PGTS PGTS Pty. Ltd.   ACN: 007 008 568               Mobile Version Coming Soon

point Site Navigation







Valid HTML 4.01!






   Download Kubuntu Today

   Ubuntu

   The Power Of KDE + Ubuntu





Feedback and Hints, December 2004

There has been big increase in the activity levels by spammers. Some of the outstanding low lights are shown below. Including a special mention for yahoo.co.uk, scammer friendly ISP, who say that because the scammer does not employ spam, there is nothing they can do ... (So they are really strict about spam, but attempted fraud is ok?) (??!!).

No doubt there are lots of 419 scammers sheltering behind the Yahoo.co.uk see-no-evil, say-no-evil policy. Not all ISPs are so scammer-friendly. Many of them just terminate scammers when notified about the fact. Those that don't get a special mention here.

Meanwhile for the regular spammers, who are just trying to drum up some business, it seems that they are getting out early to beat the Christmas rush. Even with block lists in place there have been 24 spam emails for the month of December. Which is an all time record for the PGTS site!

Bear in mind that because I use block lists there were hundreds of spam messages each day that did not get through. If I wasn't using block lists, then my inbox would have been crammed so full of spam I literally would not have been able to find the regular mail!

<sarcasm> Gee! ... Aren't we all so lucky the government has banned spam! Otherwise this could become quite a problem ... </sarcasm>

Sarcasm aside this has prompted the latest article on spam. The Spam Tide Rises!. And I must hasten to add that the article and the title were composed before the dreadful tragedy which befell people living in South and South East Asia when their countries were inundated with tsunmamis.

Feedback:

Hints for this month:

Remember those less familar vi commands?

Date: Wed, 01 Dec 2004 23:12:33 +1100
From: Gerry Patterson

Since vi is my preferred editor whilst reading e-mails, I often find
myself writing a file so that I can read it into another email. Because
I must access each email using the MUA (in my case this is mutt), I have
to save the temporary data as a file. And due to force of habit I often
forget that the write command like so many vi commands can be prefixed
with a range. e.g. if you want to write only the current line the
following will do this:

    :.w! mutt.tmp

This writes only the current line to the file mutt.tmp. If the file
exists it is over-written. Another example is:

    :.,+4w temp.tmp

This will write five lines (starting with the current line) to the file
temp.tmp.

And this command:

    :+1,/blah/w! temp.tmp

will write to the file temp.tmp, from the next line (after current) to
the line containing the string /blah/. If the file exists it will be
overwritten ... etc, etc.

And while on the topic of often forgotten vi commands. I should take
more time to acqaint myself with the many handy additional features that
vim offers. For example it is possible to quickly convert between dos
and unix formats with the following set command:

    :set ff=dos

Note: The ff setting is an abbreviation for fileformat. If you are
perusing a unix file, then setting the fileformat to "dos" will convert
it to dos format when it is saved. (i.e. lines terminated by "\r\n")

To convert from dos to unix use the following:

    :set ff=unix

This would change the setting back to unix so that the next time the
file is saved, all lines will be terminated with a single \n character.

That's easier than the method that has to be employed with ye olde
(unimproved) vi, which does not recognise (and auto-detect) file
formats. In addition the carriage return ("\r", Ctrl-M or 0x0D) is a
standard (and essential) part of the command line interface. This is
true for both vim and vi. To insert it at the end of a line with regular
vi, I employ a technique like the following:

    !Gawk '{print $0 "\r"}'

(Old awk programmers never die they just find GNU ways to extend their
life). On the other hand this command:

    :%s/^M//

would convert to UNIX (i.e. using the Ctrl-V key to quote ^M, and trim
those extra "\r" characters, with a substitute command. Of course this
doesn't work in vim, because it auto-detects the dos format and does not
display the ^M characters at the end of each line.

Back To Index

Hits script

From: Richard Garside
Date: Thu,  2 Dec 2004 00:26:07 +1100 (EST)

Dear Webmaster,

 -- Message Follows --
Hi,

I would very much like to use your hits perl program but I can't find
the file agent_data anywhere on your site.

Have I missed something?

Thanks,
Richard.
 -- Message Ends --
 From: xx.xxx.xx.xxx
Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0


Richard,

Ed: A number of people have asked this. Unfortunately the agent_data script
is hooked into a postgres backend (which contains data collected on
agents).

I have since realised that many people would like a script that works
without running a postgres database that collects data about agents. I
would like to develop a general purpose script that would work as a
stand-alone.

However, it is something that I will be doing in the future.

Back To Index

RE: Australian Spam Legislation

From: "Jeff Ryall"
Date: Fri, 3 Dec 2004 18:17:49 +1100

Ed: Jeff followed up on my previous email -- see last month's feedback.

Gerry,

The member was a Liberal, who I got to know through the election.

He sits on the communications committee.  His response was that while he can
sympathise, nothing will happen.  There is a general trend towards greater
privacy, and politically, you can't open things up again.  He admitted he
wasn't across the Act, and hadn't taken much notice as it went through
parliament.

A concerted effort is needed to:
1.  Relieve the unnecessary constraints this places upon business, and small
    business disproportionately;
2.  Establish meaningful international actions to shut spammers off at the
    source.

Your thoughts?

J

_________________________________________________

Jeff Ryall

Ed: I am not hopeful of an international solution to the problem ... for
all the reasons already stated.

There might be some action if a lot of people protested about the
legislation. However this is unlikely, since many people cannot see
through what is essentially a conjuring trick ...

People are upset about spam -- ok it is rather annoying. So the
government passes a law against it. Everyone cheers! hooray! alleluia!
After all, nobody is in favour of spam. Right? And that is the essence of
the conjuring trick ... The government has given the appearance of doing
something with a legislative sleight of hand, while in fact they have
done nothing at all!

And meanwhile the spam just increases!

There is a considerable amount of inertia and unwillingness to protest
about such silly legislation. After all ... why rock the boat? Might be
safer to just fill out your BAS, go home and watch American reality
shows on your American cable channel, folks. There should be lots of
those in the years to come!

Personally, I find it extraordinary that the govt doesn't feel some
shred of embarrassment about the fact that anti-spam legislation clearly
does not work! The legislation is not worth the paper it is written on.
Come to think of it that paper was quite valuable and probably worth
considerably more than the legislation!

Now if we were talking about a serious crime here, things might be
different ... or (gulp) maybe they wouldn't?

Frankly I think the legislation is a waste of space. But it will
probably stay on the books ... Nevertheless there are practical steps
that a legitimate and well-intentioned business can follow to obey the
letter of the law:

1. Do not send bulk email unless the recipients have expressly opted-in.
   Phone calls are ok for opting in, but it is safer to ask them to
   confirm (by email or writing). Which ever method, they must clearly
   state that they wish to receive the email.

2. If someone asks to be removed from a list, any list. Just do it!
   Whether they ask by phone, fax, post-it note, casual conversation, or
   carrier pigeon. Remove them immediately!

3. If you keep database(s) of clients or potential clients, they should
   be able to request details of their own file. And no other party
   should be able to access the information.

4. Use common sense and courtesy when using email, just as you should
   with any communication method.

5. Deploy robust, secure, open source mail hosts, web hosts, LAN
   servers, firewalls and routers throughout your organisation. Not only
   does this reduce the likelihood of spam, it reduces maintenance costs
   and costs in general. It also increases reliability, improves
   performance and reduces down-time. (You might also consider robust
   secure open source client-side software on your desktops).

Back To Index

419 scammer maryam Abacha

From: m_abacha20044@zipmail.com.br
Date: Sat,  4 Dec 2004 00:14:39 +1100 (EST)

Ed: Dear me,

These guys are getting desperate. Here is another one who carefully
cut and pasted this into my feedback form.

His email address is m_abacha20044@zipmail.com.br


Dear Webmaster,

 -- Message Follows --
Mrs. Maryam Abacha,
N0 4 Sanni Abacha Court
Kano City
Kano State
Nigeria

Attn:sir/madam

ASSALAAM_WALEIKUM !!!
It is with heartful of hope that I write to seek your help in the context
below.

I am Mrs. Maryam Abacha the wife of the former Nigeria Head of State, Late
General Sani Abacha, whose sudden death occurred on 8th of June ...

Ed: etc, etc, etc ...

Then at the end ...

They have equally guaranteed 100% smooth transfer.Please reply through
my Email of family lawyer address first for security reason.Please
include your personal telephone and Fax numbers in you reply of this
letter.Please all contacts must be made through our family lawyer
Barrister Adamu Idris of Regency & Associates Lagos Nigeria
E-mail:(adamudris@yahoo.com).


I look forward to your quick response, may Amighty
Allah bless you.
Yours faithfully,

MRS. MARYAM ABACHA


 -- Message Ends --
 From: 213.255.192.114
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; DigExt)

Ed: May you rest in peace for eternity!

But note the address being used as a drop point, which is:
adamudris@yahoo.com

See below for another example of Yahoo's scam friendly policy.

Back To Index

Silktide Sitescore

From: Oliver Remberton
Date: Sun,  5 Dec 2004 02:47:44 +1100 (EST)

Dear Webmaster,

 -- Message Follows --
I run the team that wrote SiteScore - thanks for the review!

You might be interested to know we've been making some fairly
substantial enhancements, which we're hoping to make public over the
Christmas period.

Your feedback is of great help to us - thanks again.
 -- Message Ends --
 From: xxx.xxx.xx.xx
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)

Ed: Impressive Feedback! (i.e. impressive for the speed of response).
This arrived four days after the article was published. Obviously the
SiteScore method makes extensive use of a Search Engine. Hands up all of
you who think that the Search Engine is Google ...

Back To Index

RE: Australian Spam Legislation

From: "Jeff Ryall"
Date: Sun, 5 Dec 2004 10:40:12 +1100

Thanks Gerry.  Agree with everything you say.  I would add to this that
newsletters are exempt, so we will use this avenue with our extensive email
list, gathered prior to April this year.  We are adding a note to these
kinds of communications that this communication complies with the Spam Act,
if you want to be removed etc. etc.

As a member of the Liberal Party, I have:
1. ACCESS to the government through my member, and one-step removed from
   ministers.

2. Ability to raise policy issues from the local branch. It is a test of
   persuasion as to how far this goes, but you can readily get policy
   onto the national agenda.

Best regards,

jeff

_________________________________________________

Jeff Ryall
Quality Award Partners Pty. Ltd.

Back To Index

Perl-based HTML editor

From: Alex
Date: Thu, 16 Dec 2004 03:25:46 +1100 (EST)

Hello,

Have you some Perl-based HTML editor for convenient html page creation

Some example: http://www.theofel.de/oss/makehtml.html

Problem is that this makeHTML script requires Tie::IxHash module, but
some of hosting have no this module for various reasons


Best Regards,

Alex

 -- Message Ends --
 From: xx.xx.xxx.xxx
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)

Ed: No, I don't have a Perl-based HTML editor. I cut my HTML with vim (using
syntax high-lighting, and use some perl to help format it.

A quick search with Google was not very helpful -- searching the web
with keywords like perl+HTML+editor+download really is like looking for
a needle in a haystack. Do you belong to any user-groups? It might be a
question to post on a mailing list ...

BTW: I know it's not perl-based and it is quite a large bundle of
software, however I should mention the OpenOffice word processor, which
writes pretty good HTML code. By that I mean that it is compact, W3C and
employs a neat little trick of keeping its' word-processing type format
information inside HTML comments in the HTML document. If you haven't
tried Open Office yet, it is definitely worth a look.

Good luck

Gerry

Back To Index

Browser OS Identification

From: Deko
Date: Thu, 16 Dec 2004 09:30:10 +1100 (EST)

Dear Webmaster,

 -- Message Follows --
I'm trying to come up with a quick and dirty way to identify OS based on
user agent string. I'm only interested in the more popular OSes, and was
wondering if you could sanity check my regex based on your knowlegde on
user agent strings. Any suggestions welcome! Here's what I've got so
far:

if (eregi("(win.*NT 5.1|win.*NT 5\.1|Windows XP)",$agent))
{
	$visos = "Windows XP";
}
elseif (eregi("(win.*NT 5\.0)",$agent))
{
	$visos = "Windows 2000";
}
elseif (eregi("(win.*NT 5.2)",$agent))
{
	$visos = "Windows Server";
}
elseif (eregi("win.*NT)",$agent))
{
	$visos = "Windows NT";
}
elseif (eregi("(win.*98)",$agent))
{
	$visos = "Windows 98";
}
elseif (eregi("(win 9x.*4.90)"))
{
	$visos="Windows ME";
}
elseif (eregi("win.*95)"))
{
	$visos = "Windows 95";
}
elseif ((ereg("(Mac|PPC|Mac_PowerPC)", $agent))
{
	$visos = "Mac";
}
elseif (eregi("Linux",$agent))
{
	$visos = "Linux";
}
elseif (ereg("BSD",$agent))
{
	$visos = "BSD";
}
else
{
	$visos = "unknown";
}
 -- Message Ends --
 From: xx.xxx.xxx.xx
Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)

Ed: Yes this looks ok.

When last I did this, I was a little more critical of agent strings, If
the strings look out of place or unusual, I assume that they have been
deliberately cloaked. I also examine IP addresses for "crawling"
patterns, so if I discover that not only are the agent strings out of
place (from standard out of the box strings), but they also seem to be
crawling, then just mark them as unknown.

This whole thing is very hard to automate ... My list is in a lamentable
state of neglect. Often I find I must go through and manually correct
the data (because it so difficult to put all the logic into a program).
Before I gave up on it ... here was the logic I had for determining OS:

# ------------------------------------------------------------------------

sub which_OS {
	return("SunOS") if ($_[0] =~ /SunOS/);
	return("Unix") if ($_[0] =~ /\Wunix\W/i);
	$OS = "-" unless ($OS = $_[0]);
	return "$1" if ($OS =~ /(Mac OS X)/ ||
			$OS =~ /(Mac OS)/ ||
			$OS =~ /(irix)/i);
	if ( $OS =~ /^Mozilla\/\S+ \(compatible;/){
		my @t = split(/;/,$');
		for my $i(1 .. $#t) {
			if ($t[$i] =~ /MSN/      ||
			    $t[$i] =~ /AOL/      ||
			    $t[$i] =~ /CS 2000/  ||
			    $t[$i] =~ /Wal-Mart/ ||
			    $t[$i] =~ /MSIE/) {
				$i++;
			}
			else {
				$OS = $t[$i];
				last;
			}
		}
	}
	else {
		if (	$OS =~ /(Linux .*)/   ||
			$OS =~ /(Windows .*)/ ||
			$OS =~ /(\S+bsd .*)/  ||
			$OS =~ /(\S+BSD .*)/  ||
			$OS =~ /\W+(Win98)/
					) {
			$OS = "$1";
		}
		elsif ($OS =~ /Macintosh/){
			$OS = "Mac OS";
		}
		elsif ($OS =~ /amiga/i){
			$OS = "AmigaOS";
		}
		else {
			$OS = "-";
		}
	}
	return "-" if ($OS =~ /Crawl your own/);
	$OS =~ s/^\(//;
	$OS = "Windows ME" if (($OS =~ /Windows 98/ || $OS =~ /-/) && $_[0] =~ /Win 9x 4.90/);
	$OS = "Windows 2000" if ($OS =~ /Windows NT 5.0/);
	$OS = "Windows XP" if ($OS =~ /Windows NT 5.[12]/);
	$OS = "Windows 98" if ($OS =~ /Win98/);
	$OS = "Windows NT" if ($OS =~ /Windows NT 4.0/);
	$OS = "Mac OS" if ($OS =~ /Mac_PowerPC/);
	$OS = "Irix" if ($OS =~ /IRIX/i);
	$OS = "$1 intel" if ($OS =~ /(.*BSD) .*[2-6]86/);
	$OS = "Linux intel" if ($OS =~ /Linux/ && $_[0] =~ /i[2-6]86/);
	$OS = "Linux strongARM" if ($OS =~ /Linux.*(armv\w+)/);
	$OS = "$1 $2" if ($OS =~ /(Linux).*(sparc64)/);
	$OS = "-" if ($OS =~ /www/i);
	$OS =~ s/\).*//;
	$OS =~ s/\;.*//;
	$OS =~ s/\s*$//;
	$OS =~ s/^\s+//;
	$OS =~ s/'/ /g;
	return($OS);
}

# ------------------------------------------------------------------------

Back To Index

Re: Browser OS Identification

Deko sent the following reply

From: Deko
Date: Thu, 16 Dec 2004 14:17:56 -0800


Thanks for the reply - I may add more functionality later, but for now a
quick and dirty approach is fine.  It would be interesting to know who is
meddling with their browser's info (or cloaking) but they can fall into the
unknown bucket as far as I'm concerned.

cheers,

de

Back To Index

And another 419 scammer -- do they really make a living?

From: moriskamba01@yahoo.co.uk
Date: Sat, 18 Dec 2004 01:03:30 +1100

Ed: The following was sent to Dan Byrnes via his feedback form. Maybe
these guys are also making a big effort for Xmas?

It appears that this scammer really does live in West Africa. He seems
to have cut and pasted his spiel into Dan's feedback form at 2004-12-17
12:39 GMT while sitting at an Internet Cafe in Togo, West Africa (see
below for the address).

If any spambots would like to harvest Morris' e-mail address ... it is
moriskamba01@yahoo.co.uk

Gerry old pal, look, if I can get my machine to be talking to your machine
ok, do you reckon we could get hold of something going with Morris Kamba
here, and take him for a ride, say, to the Moon (?). I have next Wednesday
free, if my machine keeps going ok. Doin' anything next Wednesday?

Cheers,
----- Original Message -----

From: Morris Kamba <moriskamba01@yahoo.co.uk>
Reply-To: <moriskamba01@yahoo.co.uk>
To: dan@danbyrnes.com.au
Subject: Message from Morris Kamba

Dan,

The following message has been received by the PGTS postmaster.

-- Message Follows --
I don't know whether you will be interested in this greet business
opportunity. I am a citizen of Togo in west Africa.

It is all about consignment of DIPLOMATIC GOODS what over thirty million
dollars.($30.000.000). I will be glad if you show concern by replying me
via same email adress.

I await your urgent response. Remain blessed.

Regards,
Morris Kamba
-- Message Ends --

The following details were collected about the user agent:
IP Addr: 80.248.64.59
Browser: MSIE 5.01
     OS: Windows 2000
Referer: unknown

Whois gives the following information about Morris' IP address:
	role:         ROLE ACCOUNT OF CAFENET
	address:      Route de Kpalime - AVENOU
	address:      BP: 12596 LOME
	address:      TOGO (West Africa)
	phone:        +228 225 5555
	fax-no:       +228 225 6666
	e-mail:       hostmaster (at) cafenet.tg
	mnt-by:       CAFENET-MNT
	admin-c:      YANO1-RIPE
	admin-c:      AKAD1-RIPE
	tech-c:       AKAD1-RIPE
	tech-c:       ST1012-RIPE
	tech-c:       KIN3-RIPE
	nic-hdl:      CNET2-RIPE
	notify:       admin-lirtg (at) cafe.tg
	changed:      adiel (at) akplogan.com 20030926
	source:       RIPE

	person:       Adiel AKPLOGAN
	address:      CAFE informatique
	address:      Route de Kpalime - AVENOU
	address:      BP: 12596 LOME
	address:      TG
	phone:        +228 255 555
	fax-no:       +228 256 666
	e-mail:       adiel (at) akplogan.net
	nic-hdl:      AKAD1-RIPE
	remarks:      West AFRICA
	notify:       lir-tg (at) cafenet.tg
	notify:       adiel (at) akplogan.net
	notify:       adiel (at) akplogan.com
	notify:       hostmaster (at) cafenet.tg
	changed:      adiel (at) akplogan.net 20030508
	source:       RIPE

Ed: I thought I would let the yahoo.co.uk know that a scammer is using
one of their mailboxes ...

I sent the following to the postmaster: 

I wish to notify you of an attempted fraud using the well known 419
scam.

The perpertrator is using the account moriskamba01@yahoo.co.uk.

This is not mail abuse. The perpertrator typed his offer into an email
deliver form at 2004-12-17 12:39 GMT, using the URL:
http://www.danbyrnes.com.au/cgi-bin/psql?db001
The message was delivered via the PGTS postmaster.

This was an attempt at criminal fraud, which is prohibited in your
country. Details of the incident have been posted at:
http://www.pgts.com.au/cgi-bin/pgtsj?file=pgtsj0501f#fb010

Regards, etc


I included a transcript of the message session. Their rather pathetic
response is shown below.

Back To Index

Bold Spammers offering Funny prices, American pants sizes

Date: Mon, 20 Dec 2004 04:24:46 +1100
From: Gerry Patterson

Ed: I have discontinued the the practice of reporting spam in this
column (long ago replaced with an automated system), but these guys are
just so Bold they deserve a special mention. The netblock 62.42/16 is
owned by Cableuropa - Ono, a Spanish ISP. It is a portable address. The
carderlanet.cc domain is uses the nameservers ns1.sdhost.ru and ns1.sdhost.ru.
The person nominated as a contact is Igor V Smirnov, with an address of
linil@land.ru. The domain land.ru is mentioned in the rhyolite.com blacklist.

There is very little information about the domain land.ru which uses
nameservers in the domain pochta.ru. All these trails seem to stop at
the domain rbc.ru

The following was sent as plain text ...
First the headers which were:

> From 5aq46@yahoo.com Mon Dec 20 04:24:46 2004
> Return-Path: <5aq46@yahoo.com>
> Received: from 62.42.69.210 (MS1-3C-u-0209.mc.onolab.com [62.42.69.210])
> 	by pgts04.pgts.com.au (8.11.6/8.11.6) with SMTP id iBJHOh474521
> 	for <gerry@pgts.com.au>; Mon, 20 Dec 2004 04:24:44 +1100 (EST)
> 	(envelope-from 5aq46@yahoo.com)
> Message-Id: <200412191724.iBJHOh474521@pgts04.pgts.com.au>
> From: sales@theplanet.com
> To: gerry@pgts.com.au
> Subject: #SPAM# Bold Spammers offering Funny prices, American pants sizes
> Subject: www.carderlanet.cc
> Date: Sun, 19 Dec 2004 13:20:40 -0500
> MIME-Version: 1.0
> Content-Type: text/plain;
> 	charset="Windows-1252"
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Mailer: Microsoft Outlook Express 6.00.2800.1437
> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1441

Ed: And the body text:

Best credit cards, cashing of dirty money, stolen paypal accounts,
access to the bank accounts of UK and USA residents - all this you will
find only on www.carderlanet.cc Come now and you will receive 10 credit
cards with cvv2 code for free. Today it becomes a reality, cards with or
without cvv2 code from USA and European countries, you can have them for
funny prices on www.carderlanet.cc And also you can find the data about
USA residents, starting from the bank accounts and ending with their
pants size. All this and many other things - only on our company sites.

Thank you to our hosting company www.theplanet.com they give us hosting
not paying attention to FBI calls. Theplanet is the best hosting if you
want to place there the sites with child porno, weapon sales etc. and a
lot of other staff.

You can also make an order by the phone: 800-377-6103 or 214-782-7800

Ed: Are these guys really that bad?

Back To Index

Re: 419 scammer using yahoo.co.uk as a drop point (KMM58204118V12369L0KM)

Yahoo respond to my notice regarding a scammer using one of their accounts. The following email was set from the Yahoo Customer Care Centre.

Date: Mon, 20 Dec 2004 03:12:53 +0000
From: Yahoo! UK & Ireland Mail


Hello,

Thanks for writing to Yahoo! UKIE Customer Care.

Mass distribution of unsolicited email messages (or "spamming") violates
the Yahoo! Terms of Service (TOS).

After careful evaluation, we have determined that this email message did
not actually originate from the Yahoo! Mail system. It appears that the
sender of this message forged the header information to give the
impression that it derived from the Yahoo! Mail system.

We take the operation of Yahoo! Mail very seriously. Unfortunately,
there is no control over messages sent through other email systems and
it's not possible to preempt the misuse of the Yahoo! name in forged
headers. While Yahoo! cannot technically prevent its domain from being
forged in the headers of an email message, actions have been taken
against companies in an effort to prevent further forgery of the Yahoo!
brand and to seek damages as appropriate. Individuals are strongly
discouraged from forging the Yahoo! domain in the future and appropriate
action will be taken as necessary.

If, in the future, you receive an unwanted email message that appears to
derive from a Yahoo! Mail account, please include the following in your
report of email abuse to assist us in a prompt and full evaluation:

1) Original subject line--Please forward the email with a subject
identical to the original subject.

2) Complete headers -- email programs often display abbreviated headers.
To learn how to display the full headers in a Yahoo! Mail account,
please visit our Help Desk at:

http://help.yahoo.com/help/uk/mail/config/config-11.html

If you are using a different client to read your email, please consult
your email program's help system for more information on viewing full
headers.

3) Complete message body -- please include the complete, unedited
content of the email message in question. Please do not change or edit
the message in any way.

If reports of email abuse are missing any one of these three items, it
may take longer for the Yahoo! Mail Abuse Team to properly investigate
and take appropriate action. We appreciate your efforts in reporting
this abuse to Yahoo!. Due to security restrictions of our custom
messaging system, we request that you simply forward a copy of the
message on to us as opposed to sending it in an attachment.

Regards,

Customer Care Abuse Team - Yahoo! UK & Ireland

CONFIDENTIALITY NOTICE: This email and any attachment is confidential
and may be legally privileged. It is intended for the named recipient
only.

Ed: Am I talking to real person? Or this just a form letter? Usually I
don't bother letting the hosting ISP know that their mail system is
being used by a scmammer, and replies like the above illustrate why.

And just how exactly? ... Did they carefully evaluate those headers?

(Duooh!)

Just out of curiousity I replied. I told them that it was not SPAM. I
put it in capitals this time just to re-iterate that I do know what SPAM
is, thank you very much etc etc ... Dear Yahoo!, Take note: This is a
SCAM i.e. attempted fraud! ... A criminal offence! etc etc. Just a
little experiment to see if anyone at Yahoo! was actually reading my
email ...

Before long the reply (below) came back ... Nope, they were not reading
my mails. Amazing how corporations think that sending out a stock
standard reply that only displays how little attention they gave your
email is good public relations! Generally it would be less annoying to
be completely ignored than to get this sort of rubbish.

Back To Index

Re: 419 scammer using yahoo.co.uk as a drop point (KMM17001689V23297L0KM)

Date: Sun, 19 Dec 2004 22:15:55 -0800
From: Yahoo! Mail

Hello,

Thank you for writing to Yahoo! Mail.

We understand your concerns about receiving unsolicited email, and can
certainly empathize with your frustration. Yahoo! Mail offers several
tools to help you keep spam out of your Inbox:

   1. "Spam" and "Not Spam" buttons -- The most effective way to prevent
spam from entering your Inbox is by using the "Spam" button in your
Inbox or the "Not Spam" button in your Bulk Mail folder.  If a spam
message is delivered to your Inbox - click "Spam."  If a non-spam
message is delivered to your Bulk Mail folder - click "Not spam."

By sending examples of spam to Yahoo! for review, it will increase the
effectiveness of Spamguard, Yahoo! Mail's filtering system. Yahoo! will
use the messages you send to constantly improve the Spamguard technology
and help ensure that unwanted messages are delivered to your Bulk Mail
Folder rather than your Inbox.

   2. Filters -- Yahoo! Mail offers you the ability to create filters
for your account. You can create filters to deliver emails to a special
folder, or to the Trash folder that:

     * contain specific words or phrases
     * are from a sender's domain
     * contain other characteristics you find in spam

Learn more about setting up filters at the Help Desk, located at:

    http://help.yahoo.com/help/mail/manage/manage-06.html

   3. Block an address -- Use this feature to block email addresses you
do not want to receive email from. When an address is blocked, incoming
email from these addresses will be automatically disposed of, without
bouncing back to the sender. When you remove an address from your
Blocked Addresses list, you will once again be able to receive mail from
that address. For directions on how to block an email address, please
visit:

   http://help.yahoo.com/help/us/mail/read/read-22.html

   4.  Report the spam -- If you receive harassing or unwanted mail from
what appears to be a "@yahoo.com" address, you can forward the message
directly to us for review at:

   abuse@yahoo.com

Please include an unedited copy of the original message along with the
full Internet headers. To learn how to display full headers in Yahoo!
Mail, please visit:

   http://help.yahoo.com/help/us/mail/config/config-11.html

If you receive unwanted mail from a non-"@yahoo.com" address, you may
try contacting the sender's email provider by identifying the sender's
domain and contacting the administrator of that domain. Unfortunately,
Yahoo! has no control over activities outside its service, and therefore
we cannot take action in these situations. The sender's provider should
be in a better position to take appropriate action against the sender's
account.

If you have any further questions about spam, please see our Online
Support web page at:

   http://help.yahoo.com/help/mail/spam/

Thank you again for contacting Yahoo! Customer Care.

Regards,

Louis

Yahoo! Customer Care
http://www.yahoo.com/

12637575

Ed: Another email, which clearly shows that no-one at Yahoo! read any of
my correspondance. I didn't waste anymore time on them ... because I
didn't want another lecture from the Yahoo help desk about how to
identify SPAM.

The question is does anyone at Yahoo (UK and Ireland) know what a scam
is?

Obviously one of their customers, Moris Kamba knows.

Back To Index

Thoughts on The Spam Tide Rises

Date: Sat, 25 Dec 2004 11:01:45 +1100 (EST)
From: Brian Robson

Dear Gerry,

My thoughts...

Firstly, people take too much notice of Bill Gates. Kerry in the Tuesday
Oz correctly calls him Billgatron - he's some sort of robot now. He
wants no solution to spam, except one that would make zillions for M$.

When I read your article, you seem to be making these points:-

(a) The anti-SPAM laws are foolish etc

(b) The anti-fraud laws (all around the world) are already sufficient.
    Further crimes like slavery and murder are already outlawed.

(c) There is no evidence that spam is about to fade away, as the govt
    claimed. In particular the ACS has not helped.

(d) Since nothing is being done, and there is no public outcry

(e) Govt should fund/encourage anti-spam measures that work such as the
    block lists. (I think it would be a national initiative that saves
    time.)

In the papers this week was an article about spam, essentially saying
people are still reading and replying to spam. Sufficient people are
still replying to make it worthwhile to send spam.

My own view is the the response rate is between 1 and 30 per million,
way below a direct mail campaign, but still worthwhile since it costs
nothing to send spam, and the receivers are picking up the new costs and
the cost of trashing most of it. Under American-style democracy, it's
quite difficult to deny a corporation their right to send spam. After
all, the telemarketing industry manages to stop the database of 60
million people who did not want to receive calls. (This has had a lot of
press, presumably you have heard of it, but essentially 60 million
people signed up for no telemarketing calls in a two month period about
two years ago. A similar number would vote for no spam I reckon. So any
govt just has to promise no-spam to stay in office.

Actually in offices, Spam has just about disappeared.

As you probably know, I am good friends with Arthur Chesterfield Evans
the NSW Democrat in the Upper House here. He is quite interested in Open
Source software etc, and we swap emails quite a lot. Recently I put it
to him that all emails containing (suspect) attachments could be delayed
for four hours, while emails without attachments would be delivered at
once. (Attachments containing already known viruses would be deleted and
the email without the attachment delivered at once.)

This would allow time for virus signatures to be automatically updated
on the server at the ISP, and thus even the latest outbreaks would be
circumvented. The result would be the end of viruses as we know them,
for a small time penalty. It would perhaps help prevent a "day zero"
case where the virus exploits a previously unknown defect. The existing
virus industry (especially McAfee and Norton/Symantec) sell massive
quantities of false protection to home users. Sure they weed out a lot
of viruses, but they do not protect at that vital point where a new
virus is in the wild, but the signatures have not been updated yet. Then
they produce the update ASAP, then blame the user for not being up to
date at the moment of infection, or the user just accepts the point that
no protection was possible at that point in time. Anyway, Arthur would
not accept that emails having attachments should be delayed by four
hours. I guess, all this would make a good article attacking the virus
industry.

Some of the same argument goes for Spam, IP addresses sending spam must
take a while to get on the blocked list. Only a few minutes delay would
nip most spam in the bud. Perhaps white lists would bypass this delay
for Ok cases. (Telstra, with their pool allocation of IP addresses to
broadband customers deserves to be banned. Their public relations
lackeys are a disgrace, but fortunately chat rooms can see through
them).

I always draw a parallel these days with Google. It's a machine, all
tasks are automated, there are no manual tasks happening. They cannot
answer any emails, because they handle 250 million searches per day, and
even a tiny fraction of this is an avalanche of email requiring staff.
In the same way, removal of spam should be a completely automated task
done to a public spec, implemented by all parts of the Internet.
Automatic removal off blocked lists too. Clearly, as you say, the
spammer cannot hide their IP address, even if it is just an innocent
computer that has been taken over.

In the case of legislation not fixing spam, I agree. There seems to be a
worrying trend that it's Ok to pass laws involving technology, as
anything is possible these days. This seems to include technology that
has not been invented (Starting with missile defence, see latest
Economist for the sorry story), and passing laws to use technology that
works the opposite to known science and known technology, it's stuff that
cannot work anyway. It would seem pollies are either not informed, or
simply vote for "good ideas" even if the implementation is impossible.
(The war on drugs springs to mind, and also all the litigation, like the
person suing the shop because they burned themselves on their hot
coffee, or the one where the mother and daughter both claimed they had
never seen a cinema seat that sprung up when you stood up; one of the
two injured her bum when she sat down again on nothing.)

Lastly, it's great to get a prediction right, as you have done with
predicting the failure of the spam laws and the increase in spam. In
early 1999 I had published an article which said the whole Y2K think was
a hoax and a waste of money, and I was attacked by lots of letter
writers in the next issue of the magazine, but I was spot on. It was a
bonanza for big consulting companies, and no one could criticize after
the event, as they took credit for the lack of nasty Y2K incidents. (But
countries that made no Y2K preparation had little trouble neither.)

So happy Christmas, but spam is especially distressing at this time of
year, as the number of normal people writing or sending newsletters
declines to virtually nil, yet the spam continues hour after hour. So
far today at about 9am I have had 66 emails, all spam, I briefly opened
only 2 but they were spam too.

Brian

Ed: Block lists do work. Although there is a humungous amount of spam on
The Web, most of it comes from the same netblocks. And yes, the first
time a spammer discovers a virgin IP address, it gets through. But if
you are using DNS-block lists, the next ninety-nine spams don't get
through.

Furthermore, DNS-block lists don't give false negatives. That's because
a properly configured MTA sends a reject notice. So when someone tries
to send you a real email, they get a reject notice if their server has
been listed. And why would someone's server get listed? Because it has
been used to send spam! How do you get your IP address off the list?
Easy: Just ask the list owner to remove you and your mail host will be
immediately removed. Of course if another spam email is sent from that
IP address it goes straight back on the list. The only way to stay off
the list is for your system administrator to make sure that no spam
emails are sent from that IP address. If it is a portable address, than
you probably shouldn't be sending email directly from that address (only
spammers do that these days).

Some people prefer with content filtering. However the big problem with
filtering is that it requires constant maintenance (because spammers
kept varying the content). Also it can give false positives. For example
if I sent you a genuine email and talked about great investment
opportunities and I just happened to innocently mention figures like ONE
HUNDRED MILLION DOLLARS and I also happened to mention (just by chance
mind you) the son of a president of some African country and being a
very religious person I end with words "God Bless You" ...

Of course it's not likely that I would send anyone such an email, but if
I did, there is a very good chance that my perfectly legitimate email
would be tagged as spam (actually a 419 scam) by some zealous content
filter. Worst of all this gets done after it has passed to the MTA
(content filtering can only commenced after all of the transmission has
been received and the port 25 session has concluded successfully). So I
(the sender) don't get 550 reject. And that's why if you (the recipient)
use content filtering, you really have to review all the rejects, just
in case one of them is a false positive.

You don't have that problem with DNS-block lists.

Bottom line is: Block Lists Just Work! And they keep on working ...

And yes good call on the Y2K fiasco. I started out very skeptical, but
as the event drew nearer and nearer I must confess that I got caught up
in the Y2K fever. Of course there really was a problem with legacy
mainframe systems. I worked on many of those systems, and I was quite
aware of the problem. Basically we just wrote our own date-handling
routines and we stored the dates as YYMMDD. And it is pretty obvious
that you will have a problem at the end of the century. We knew that in
sixties of course. What surprised me was the total clean sweep that
happened in the nineties. All those old systems just got thrown out! I
saw an analysis of this in Dr. Dobbs in 1999. Some boffin worked out the
amount of storage that was saved at sixties and seventies storage costs.
And the amount was mind-boggling. The boffin concluded that if we used
that money to replace the systems in nineties then WE MADE THE RIGHT
CHOICE! I wish I could remember that guy's name ... because he was spot
on!

That guy was right, and so were you ... But it was still a courageous
call.

I mean what about the system integration? I did start to ponder those
difficulties ... It's hard not to get caught up in the hysteria. I set
aside extra supplies of water and canned goods (a voice in the back of
my head was telling me this is stupid -- you know the water supplies
don't use IBM mainframes) I don't know about you but I started to wonder
about the wisdom of flying on that night. There is a hell of a lot
embedded systems in aircraft these days (and I did have a pilot's
license so I had an inkling of just how much there was)

The weird thing is we decided to fly on New Year's Eve. Which is a bit
of a contradiction ... Here's a guy who might have been worried about
Y2K and has now booked a light air-craft and talked his pregnant wife
into flying with him to Sale on New Year's Eve 2000!

This was the first time she had agreed to fly with me ... I think she
never really regarded small craft with one propeller as real aircraft.
Nevertheless it was all arranged ... baby sitters etc.

My boss then tells me that he wants me to shut down all the servers just
before midnight on New Year's Eve and then start them up at after
midnight has started. I raged that this was totally unnecessary. We had
Unix/Oracle servers and they did not have such problems. We had replaced
all the mainframe systems. In fact the biggest risk to the systems was
shutting the the system down! In the end we didn't fly anywhere, I
shutdown the systems (and my boss went out to a party!)

Back To Index

And now they are spamming my dog!

Date: Fri, 31 Dec 2004 13:53:38 +1100
From: Gerry Patterson

Ed: The following remarkable spam was sent to me at this time ...

> From margoubele@catholic.org Fri Dec 31 13:53:38 2004
> Return-Path: <margoubele@catholic.org>
> Received: from 203.213.17.11 ([61.149.86.146])
> 	by pgts04.pgts.com.au (8.11.6/8.11.6) with SMTP id iBV2rXk65623
> 	for <gerry@pgts.com.au>; Fri, 31 Dec 2004 13:53:34 +1100 (EST)
> 	(envelope-from margoubele@catholic.org)
> Date: Fri, 31 Dec 2004 13:53:34 +1100 (EST)
> X-Message-Info: 5wdoUWzPL8NAVmey0ugIXakVHE9NGH6ikBQrI6
> Received: from dns1yahoo.com (58.64.207.71) by bm1-qk1.yahoo.com with Microsoft SMTPSVC(5.0.2195.6824);
> 	 Thu, 30 Dec 2004 19:45:34 -0700
> Received: from yahoo.com (127.0.0.1) by dnsyahoo.com
>   (SMTPD32-7.12     ) id M382Z3; Fri, 31 Dec 2004 07:41:34 +0500
> Subject: will this help you?
> From: Morgan.Sweeney
> To: gerry@pgts.com.au
> Message-Id: <1851455796362.O987@yahoo.com>
> Content-Type: multipart/alternative;
> 	boundary="--603699371175583870"

Ed: This Chinese host is currently listed. Whois lists Beijing
Telecommunication Administration as the owner. Many lists seem to have
listed the entire netblock (61.149.86/24).

Some of the body text (HTML) is rendered below. Normally I don't bother
reading HTML spam. But I was intrigued by the subject line. I have never
had spam for my dog before!

Songs To Make Dogs Happy is the first canine approved musical CD
created especially for your dog.

http://PETCDS.com, the Laurel Canyon Animal Co. and nationally known
psychic animal communicator, Dr. Kim Ogden collaborated to produce a CD
that your dog will love. Its twelve original songs were tested by focus
groups of over 200 dogs nationwide.

If you'd like to know more about our company, are interested in hearing
sound samples or would like order any of our CDs please visit our web
site at www.petcds.com.

Here's what some happy dog owners and their dogs had to say about our
CD:

My Rottweiler, Virgil, loves the music so much that we had to get two
CDs; one for the house and one for the car. Once we are all buckled in
our seat belts, Virgil just stares at the radio until I play "his" CD .
-Cynthia Bartkus

I spoke with Hilde just now and she asked me to email you. She was
driving in yet another Michigan thunderstorm and had all 3 pups in the
car. She put on your CD to see if it would help ...

Ed: etc, etc ... There followed a long list of testimonials as to the
exceptional quality of the music. ... I won't bore you with all the text
It's good to see that it's business as usual in Laurel Canyon, despite
the US CAN-SPAM act.

Of course this opens a hither-too untapped reservoire for musicians!
Although, as an ex-musician, I can't imagine who would agree to such a
marketing scheme for their music? It makes one wonder ...

Back To Index