> Maybe the problem is a single reliable news server is peering this
> spam?

No, the problem is Google because Google doesn't stop people from
abusing their services.

> But I don't know enough about headers to determine who is peering it.
> I can read the path but I know the path can have injected components.

Forging a path is possible, but rather unlikely.
Direct peers of GG can confirm that the path isn't forged.

> For example, I'm assuming that none of this spam actually is coming
> from google posters - I'm assuming it's all coming from a roge nntp
> server who is impersonating a google groups poster.

Wrong summption.

> How can we tell who peered it first from the originating rouge nntp
> server?

You can find who peers if you write a script and extract the patrh
header and extract only the servers that are left of the googel groups
part.

Path:
eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail


E.g. news.highwinds-media.com peer with Google.

> The only reason I doubt this spam is coming from google users is
> Google would put a stop to this - but it's been happening for weeks
> on end.

No, Google doesn't care about it. They also don't care about spam on
their web services nor abuse from their IP ranges hosted for others.

candycanearter07

unread,
Dec 3, 2023, 4:35:11 PM12/3/23
to
On 12/3/23 14:36, Grant Taylor wrote:
> On 12/3/23 14:29, Wally J wrote:
>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.
>
>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it
>> not?
>
> It's relatively easy to filter out /everything/ from Google.
>
> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

Yeah. I just filter everything from Google.
--
user <candycane> is generated from /dev/urandom

Wally J

unread,
Dec 3, 2023, 6:08:02 PM12/3/23
to
Grant Taylor <gta...@tnetconsulting.net> wrote

>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.

Hi Grant,

Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
been able to figure it out on my own. Thanks for being nice about my faux
pas. It was stupid of me to not realize that's what it had meant.

Especially since that was my whole point.

How do you de-peer the spams (which I suspect are not coming from Google).
<https://groups.google.com/g/comp.mobile.android>
(EDIT: I see below that you suspect they _are_ coming from Google though.)

There are hundreds just today alone that anyone can see are clearly spam.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it not?
>
> It's relatively easy to filter out /everything/ from Google.

I am almost 86 so I lived through the days when we'd complain to a host
admin that someone spammed us once in a month or two, and then I lived
through making my own procmail filters on SunOS, so I'm familiar with the
fact that it's just plain stupid to filter out everything from Google.

People do it all the time.
But only stupid people do it.

A smart admin would have a smarter filter than "everything".
Worse....

I suspect NONE of this spam is actually coming from Google anyway.
(But I just saw below that you suspect they _are_ coming from Google.)

For a filter, it's the same thing of course, but isn't it different to an
nntp server who can tell where it's coming from better than I can tell?

> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

I'm sure that's why they seem to be changing up the subject, headers, from,
injection information, etc. in those headers.

I'm almost certain (based on the modus operandi) that NONE of them are
actually coming from Google servers but I saw below that you're sure they
are, so I'd just ask how you know since almost everything in the header can
be forged (as far as I know) except for the final path in the header.

>> For example, I'm assuming that none of this spam actually is coming from
>> google posters - I'm assuming it's all coming from a roge nntp server who
>> is impersonating a google groups poster.
>
> Every single one that I've looked at the message /has/ /in/ /fact/
> originated from Google and been sent out to Usenet at large.

Oh. Really? I didn't see this until now. I was pretty sure none was coming
from Google simply because they'd put a stop to abuse pretty quickly you'd
think. And this is clearly abuse.

Is there a way (that works) to _complain_ to Google about it?
Maybe they care?

>> How can we tell who peered it first from the originating rouge nntp server?
>
> Google is the rogue NNTP server that is the source of the spam.

I understand belatedly that you believe that - but how can you tell?
I can't tell.

Sure the message-ID is an indication.
And the newsreader. But that can be forged.

About the only thing that can't be forged are sections of the path.
But they can 'inject' stuff into the path that is meaningless.

So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)

We have to confirm if it's coming from Google because the solution then is
at Google whereas if they're just spoofing Google, the solution is
elsewhere.

>
>> Here's a thread which brought up the subject where each recipient has to
>> figure out on his own newsreader how to nuke this spam which purports to
>> come from Google Groups (I suspect it comes from a rogue
>
> You suppose wrong.
>
> The spam /is/ originating from Google.

By now I see that you feel strongly it's coming from Google.
But how do you know?

And more importantly, how does "de-peering" happen so that it stops?

>> The only reason I doubt this spam is coming from google users is Google
>> would put a stop to this - but it's been happening for weeks on end.
>
> HA! If only.
>
> Google is an extremely bad for Usenet and an even worse steward for the
> Dejanews archive.

I lived through DejaNews so I'm aware of what you say, and I certainly know
a google search on the real google.com is different in functionality than a
search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
least DejaGoogle exists.

I use it only for a lookup/search/reference engine, which it's very good at
but I wouldn't even think of posting using Google Groups for all the
reasons that nobody would be caught dead using AOL in the olden days.

>> So I 'suspect' that it's coming from a rogue nntp news server.
>
> You suspect wrong.

OK. So you think it's coming from Google. And that means Google either
doesn't know about it - or - Google isn't doing anything about it.

Is there any way to "complain" to Google to figure out which it is?

>
>> Which is why I'm asking the question that I'm asking.
>>
>> Who is peering all these spams ostensibly from Google Groups?
>
> Look at the Path: headers to answer your own questions.

The PATH (read right to left of course) isn't meaningful when anyone clever
can inject components into it.

I don't know what portion of the path is inviolable though.
Do you?

Assuming they're injecting into the path, what part of the path in the
previously listed spams do you think are actually real?

Tom Furie

unread,
Dec 3, 2023, 6:31:11 PM12/3/23
to
Wally J <walte...@invalid.nospam> writes:

> Grant Taylor <gta...@tnetconsulting.net> wrote

>> Google is the rogue NNTP server that is the source of the spam.
>
> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

> About the only thing that can't be forged are sections of the path.
> But they can 'inject' stuff into the path that is meaningless.
>
> So how do you know that it's really coming from Google servers?
> (I strongly suspect it is not for the reasons I already stated.)

>> Look at the Path: headers to answer your own questions.
>
> The PATH (read right to left of course) isn't meaningful when anyone clever
> can inject components into it.
>
> I don't know what portion of the path is inviolable though.
> Do you?
>
> Assuming they're injecting into the path, what part of the path in the
> previously listed spams do you think are actually real?

Look at the path on a random sampling of posts, they will likely come
into your news server from a variety of its peers. Look to see where the
path reconverges...

Are these "Google impersonators" going to go to the effort of spoofing
that many differing path components?

Wally J

unread,
Dec 3, 2023, 6:33:42 PM12/3/23
to
Marco Moock <mm+use...@dorfdsl.de> wrote

> Removing the peering to google groups. Only server that currently peer
> can do that.
> If all of them removed the peering, post can't go from GG to other
> servers and vice-versa.

OK. Grant also said the spam is really coming from Google servers, which is
disappointing at best, and almost criminal at worst - but it is what it is.

Certainly we can all blindly filter out EVERYTHING from Google Groups.
And maybe that's what we'll have to do as I don't think I've ever seen a
Usenet post from a Google Groups' poster that held any pertinent value.

But before I do that, I still think there must be a better way, where what
some people do on c.m.a is check a whitelist and then plonk if not in it.

But that's gonna be newsreader-specific code (unlike procmail was).

>> Cutting out this spam should be as easy as not peering it - should it
>> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
> It is possible to filter for injection-info.
> Google Groups places a correct header and the path also matches that.

Hmmmmm.... The purpose of this thread wasn't to create my own filter (as I
could always have done that) but let me look at the injection information.

Previous Spam 1:
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Previous Spam 2:
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx

Previous Spam 3:
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8

If that's not spoofed, then the only thing I'd need is to filter
out anything with "google-groups.googlegroups.com" if it's real.

What I'll do in a subsequent post is see if I can add that one line
to my header - and if I can - which I suspect I can - it's not reliable.

But maybe I can't. I don't know. I'm not all that clever.
But I know how to use Telnet so I can try it. Later.

Even so, any of us can filter it out but the problem is at the
peering, so now I understand the suggestion of "de-peering" better!

>
>> I'm not for knee-jerk reactions, but targeted surgical strikes.
>> Maybe the problem is a single reliable news server is peering this
>> spam?
>
> No, the problem is Google because Google doesn't stop people from
> abusing their services.

Got it.
If that's the case, then there are only three possible solutions:
a. Solve it at Google
b. Solve it at the peering level
c. Solve it as the user level

One by one, that's what I will try to do, where you can help (royal you)
by letting me know if there is a way to complain to Google about it.

>> But I don't know enough about headers to determine who is peering it.
>> I can read the path but I know the path can have injected components.
>
> Forging a path is possible, but rather unlikely.
> Direct peers of GG can confirm that the path isn't forged.

As I said, I'm astounded Google is allowing this to happen when
they won't even let me log into my long-time email from the VPN
service I've been using for years - but Google is Google after all.

If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
is truly coming from Google servers, then that's where the solution lies.

>> For example, I'm assuming that none of this spam actually is coming
>> from google posters - I'm assuming it's all coming from a roge nntp
>> server who is impersonating a google groups poster.
>
> Wrong summption.

I haven't seen proof. But I openly instantly and readily admit that
I don't know what any of you know, so I will accept that it's google.

>> How can we tell who peered it first from the originating rouge nntp
>> server?
>
> You can find who peers if you write a script and extract the patrh
> header and extract only the servers that are left of the googel groups
> part.

That's assuming the "google groups part" isn't itself forged though.
Shit. Highwinds doesn't give a shit. You probably know that.
I've complained to them many times in the past. They do nothing.

Hell, Rod Speed issued instructions to murder me using Highwinds.
Just because I was able to get Paolo Amaroso to blacklist a.h.r.
And they didn't even care (although I did call the FBI about it).

Even Google put his email on a suspension once I wrote a formal
letter which included the report to the FBI - but I don't know
what happened of it as they told me never to contact him ever.

That was hard enough.

It's even worse with Highwinds because I'm sure legitimate posters
must use it (do they?). If so, then highwinds can't be de-peered.

I was hoping it was someone reputable, like Steve or Jesse
or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

Bummer. Highwinds is one of the worst in my opinion, at least in
terms of getting spammers booted.

Is there someone at highwinds you'd recommend we contact to
solve this - or has that long ago already been done (I suspect)?

>> The only reason I doubt this spam is coming from google users is
>> Google would put a stop to this - but it's been happening for weeks
>> on end.
>
> No, Google doesn't care about it. They also don't care about spam on
> their web services nor abuse from their IP ranges hosted for others.

That's a big problem. I'm pretty persistent but even I had to try hard to
talk to a human in Mountainview when I needed a change in their routing.

Finally after many calls (it's essentially impossible to get someone unless
you know someone who knows exactly the someone you need to talk to) I was
able to get it fixed, but the elapsed time was months in between.

It might even be worse here because at least Google cares about Maps.

Does anyone know of a way to _complain_ about it that exists somewhere?

Wally J

unread,
Dec 3, 2023, 6:45:32 PM12/3/23
to
Wally J <walte...@invalid.nospam> wrote

> What I'll do in a subsequent post is see if I can add that one line
> to my header - and if I can - which I suspect I can - it's not reliable.

OK. I tried with a couple of news servers (Ivo's & Ray's).

I set the "injection-info" header to this (from the spam).
Add_Headers = Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Both servers the error below (which you knew but I did not).
"Posting article failed: Can't set system Injection-Info: header

Unless there's a compliant nntp server, I'll accept that the
Injection-Info header can't be (trivially easily) forged.

At least not with a simple "telnet newsserver 119" session.

Thanks for letting me know I can filter on that line.
But this is best taken up with the powers that be in this order.

1. Google
2. Peers
3. Users

Wally J

unread,
Dec 3, 2023, 7:07:28 PM12/3/23
to
Tom Furie <t...@furie.org.uk> wrote

>> Assuming they're injecting into the path, what part of the path in the
>> previously listed spams do you think are actually real?
>
> Look at the path on a random sampling of posts, they will likely come
> into your news server from a variety of its peers. Look to see where the
> path reconverges...
>
> Are these "Google impersonators" going to go to the effort of spoofing
> that many differing path components?

OK. Sorry for being dense. I am way behind but trying to catch up.

The solution can only be in this order (as far as I can tell).
1. Google
2. Peers
3. Users

I'm probably with most of you that nothing good ever came out of
a google groups post to Usenet so working backward, the users
can all filter on the system "Injection-Info: header" (which
moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
prevented that (as they should).

I'm wary that they can set up their own rogue server to allow
spoofing of that header but then I defer to your experience
and your sensible logic above that they'd have to fool peers.

So I'll belatedly accept Google is letting this happen.
With that in mind, I'm willing to "complain" to google.

But of course, I don't have any special connections other than
I live close to Mountainview and some of my buddies used to work there.

The two questions would be to ask:
a. Who wants to try to complain to Google (I'll try), and,
b. Who can get a hold of the highwinds server (they suck).

Note that I don't think either will be all that fruitful.
But I wonder if it's only highwinds that sucks (I've dealt
with them in the past and they just ignored everything).

Other than having every user filter out a google injection info,
what else can we do to stop these hundreds of spams daily?

Grant Taylor

unread,
Dec 4, 2023, 12:41:22 AM12/4/23
to
On 12/3/23 17:07, Wally J wrote:
> Hi Grant,

Hi Wally,

> Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
> been able to figure it out on my own.

Apology returned to sender as unnecessary.

> Thanks for being nice about my faux
> pas. It was stupid of me to not realize that's what it had meant.

You're welcome.

I believe that people trying to engage in civil conversation deserve
civil responses.

I don't think stupid. If anything, unaware. But, you are now aware,
and therefor a little bit better off. :-)

> Especially since that was my whole point.

;-)

> How do you de-peer the spams (which I suspect are not coming from Google).

You don't de-peer individual messages. You de-peer ... peer news servers.

Few news servers directly peer with Google.

Most news servers peer with other news server(s) that eventually peer
with Google.

So the only way that most news server administrators have to de-peer
Google, in a manner of speaking, is to not allow messages from Google
into their news server.

> (EDIT: I see below that you suspect they _are_ coming from Google though.)
>
> There are hundreds just today alone that anyone can see are clearly spam.
> <https://i.postimg.cc/6pj29c6f/spam01.jpg>

Yep.

> I am almost 86 so I lived through the days when we'd complain to a host
> admin that someone spammed us once in a month or two, and then I lived
> through making my own procmail filters on SunOS, so I'm familiar with the
> fact that it's just plain stupid to filter out everything from Google.

I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
is a little bit different.

You may think it stupid that I have blocked all Google messages on my
server. But you are as free to have your opinion as I am to have mine. ;-)

The question is how much time is a news administrator willing to spend
combating spam before they block a site entirely?

Would you continue to accept messages from a small individual news
server if 1 in 1,000 server legitimate and the other 999 were blatant
spam? What if that was a university? What if it was google? What if
it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
when you would block an entire site because of the ratio of ham to spam?
Does the size of the site make any difference?

For me personally, I was spending an hour or more a day fighting Google
spam and only getting to enjoy participating in conversations like this
for about 15 minutes a day. After about two weeks of that, I decided to
try filtering Google for a few days to see what I thought of it. I've
got to say that I'm enjoying that 15 minutes on Usenet again and the
hour (plus) of time that I've gotten back every day.

Given that Usenet is flood full, all my peers that peer with someone
other than me can get their messages from Google another way.

I get to run my server the way that I want to. I choose to run my
server in a way that makes me happy, or at the very least doesn't
actively make me unhappy and want to shut it down.

> People do it all the time.
> But only stupid people do it.

I guess I'm a stupid person then.

> A smart admin would have a smarter filter than "everything".
> Worse....

I suspect you aren't intending to make a personal attack. But I'll ask
you politely to not insult people who make their own choice, even if you
don't agree with it.

> I suspect NONE of this spam is actually coming from Google anyway.
> (But I just saw below that you suspect they _are_ coming from Google.)
>
> For a filter, it's the same thing of course, but isn't it different to an
> nntp server who can tell where it's coming from better than I can tell?

NNTP servers have a modicum of trust in each other. As in only NNTP
peers are allowed to specify the Path header. Meaning that it's
considerably more difficult for a /client/ to provide a forged path.

All of the Google spam samples that I looked at had everything indicate
that it was from Google; Path, Message-ID, From, etc. -- I no longer
have any articles that originated from Google on my server as I had my
server search through nearly 28 million messages to remove any messages
from Google. -- That's how strongly I believe the spam originates from
Google.

Just about everybody else I've talked to believes the messages originate
from Google.

I can't recall anyone actually saying that the messages originate elsewhere.

There are those that keep an open mind and allow for the possibility
that they originate elsewhere.

Google is notoriously non-responsive for dealing with problems
originating from them into many ecosystems, Usenet is just the one being
discussed here.

As a former Google employee, I know how the people who supposedly are
responsible for -- what I call -- the Google Groups Usenet gateway treat
it at best as an also ran service.

Google has a quite bad reputation as being a source of spam in the email
community. All you need to do is look at the mailop / NANOG / Spammers
Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find
hundreds of people talking about Google being the source of spam email
and Usenet articles.

There is exceedingly little doubt that Google is a source of massive
amounts of spam.

I have not seen any evidence that supports that someone is trying to
frame Google by pretending to be them. -- I'd be quite curious to see
any such statements.

Google has responded to previous complaints about a few groups by making
them read-only. At which point the spammers shift to different
newsgroups. But this game of whack-a-mole is untenable and extremely slow.

While at Google I witnessed them take 18 months to halfheartedly and
ineffectively slow down, but not actually stop, spam originating from
calendar invites.

I experienced Google refusing to allow creation of new newsgroups for
something that had a long history and pattern of newsgroups. I was
ready to submit a change for the Windows 10 newsgroup to be created but
was told that my change would be rejected and to not bother. I asked
about the Firefox and Thunderbird newsgroups when Mozilla announced
discontinuation of their (outsourced) news servers and was told to not
even bother.

I wholeheartedly believe that Google /is/ the source of the spam that
appears to be from them and that they are not the victim of an attack.

> I'm sure that's why they seem to be changing up the subject, headers, from,
> injection information, etc. in those headers.

I think one of the reasons that there are so many different clusters of
similarities is because there are so many spammers each sending their
own type of spam.

A quote from a well known science fiction movie comes to mind, "You will
never find a more wretched hive of scum and villainy." Mos Eisley^W^W
Google.

> I'm almost certain (based on the modus operandi) that NONE of them are
> actually coming from Google servers but I saw below that you're sure they
> are, so I'd just ask how you know since almost everything in the header can
> be forged (as far as I know) except for the final path in the header.

I'd be very interested in how / why you are as certain that the messages
aren't originating from Google as I am that they are.

Please elaborate with a rebuttal to my comments above.

> Oh. Really? I didn't see this until now. I was pretty sure none was coming
> from Google simply because they'd put a stop to abuse pretty quickly you'd
> think. And this is clearly abuse.

Google want's you to think that they put a stop to spam quickly. But in
effect, they don't. (See above about well respected places to see
complaints.)

> Is there a way (that works) to _complain_ to Google about it?
> Maybe they care?

I'm not aware of anything that works.

> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

Deduction / accumulation of many observations / experience working with
the beast that is Google.

> Sure the message-ID is an indication.
> And the newsreader. But that can be forged.

The Path: header is quite a bit more difficult to forge without being a
news peer.

I'm not aware of any (reputable) news server daemon / configuration that
allows someone to spoof the Path: header.

Sure, news servers can feed peers spoofed Path: headers. But it's quite
difficult to do the original spoof without a corroborating news server.

I strongly suspect that if there was a corroborating news server /
administrator that was the source of the articles, the multiple people
spending hours a day fighting this blight would have identified it and
de-peered them without filtering Google.

The vast majority of people want to not filter Google. The sad reality
is that just about everybody has some point that filtering Google seems
reasonable to them. It's simply a question of what that point is. --
There's a crude joke that finishes with "we've already established that,
now we're just negotiating price".

> About the only thing that can't be forged are sections of the path.

Exactly.

> But they can 'inject' stuff into the path that is meaningless.

As I indicated above, injecting something into the Path can only be done
by /news/ /servers/. It's not something that properly configured news
servers allow clients to do.

As such, the injection is not something that end users can do.

> So how do you know that it's really coming from Google servers?
> (I strongly suspect it is not for the reasons I already stated.)

Deja vu. ;-)

> We have to confirm if it's coming from Google because the solution then is
> at Google whereas if they're just spoofing Google, the solution is
> elsewhere.

I hope that I've elaborated why I'm convinced that the spam is
originating at Google.

But I think it's worse than just needing to talk to Google.

At this point I believe that Google is actually complicit in their
negligent to do anything about it.

N.B. I don't consider making specific groups read-only in a game of
whack-a-mole to be sufficient.

N.B. I consider that Google's action of making some groups read-only to
be tantamount to admission that said group was a source of spam.

> By now I see that you feel strongly it's coming from Google.
> But how do you know?

Deja vu.

> And more importantly, how does "de-peering" happen so that it stops?

There is actual de-peering wherein the news servers that are actually /
directly peered with Google turn off the connection with Google.

Then there is filtering like what some of us have done wherein we make
our down-stream servers simply refuse to accept any articles that come
from Google.

There are multiple ways to detect if an article comes from Google. The
best is to look for postnews.google.com and / or
google-groups.googlegroups.com in the Path. Some choose to filter based
on part of the Message-ID: header. Still others choose to filter based
on the From: email address.

I have configured cleanfeed on my news server to reject messages from
postnews.google.com and google-groups.googlegroups.com. As such, my
server is happy to have articles from @gmail.com email addresses. -- I
doubt that anyone will bother spoofing a Message-ID:. But I'm happy to
have @gmail.com users send email through non-Google news servers.

> I lived through DejaNews so I'm aware of what you say, and I certainly know
> a google search on the real google.com is different in functionality than a
> search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
> least DejaGoogle exists.

As time passes, more and more of the access to Usenet articles through
Google Groups is taken away.

I wanted to see if I could see the Path: for spam in Google Groups as it
would be remarkably short if the spam existed in Google Groups and was
originating in Google Groups. But, sadly, "Show original message" is
greyed out.

> I use it only for a lookup/search/reference engine, which it's very good at
> but I wouldn't even think of posting using Google Groups for all the
> reasons that nobody would be caught dead using AOL in the olden days.

In my not so humble opinion, AOL at it's worst still has a better
reputation than Google currently does amongst news and email administrators.

If Google wasn't as big as they are, more admins would have blocked them
already.

It is only Google's size that causes admins to hesitate.

> OK. So you think it's coming from Google. And that means Google either
> doesn't know about it - or - Google isn't doing anything about it.

I very strongly believe that it's the latter; Google isn't doing
anything (effective) about it.

> Is there any way to "complain" to Google to figure out which it is?

I wasn't able to find anything effective while I was on the inside. In
fact, I was given -- let's go with -- the cold shoulder brush off and
actively discouraged to try to make things better.

> The PATH (read right to left of course) isn't meaningful when anyone clever
> can inject components into it.

But my understanding and working premises is that /not/ /just/ /anyone/
can spoof the Path: header.

> I don't know what portion of the path is inviolable though.
> Do you?

Both all of it for the average user and none of it for a news administrator.

My working understanding / premises is that news servers do not accept a
Path: header from end users. News servers only accept Path: headers
from other news servers. The news server appends it's name / path to
the left side of the Path: header contents.

As such, the only way to get postnews.google.com and / or
google-groups.googlegroups.com into the path without actually passing
through it is for a news server, or someone with news peer level access.

As you can probably see from a number of newsgroups, the text-only news
server community is relatively small and cooperative as well as being
well motivated to stop the spam.

I remain convinced that if there was someone pretending to be Google
originating this spam, that the community would have an idea and would
be working to depeer them.

> Assuming they're injecting into the path, what part of the path in the
> previously listed spams do you think are actually real?

I have not seen any reason to doubt the Path: because of the special
nature of the Path: header.

Maybe I'm wrong. If I am, please correct / enlighten me. I'd like to
learn more.

But everything that I've experienced thus far either directly indicates
or supports that the spam is originating from Google Groups.

Grant Taylor

unread,
Dec 4, 2023, 12:52:11 AM12/4/23
to
On 12/3/23 18:07, Wally J wrote:
> OK. Sorry for being dense. I am way behind but trying to catch up.

Dense is okay.

You are asking intelligent questions and seem to want to understand and
learn.

I appreciate people who want to learn to understand in order to
formulate their own opinion.

This is true even if the opinion differs or you inadvertently call
someone stupid by referencing their actions.

> The solution can only be in this order (as far as I can tell).
> 1. Google
> 2. Peers
> 3. Users

Yes.

> I'm probably with most of you that nothing good ever came out of
> a google groups post to Usenet

I have personally had good conversations with people posting to Usenet
via Google Groups.

Sadly, I can no longer have discussions with those people as long as
they continue to use Google Groups.

Sadly, they are in the far minority, way less than 1%, of the messages
coming from Google.

> so working backward, the users
> can all filter on the system "Injection-Info: header" (which
> moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
> prevented that (as they should).

I don't know how protected the Injection-Info: header is. There's a
good chance that it is as protected as the Path: header.

> I'm wary that they can set up their own rogue server to allow
> spoofing of that header but then I defer to your experience
> and your sensible logic above that they'd have to fool peers.

News servers trust what peers send them. That's part of what is special
about being a peer news server.

As such, a rogue news server operator could inject malicious articles by
leveraging their access to spoof headers to cast shade on someone else.

Thankfully there are far fewer news administrators / peers than there
are end users of said servers.

> So I'll belatedly accept Google is letting this happen.
> With that in mind, I'm willing to "complain" to google.

By all means, please do.

But I suggest you not hold your breath.

> But of course, I don't have any special connections other than
> I live close to Mountainview and some of my buddies used to work there.

Used to work there hits quite close to home for me. -- I am one of the
7,000 in the U.S.A. / 12,000 around the world that found I no longer had
any access late January.

> The two questions would be to ask:
> a. Who wants to try to complain to Google (I'll try), and,

I suspect that more people have tried complaining in various ways;
between news masters peered with Google complaining directly to Google
to end users marking messages as spam in Google Groups.

> b. Who can get a hold of the highwinds server (they suck).

I don't know.

> Note that I don't think either will be all that fruitful.

I suspect it's far easier to get a hold of High Winds than trying to get
Google to do anything.

> But I wonder if it's only highwinds that sucks (I've dealt
> with them in the past and they just ignored everything).

Sounds like Google.

Though I got active rejections / "don't go there" while working inside
of / for the beast.

> Other than having every user filter out a google injection info,
> what else can we do to stop these hundreds of spams daily?

We can have the far fewer news administrators filter postnews.google.com
and / or google-groups.googlegroups.com hosts from their servers.

Grant Taylor

unread,
Dec 4, 2023, 1:15:23 AM12/4/23
to
On 12/3/23 17:33, Wally J wrote:
> OK. Grant also said the spam is really coming from Google servers, which is
> disappointing at best, and almost criminal at worst - but it is what it is.

Yes, it's extremely disappointing.

> Certainly we can all blindly filter out EVERYTHING from Google Groups.

How many people need to take action to clean up after one bad but big
peer before the peer is made to go away?

> And maybe that's what we'll have to do as I don't think I've ever seen a
> Usenet post from a Google Groups' poster that held any pertinent value.

As I said elsewhere, I've had good conversations with people that post
to Usenet from Google Groups. It does happen.

> But before I do that, I still think there must be a better way, where what
> some people do on c.m.a is check a whitelist and then plonk if not in it.

How complicated of a filter do you want to set up and maintain?

> But that's gonna be newsreader-specific code (unlike procmail was).

Yep.

> But maybe I can't. I don't know. I'm not all that clever.
> But I know how to use Telnet so I can try it. Later.

Kudos for speaking NNTP via telnet. :-)

> Even so, any of us can filter it out but the problem is at the
> peering, so now I understand the suggestion of "de-peering" better!

The problem is Google.

Google is the singular source of the problem of spam from Google Groups.
The news servers / administrators peered with Google are less of the
problem. They are simply trying to be a common carrier and carry all
articles equally.

The peers aren't the source of the spam.

Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
with Google".

> As I said, I'm astounded Google is allowing this to happen when
> they won't even let me log into my long-time email from the VPN
> service I've been using for years - but Google is Google after all.

Google has incentive to block you from using a VPN. I can't articulate
what that incentive is, but I understand that your use of a VPN
adversely impacts their business model.

> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
> is truly coming from Google servers, then that's where the solution lies.

Yep.

> Even Google put his email on a suspension once I wrote a formal
> letter which included the report to the FBI - but I don't know
> what happened of it as they told me never to contact him ever.

Sadly, I suspect it's going to take something like a police / FBI report
to get attention of the people you need.

> That was hard enough.

Yep. Getting Google to stop spam that doesn't impact them in a segment
that they don't make any money from, that will be difficult.

This is especially true if Google is avoiding the backlash of shutting
down -- what I call -- their Google Groups Usenet gateway.

> It's even worse with Highwinds because I'm sure legitimate posters
> must use it (do they?). If so, then highwinds can't be de-peered.

HighWinds can be de-peered just like Google can be.

> I was hoping it was someone reputable, like Steve or Jesse
> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

If you want to get an individual person to rattle Google's cage, try to
get someone like Tavis Ormandy of Google's Project Zero.

> Finally after many calls (it's essentially impossible to get someone unless
> you know someone who knows exactly the someone you need to talk to) I was
> able to get it fixed, but the elapsed time was months in between.

That was for a broken routing issue.

Now just imagine for something that is working as intended / designed /
configured.

> It might even be worse here because at least Google cares about Maps.

Yep.

> Does anyone know of a way to _complain_ about it that exists somewhere?

Nope.

Grant Taylor

unread,
Dec 4, 2023, 1:19:29 AM12/4/23
to
On 12/3/23 17:45, Wally J wrote:
> Both servers the error below (which you knew but I did not).
> "Posting article failed: Can't set system Injection-Info: header

Yep.

You're obviously not a configured / recognized peer and thus not allowed
to provide the Injection-Info: header.

I suspect that the Path: header is equally well protected.

> Unless there's a compliant nntp server, I'll accept that the
> Injection-Info header can't be (trivially easily) forged.

Hence why I say that end users can't spoof the Injection-Info: or the
Path: header.

This has to come from a trusted peer or the purported source.

> At least not with a simple "telnet newsserver 119" session.

*nod*

> Thanks for letting me know I can filter on that line.

So ... does this mean that you are starting to think about filtering all
messages from Google, at least in the newsgroup that you're interested in?

> But this is best taken up with the powers that be in this order.
>
> 1. Google

Almost certainly deaf ears and / or don't care.

> 2. Peers

Likely deaf ears and / or don't care.

> 3. Users

Yep.

Users are left to clean up the mess that others make way too often.

Wally J

unread,
Dec 4, 2023, 2:02:24 AM12/4/23
to
Grant Taylor <gta...@tnetconsulting.net> wrote

> Just about everybody else I've talked to believes the messages originate
> from Google.
>
> I can't recall anyone actually saying that the messages originate elsewhere.

OK. Thanks. I apologize for calling folks stupid as even I just now
implemented regex filters to filter out _all_ Google Usenet posts.

It's stupid; but it's the easiest thing to do. I agree. I just did it.
So call me stupid. I get it now.

If people want to post to Usenet, they will just have to know to not use
Google Groups to do it. That's the result. I'm filtering it now myself.

I apologize it took me this long to understand, but now I agree with all
the arguments that the news servers can't do much else given the newservers
they peer with peer with Google, where de-peering isn't as easy as I had
thought it would be.

It would have to be the news server doing EXACTLY what I just did.
Drop all messages coming from Google Groups users.

It's too bad _any_ news servers peer with Google then, it seems.

Namely Highwinds and Giganews (but I'm not sure which are the culprits).

Again, I am sorry I didnt' realize any of this when I had first posted.
It took me a bunch of articles to get up to speed where I see now why "my"
solution will have to be to just filter them _all_ out at receipt. Sigh.

Luckily it's easy as there are at least three headers which are unique.
Injection-Info: google-groups.googlegroups.com...
Message-ID: <...@googlegroups.com>
User-Agent: G2/1.0

Of those three, I can easily see why people prefer the "injection-info".
So now I'm filtering it all out. Sorry for taking so long to come to that
realization. I didn't know about the de-peering issues you brought up.

BTW, there's a project, I see, that tries to help users filter it all out.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Thanks for your help. My biggest hurdle was that I thought Google wouldn't
allow it, and that if it happened, they'd put a stop to it pronto.

I thought it was a fluke.
Someone slipping in an accidentally opened window.
One that Google would close the moment that they realized it was open.
Which is why I thought it more likely it went around Google.

But I have to agree with you that it's actually coming from Google.
Sigh.

I have friends who had worked there and they're all smart guys who know how
to code well. They just have to be given the task by Google Management.

The Doctor

unread,
Dec 4, 2023, 2:09:20 AM12/4/23
to
In article <ukioei$m66l$1...@paganini.bofh.team>,
Depeer means dropping a newsfeeds as a peer.

The Doctor

unread,
Dec 4, 2023, 2:09:55 AM12/4/23
to
In article <ukisac$30te6$2...@dont-email.me>,
Same here!

>--
>user <candycane> is generated from /dev/urandom
>


The Doctor

unread,
Dec 4, 2023, 2:10:45 AM12/4/23
to
In article <ukjopv$bqb$1...@tncsrv09.home.tnetconsulting.net>,
Still paralyse GG by depeering them.

>
>
>--
>Grant. . . .


Wally J

unread,
Dec 4, 2023, 2:16:40 AM12/4/23
to
Grant Taylor <gta...@tnetconsulting.net> wrote

>> Thanks for letting me know I can filter on that line.
>
> So ... does this mean that you are starting to think about filtering all
> messages from Google, at least in the newsgroup that you're interested in?

Well, um, er... it's embarrassing, especially after I said it was stupid to
just filter out all Google Groups posts, but I've already implemented it.

So can I take my words back now? :)
I'm surprised you didn't ream me harder. Thanks for being nice about it.

>
>> But this is best taken up with the powers that be in this order.
>>
>> 1. Google
>
> Almost certainly deaf ears and / or don't care.

Given Google won't even let me log into my own email account on VPN, I
wasn't prepared when I asked the question for the answer to be that google
isn't doing a thing about it. It wasn't one of the considerations I had.

I _still_ think if we get to the right people, we can get them to do
something about it. We just need a way to "tell them".

Tomorrow I'll call Mountainview (but I've been there, done that). The
operator must work on the side for the Gestapo as she'll never give you
anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.

>> 2. Peers
>
> Likely deaf ears and / or don't care.

That's the second shock. I was trying to think logically what the problem
was, assuming it was an accidentally opened window they were climbing in.

But if the window is left open on purpose, then that means the only avenue
left is for each user to filter it out (or for the responsible servers to).

Do I have my understanding correct yet that it's kind of like this?

1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.

Is that kind of how it works?

If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?

>
>> 3. Users
>
> Yep.
>
> Users are left to clean up the mess that others make way too often.

Well. I just did it. I called it stupid. But I have to eat my words.
I thought the right answer was to ask Google to close the window.
Or, worst case, to ask peers to stop peering Google servers.

Now that I'm edified, I still think those are the right answers.
But they'll never happen (based on what folks told me).

So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info

So I picked the Injection info.
Luckily it's easy to do for all people on all newsreaders.

There's even a web site to help them do it.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
--
Usenet is a useful way to meet people who know more than I do.

Wally J

unread,
Dec 4, 2023, 2:54:24 AM12/4/23
to
Grant Taylor <gta...@tnetconsulting.net> wrote

>> And maybe that's what we'll have to do as I don't think I've ever seen a
>> Usenet post from a Google Groups' poster that held any pertinent value.
>
> As I said elsewhere, I've had good conversations with people that post
> to Usenet from Google Groups. It does happen.

I'll ask Andy Burns to post his filters to the thunderbird newsgroup.

Here's a snippet of his conversation earlier today on comp.mobile.android
I have a separate address book called "google whitelist"
I put people in it of I know they're google groups users
I have a message filter that has two rules and two actions
IF "from" ISN'T IN ADDR BOOK "google whitelist"
AND message-id CONTAINS "@googlegroups.com"
THEN mark as read
AND add tag #6
That's thunderbird, I'm sure other clients can do similar

Here's the dejagoogle link to that conversation today:
*fumigation?*
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>
Post:
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/Q6bzV3aKAwAJ>
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/zL-_isyMAwAJ>

Here's a web site trying to do something about it to help users implement
the filter since it's best if one person implements it & the others copy.
<http://twovoyagers.com/improve-usenet.org/index.html>

>
>> But before I do that, I still think there must be a better way, where what
>> some people do on c.m.a is check a whitelist and then plonk if not in it.
>
> How complicated of a filter do you want to set up and maintain?

Well, see above. If we can get one person on each newsreader to post their
"complicated" filter, then everyone benefits. But I get your point.

I, myself... don't feel like _writing_ a complicated filter.
Of course, I'll _implement_ one if someone gives it to me.

Likewise I think with many users.
But I get your point.

I already implemented a blind kill-all filter based on the Injection.

>
>> But that's gonna be newsreader-specific code (unlike procmail was).
>
> Yep.

This site is trying to give newsreader-specific solutions.
<http://twovoyagers.com/improve-usenet.org/index.html>

>> But maybe I can't. I don't know. I'm not all that clever.
>> But I know how to use Telnet so I can try it. Later.
>
> Kudos for speaking NNTP via telnet. :-)

Thanks.

>
>> Even so, any of us can filter it out but the problem is at the
>> peering, so now I understand the suggestion of "de-peering" better!
>
> The problem is Google.

I had trouble believing that. But if they know about it, and don't do
anything about it, then the problem _is_ google, I agree.

They make a newsgroup unusable without filtering them out.

>
> Google is the singular source of the problem of spam from Google Groups.
> The news servers / administrators peered with Google are less of the
> problem. They are simply trying to be a common carrier and carry all
> articles equally.

Yes but. If the peers-with-google dropped their messages, maybe Google
would think twice? Dunno. I'll give Mountainview a call tomorrow.

But last time I called Google to get them to do something was long ago
when I tried to get them to change their dejagoogle URI from this...
<https://groups.google.com/forum/#!forum/newsgroup.name.here>
To this...
<https://groups.google.com/g/newsgroup.name.here>

For example, from this:
<https://groups.google.com/forum/#!forum/news.admin.peering>
<https://groups.google.com/forum/#!forum/news.software.nntp>
<https://groups.google.com/forum/#!forum/comp.mobile.android>

For example, to this:
<https://groups.google.com/g/news.admin.peering>
<https://groups.google.com/g/news.software.nntp>
<https://groups.google.com/g/comp.mobile.android>
etc.

When I created these shortcuts (really long ago for most of them).
<http://tinyurl.com/news-admin-peering>
<http://tinyurl.com/news-software-nntp>
<http://tinyurl.com/comp-mobile-android>
etc.

> The peers aren't the source of the spam.
>
> Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
> with Google".

Well, the solution, as I think everyone agrees, is for Google to do their
job. I'm shocked, actually, that Google allows this. You're not. But I am.

Again, I will call Mountainview and try to get a human (fat chance).
They may give me a way though to file a complaint using my Google Account.
That's how they fixed the Google Maps errors I had told them about.
That took 'em only a month - but I suspect this process will be longer.
If not forever.

>
>> As I said, I'm astounded Google is allowing this to happen when
>> they won't even let me log into my long-time email from the VPN
>> service I've been using for years - but Google is Google after all.
>
> Google has incentive to block you from using a VPN. I can't articulate
> what that incentive is, but I understand that your use of a VPN
> adversely impacts their business model.

Understood. The weird thing though is their coding is so sophomoric that it
even blocks me when I post from a public library to a large group of my
neighbors, but it doesn't block me when I post from home - but get this -
the same account posts to the same neighbors (so it's just bad coding).

>> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
>> is truly coming from Google servers, then that's where the solution lies.
>
> Yep.
>
>> Even Google put his email on a suspension once I wrote a formal
>> letter which included the report to the FBI - but I don't know
>> what happened of it as they told me never to contact him ever.
>
> Sadly, I suspect it's going to take something like a police / FBI report
> to get attention of the people you need.

Yeah. And that took a formal paper letter. They wouldn't accept anything
else but a letter with documentation (which wasn't hard to do but nowadays
we use email for almost everything).

>
>> That was hard enough.
>
> Yep. Getting Google to stop spam that doesn't impact them in a segment
> that they don't make any money from, that will be difficult.
>
> This is especially true if Google is avoiding the backlash of shutting
> down -- what I call -- their Google Groups Usenet gateway.

Well, I'm glad the search engine exists, and I've been a big proponent of
it for many years, as it's much better than some of the others, e.g.,
Narkives:
<https://news.admin.peering.narkive.com>
<https://news.software.nntp.narkive.com>
<https://comp.mobile.narkive.com>
etc.

>
>> It's even worse with Highwinds because I'm sure legitimate posters
>> must use it (do they?). If so, then highwinds can't be de-peered.
>
> HighWinds can be de-peered just like Google can be.

I think it's highwinds and giganews but I don't know much about peering.

>
>> I was hoping it was someone reputable, like Steve or Jesse
>> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
>> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.
>
> If you want to get an individual person to rattle Google's cage, try to
> get someone like Tavis Ormandy of Google's Project Zero.

I don't think they'll ever let me get to a person inside without a person
inside giving me the email, but I will try tomorrow but I don't expect a
miracle.

>
>> Finally after many calls (it's essentially impossible to get someone unless
>> you know someone who knows exactly the someone you need to talk to) I was
>> able to get it fixed, but the elapsed time was months in between.
>
> That was for a broken routing issue.
>
> Now just imagine for something that is working as intended / designed /
> configured.

Yeah. I know. Plus they care about Google Maps being correct.
DejaGoogle they don't (most likely).

>
>> It might even be worse here because at least Google cares about Maps.
>
> Yep.
>
>> Does anyone know of a way to _complain_ about it that exists somewhere?
>
> Nope.

Thanks for being nice to me, especially since I had barged in clueless.
If something comes of my call tomorrow, I'll let you know.
But I don't expect much (and I'm sure you expect even less than I do).
--
The whole point of Usenet is to find people who know more than you do.
And to contribute to the overall tribal knowledge value of the newsgroup.
It's a domino effect where each of us helps the next person in the lineup.

Tom Furie

unread,
Dec 4, 2023, 3:23:19 AM12/4/23
to
Grant Taylor <gta...@tnetconsulting.net> writes:

> HighWinds can be de-peered just like Google can be.

The follow-on problem there is that in today's world, if your ISP still
offers usenet access, or if you subscribe to a commercial usenet
provider, there's a high probability that what you're connecting with is
in reality nothing more than a front-end to Highwinds/Abavia/Giganews.

At least users of Google Groups *know* they're using Google Groups, even
if they don't understand the distinction between that and usenet.

Marco Moock

unread,
Dec 4, 2023, 3:29:49 AM12/4/23
to
Am 04.12.2023 um 08:23:15 Uhr schrieb Tom Furie:

> The follow-on problem there is that in today's world, if your ISP
> still offers usenet access, or if you subscribe to a commercial usenet
> provider, there's a high probability that what you're connecting with
> is in reality nothing more than a front-end to
> Highwinds/Abavia/Giganews.

What is the problem here?

Tom Furie

unread,
Dec 4, 2023, 4:08:52 AM12/4/23
to
Marco Moock <mm+use...@dorfdsl.de> writes:

> What is the problem here?
Unwitting innocents falling foul of the backwash if we get to the point
of feeling the need to shut off from those path components. Not a
significant hurdle, but a factor to be aware of.

Those users likely won't be aware that the server at "news.myisp.com" or
"news.retentionallthewayback.net" or whatever is just one of those bulk
services with a custom facade.

The difference being that Google Groups users know they're using Google
Groups and make the conscious choice as to whether to continue to do so.

Sn!pe

unread,
Dec 4, 2023, 7:24:26 AM12/4/23
to
Wally J <walte...@invalid.nospam> wrote:

[...]
> As I said, I'm astounded Google is allowing this to happen when
> they won't even let me log into my long-time email from the VPN
> service I've been using for years - but Google is Google after all.
[...]

PMFJI

I successfully use several Gmail accounts with a VPN but I access them
using IMAP with this Mac's native Mail.app. Are you using your browser
and Google's webmail interface? Do you perhaps have a spam-defeating
setting on your VPN? The VPN I use (PIA) has such a setting and it does
make a few websites barf until I switch it off.

--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator.
My pet rock Gordon just said "Klaatu barada nikto."

Google Groups articles not seen here unless poster is whitelisted.

candycanearter07

unread,
Dec 4, 2023, 9:03:29 AM12/4/23
to
On 12/3/23 23:52, Grant Taylor wrote:
> On 12/3/23 18:07, Wally J wrote:
>> so working backward, the users
>> can all filter on the system "Injection-Info: header" (which
>> moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
>> prevented that (as they should).
>
> I don't know how protected the Injection-Info: header is.  There's a
> good chance that it is as protected as the Path: header.
>

Does that mean they are protected or aren't?

Tom Furie

unread,
Dec 4, 2023, 9:27:41 AM12/4/23
to
candycanearter07 <n...@thanks.net> writes:

> On 12/3/23 23:52, Grant Taylor wrote:
>> I don't know how protected the Injection-Info: header is.  There's a
>> good chance that it is as protected as the Path: header.
>
> Does that mean they are protected or aren't?

They're non-modifiable by clients.

Ray Banana

unread,
Dec 4, 2023, 10:31:28 AM12/4/23
to
Thus spake Tom Furie <t...@furie.org.uk>
Unlike the Injection-Info: header, the Path: header must be explicitly
protected by setting strippath to TRUE in readers,conf

,------------------------------------------------------------------------
| strippath
| If set to true, any Path header field provided by a user in a
| post is stripped rather than used as the beginning of the
| Path header field body of the article. This is a boolean
| value and the default is false.
| ^^^^^^
\________________________________________________________________________

man readers.conf (for INN2)

--
Пу́тін — хуйло́
http://www.eternal-september.org

Grant Taylor

unread,
Dec 4, 2023, 11:55:00 AM12/4/23
to
On 12/4/23 01:02, Wally J wrote:
> OK. Thanks. I apologize for calling folks stupid as even I just now
> implemented regex filters to filter out _all_ Google Usenet posts.

;-)

I absolutely agree that filtering all of Google Groups is
/questionable/. And that news administrators that do so may need to
speak to why they did so. But I maintain that it's their choice to make
how they run their server.

Similarly it's end users choice how they run their news reader.

> It's stupid; but it's the easiest thing to do. I agree. I just did it.
> So call me stupid. I get it now.

I don't think saying that "it's the easiest thing to do" does it justice.

Filtering all of Google Groups is the only thing that I'm aware of that
doesn't miss any spam.

I'd love to learn about another option that doesn't miss the spam while
it does allow the good messages. I keep hoping that someone will
suggest something.

N.B. I don't believe that retroactively removing spam detected after the
fact; e.g. NoCeMs, is viable. -- I applaud people's efforts. But
there are multiple down sides to that system, much of which is people's
ongoing effort / time.

> If people want to post to Usenet, they will just have to know to not use
> Google Groups to do it. That's the result. I'm filtering it now myself.

That is the reality that is forming.

> I apologize it took me this long to understand, but now I agree with all
> the arguments that the news servers can't do much else given the newservers
> they peer with peer with Google, where de-peering isn't as easy as I had
> thought it would be.
>
> It would have to be the news server doing EXACTLY what I just did.
> Drop all messages coming from Google Groups users.
>
> It's too bad _any_ news servers peer with Google then, it seems.

I don't object to the concept of peering with Google, or anyone else,
for that matter. I do object to continuing to peer with an organization
that is clearly a massive source of spam.

> Namely Highwinds and Giganews (but I'm not sure which are the culprits).

Given the nature of Usenet's flood fill methodology, the articles will
eventually make it if there is a path and a receiving news server
doesn't filter them.

> Again, I am sorry I didnt' realize any of this when I had first posted.
> It took me a bunch of articles to get up to speed where I see now why "my"
> solution will have to be to just filter them _all_ out at receipt. Sigh.

I consider that to be learning. You presented valid points / concerns
and you listened to responses. You then came to your own conclusion.
-- I wish a LOT more people would do the same in many aspects of life.

> Luckily it's easy as there are at least three headers which are unique.
> Injection-Info: google-groups.googlegroups.com...
> Message-ID: <...@googlegroups.com>
> User-Agent: G2/1.0

I would discourage filtering on Message-ID: and User-Agent: as I think
that they can much more easily be faked by end users. Maybe I'm wrong.

> BTW, there's a project, I see, that tries to help users filter it all out.
> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Yep. There's lots of effort to clean up the mess that emanates from Google.

> Thanks for your help.

You're welcome.

> My biggest hurdle was that I thought Google wouldn't
> allow it, and that if it happened, they'd put a stop to it pronto.

I've never been a Google fan boy by any stretch of the imagination. But
there was a time when I would have given Google the benefit of the
doubt. That was more like two decades ago. I've seen too much,
experienced too much, hurt too much, cleaned up from too much since then
to do more than keep an open ear / eye.

> I thought it was a fluke.

I wish it was a fluke. Or even a flash in the pan that Google was
/quickly/ reacting to.

> Someone slipping in an accidentally opened window.

Sadly not.

> One that Google would close the moment that they realized it was open.

If only.

> Which is why I thought it more likely it went around Google.

My curmudgeonly experience is that the bigger the institution the slower
that it moves. Leviathan comes to mind.

> But I have to agree with you that it's actually coming from Google.

;-)

> Sigh.

I hoist my beverage in equal dismay at Google's behavior.

> I have friends who had worked there and they're all smart guys who know how
> to code well. They just have to be given the task by Google Management.

Google is now an institution and does what they think is best for them.
The "Don't" sign has fallen over and nobody has bothered to pick up the
mess.

The Doctor

unread,
Dec 4, 2023, 11:57:33 AM12/4/23
to
In article <ukjucg$slos$1...@paganini.bofh.team>,
Wally J <walte...@invalid.nospam> wrote:
>Grant Taylor <gta...@tnetconsulting.net> wrote
>
>>> Thanks for letting me know I can filter on that line.
>>
>> So ... does this mean that you are starting to think about filtering all
>> messages from Google, at least in the newsgroup that you're interested in?
>
>Well, um, er... it's embarrassing, especially after I said it was stupid to
>just filter out all Google Groups posts, but I've already implemented it.
>
>So can I take my words back now? :)
>I'm surprised you didn't ream me harder. Thanks for being nice about it.
>

I have had enough of GG and unaccountability!
Is that indexed by Google?

>--
>Usenet is a useful way to meet people who know more than I do.

Exactly how I feel.

The Doctor

unread,
Dec 4, 2023, 11:58:37 AM12/4/23
to
In article <ukk29k$m8d$1...@freeq.furie.org.uk>,
Can we get Highwindsto drop GG like a rock?

Tom Furie

unread,
Dec 4, 2023, 12:21:58 PM12/4/23
to
doc...@doctor.nl2k.ab.ca (The Doctor) writes:

> Can we get Highwindsto drop GG like a rock?

Unlikely. It seems (hearsay only, I have no direct experience) that
speaking to Highwinds is about as effective as speaking to Google.

Grant Taylor

unread,
Dec 4, 2023, 12:27:11 PM12/4/23
to
On 12/4/23 01:16, Wally J wrote:
> Well, um, er... it's embarrassing, especially after I said it was stupid to
> just filter out all Google Groups posts, but I've already implemented it.
>
> So can I take my words back now? :)

No. You can't take them back.

But you can learn from them and try to avoid the same mistake in the
future. -- Or so I've been told.

> I'm surprised you didn't ream me harder. Thanks for being nice about it.

Would it have done any good? Would you feel better if I had? I
wouldn't feel better about it.

So ... why put people out if there's no benefit longer than 45 seconds
of me feeling better when venting. ;-)

> Given Google won't even let me log into my own email account on VPN, I
> wasn't prepared when I asked the question for the answer to be that google
> isn't doing a thing about it. It wasn't one of the considerations I had.

I'm genuinely sorry for being party to your experiencing Google falling
off a pedestal. That's never fun and I don't encourage it.

> I _still_ think if we get to the right people, we can get them to do
> something about it. We just need a way to "tell them".

I think it will actually take multiple people. The people to advocate
that there is a problem that needs to be fixed. The people with the
know how to fix the problem. The people to encourage management to
allow the people with the know how to fix the problem. The management
to listen.

> Tomorrow I'll call Mountainview (but I've been there, done that). The
> operator must work on the side for the Gestapo as she'll never give you
> anyone's phone number. But she might give me a "contact" method, which
> likely entails a general Q&A location - but I'll try it nonetheless.

:-/

> That's the second shock. I was trying to think logically what the problem
> was, assuming it was an accidentally opened window they were climbing in.

Sadly nothing as benign as that.

> But if the window is left open on purpose, then that means the only avenue
> left is for each user to filter it out (or for the responsible servers to).

Reluctantly.

> Do I have my understanding correct yet that it's kind of like this?
>
> 1. The spammer logs into google groups and posts mountains of spam.
> 2. Servers just as Giganews & Highwinds peer with Google (I think).
> 3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
> 4. We get the articles from any one of those news servers.
>
> Is that kind of how it works?

Yep.

> If so, then is the culprit first & foremost Google.
> But secondly the servers that peer with Google?

Also true.

Giganews and Highwinds are in a somewhat unique position in that they
can literally de-peer Google as in remove the peering configuration for
Google from their servers.

For the rest of us that don't actually peer with Google, "de-peer"
translates to filter.

> Well. I just did it. I called it stupid. But I have to eat my words.

Trust me when I say that I've had to eat far worse words that I've said
/ typed. -- It's part of why I afford people wider berths when they
may be preparing a foot salad of their own. ;-)

> I thought the right answer was to ask Google to close the window.

I think that it is the most proper / most direct thing to do. Sadly I
think it's the least likely to have any effect.

> Or, worst case, to ask peers to stop peering Google servers.

Sadly, the big peers don't care and are unwilling to take it on the chin
to de-peer Google. After all It's Google, they can do no wrong! <sick>

> Now that I'm edified, I still think those are the right answers.
> But they'll never happen (based on what folks told me).

That seems to be the unpalatable reality.

> So I implemented a complete plonk already.
> I could have picked any of the three headers
> a. Message id
> b. Newsreader
> c. Injection-info

I take it that Path: wasn't an option for you?

I used Path: as cleanfeed on my news server has explicit support for
banning hosts in the Path: header.

> So I picked the Injection info.
> Luckily it's easy to do for all people on all newsreaders.

ACK

> There's even a web site to help them do it.
> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Yep.

Grant Taylor

unread,
Dec 4, 2023, 12:46:26 PM12/4/23
to
On 12/4/23 01:54, Wally J wrote:
> I'll ask Andy Burns to post his filters to the thunderbird newsgroup.
>
> Here's a snippet of his conversation earlier today on comp.mobile.android
> I have a separate address book called "google whitelist"
> I put people in it of I know they're google groups users
> I have a message filter that has two rules and two actions
> IF "from" ISN'T IN ADDR BOOK "google whitelist"
> AND message-id CONTAINS "@googlegroups.com"
> THEN mark as read
> AND add tag #6
> That's thunderbird, I'm sure other clients can do similar

Kudos for "mark as read" vs "delete".

That has the benefit of the messages being there if you want to go look
for them. Which is exactly why I do that very thing for email filters.

But Usenet is somewhat different, especially filtering server side.

> Well, see above. If we can get one person on each newsreader to post their
> "complicated" filter, then everyone benefits. But I get your point.

I was thinking more server side to catch each type of spam emanating
from Google Groups while still allowing ham through. That's at least
two orders of magnitude more complicated and an ever changing game of
whack-a-mole.

> I, myself... don't feel like _writing_ a complicated filter.
> Of course, I'll _implement_ one if someone gives it to me.

*nod*

> Likewise I think with many users.
> But I get your point.

;-)

> Thanks.

You're welcome.

I'd have to look up NNTP as I don't do it often enough. But I used to
do SMTP / POP3 / IMAP weekly and sometimes daily at ${OLD_JOB}.

I find that I'm now occasionally speaking HTTP via telnet or via
OpenSSL's s_client for TLS.

> I had trouble believing that. But if they know about it, and don't do
> anything about it, then the problem _is_ google, I agree.

I can't "like" this statement, no matter how much I agree with it.

> They make a newsgroup unusable without filtering them out.

#HEAVYsigh

> Yes but. If the peers-with-google dropped their messages, maybe Google
> would think twice? Dunno. I'll give Mountainview a call tomorrow.

I suspect that there are multiple, if not many, in Google that would
think "finally, now we can kill that thing that we've been dragging
forward".

> Well, the solution, as I think everyone agrees, is for Google to do their
> job. I'm shocked, actually, that Google allows this. You're not. But I am.

I want to be clear, I used to be shocked. That was years ago. The
shock wore off. The apathy -- I think that's the word that I want --
remains.

> Again, I will call Mountainview and try to get a human (fat chance).

I suspect that you'll eventually get to a human if you try hard and / or
long enough.

I'll be surprised if that human is anything more than a complaints
department / yes person.

I'll be shocked if any good comes from your efforts. Unless you are the
final straw that breaks the camel's back.

> They may give me a way though to file a complaint using my Google Account.
> That's how they fixed the Google Maps errors I had told them about.
> That took 'em only a month - but I suspect this process will be longer.
> If not forever.
>
>
> Understood. The weird thing though is their coding is so sophomoric that it
> even blocks me when I post from a public library to a large group of my
> neighbors, but it doesn't block me when I post from home - but get this -
> the same account posts to the same neighbors (so it's just bad coding).

"sophomoric" is a good way to describe much of what I experienced.

> Yeah. And that took a formal paper letter. They wouldn't accept anything
> else but a letter with documentation (which wasn't hard to do but nowadays
> we use email for almost everything).

The requirement for paper was probably a very low level gate that blocks
multiple orders of magnitude of complaints that they consider to be noise.

> Well, I'm glad the search engine exists,

Please don't get me started on their search engine.

I have a funny thing wherein I expect words that I search for to be in
the (cached version of) the results page.

I use `grep`, `find.exe`, and the likes frequently.

But I'm also a lay human I can't possibly know what I want to search for
and I must be helped / coddled by the LLM feigning AI. <PROJECTILE VOMIT>

> and I've been a big proponent of
> it for many years, as it's much better than some of the others, e.g.,
> Narkives:
> <https://news.admin.peering.narkive.com>
> <https://news.software.nntp.narkive.com>
> <https://comp.mobile.narkive.com>
> etc.
>
> I think it's highwinds and giganews but I don't know much about peering.
>
>
> I don't think they'll ever let me get to a person inside without a person
> inside giving me the email, but I will try tomorrow but I don't expect a
> miracle.

Tavis O. used to be on the blue bird sight that used to start with a T.
I've not been there in a while and have no idea if he is either.

> Yeah. I know. Plus they care about Google Maps being correct.
> DejaGoogle they don't (most likely).

Sadly.

> Thanks for being nice to me, especially since I had barged in clueless.

Please return the favor to someone else. ;-)

> If something comes of my call tomorrow, I'll let you know.

Please do.

> But I don't expect much (and I'm sure you expect even less than I do).

;-)

Grant Taylor

unread,
Dec 4, 2023, 12:48:32 PM12/4/23
to
On 12/4/23 02:23, Tom Furie wrote:
> The follow-on problem there is that in today's world, if your ISP still
> offers usenet access, or if you subscribe to a commercial usenet
> provider, there's a high probability that what you're connecting with is
> in reality nothing more than a front-end to Highwinds/Abavia/Giganews.

Agreed.

Though I don't see a problem with that in and of itself. Though if I
were an ISP, I would refer to it as outsourced service for ISP customers.

I don't think there is any shame in an ISP outsourcing some services.
They just need to own it and admit