Re: [General] Hey SBC Techs, what's with abuse@pac

Author	All Replies
elvey Spamassassin join:2001-02-17 San Francisco, CA Reviews: ·Virgin Mobile Br.. ·Sipgate VOIP	reply to elvey Re: [General] Hey SBC Techs, what's with abuse@pac I provided »www.spamhaus.org/sbl/listings.la···bell.net as evidence. I note that no one is disputing that evidence. CCCMTech said "We generally only deal with spam from @pacbell.net and @sbcglobal.net customers." "Generally" and "deal with" are vague terms. I can say specifically that is false that you terminate your spamming customers. You host hardcore spam gangs responsible for millions of spam per day, according to the above and otehr solid evidence, who ARE "@pacbell.net and @sbcglobal.net customers". Were this not true, I would be putting myself in legal jeopardy by claiming it to be true. I want to hear from SBC that the entries at »www.spamhaus.org/sbl/listings.la···bell.net are being looked into and will be terminated, and a 'by when' date. Friedl, thanks for clarifying, old friend! (Well, old respected teacher, anyway... from my Goldman Suachs days). On Hormel's product: Why your calling spam SPAM is rude: given your claimed uber-expert experience, you should know that Hormel doesn't like it; the topic comes up often. »www.spam.com/ci/ci_in.htm definitively answers this question. If a newbie calls it SPAM, no big deal. You're no newbie, or so you claim, Stuart. But your erroneous understanding of what whitelisting (Definition: »info.astrian.net/jargon/terms/w/···ist.html) is further suggests you are no expert. Challenge Response "CR", which you confuse with "white listing" is something else entirely!. I did not misquote or misrepresent what you said, contrary to your implication, as the record shows. Whitelisting is a useful component of most anti-spam systems, but CR causes both false positives and false negatives (I know from experience) and it is selfish to use and annoys the people you wish to hear from, so while it's fairly effective, and has a fairly low error rate, it's no panacea. I read an oft quoted (paid for by the well-reviewed CR product) report that showed CR to be perfect, but it was run on simulated spam not actually sent by spammers to the test systems. The test harness sent the test system simulated spam (thereby breaking source-based filtering components of the tested systems) and non-spam and responded to the challenges just for the non-spam. Thanks for confirming that you were mistaken when you said that SpamCop blocks spam. What ISP do you use that blocks spam using the SCBL, contrary to SpamCop's instructions? "SpamCop is aggressive and often errs on the side of blocking mail - users should be warned and given information about how their mail is filtered. Ideally they should have a choice of filtering options. Many mailservers can operate with blacklists in a "tag only" mode, which is preferable in many situations." Back to the main issue: I expect spammers on PacBell's network who are reported to be terminated. I expect PacBell to be particularly responsive when the spammer is in ROKSO.
	to forum · permalink · 2003-11-18 12:11:09 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers. Their Bulk mail may or may not have originated from an SBC account. There are address spoofers (sobig is a great example) Many of these are not as simple as "Oh, this was sent from one of our customers, lets TOS him". I don't have any contact with the dept. that handles this directly. I can however send an intercompany request for info, not sure how much info I can get though. Much of this info is CPNI when dealing with specific individuals. I'm not sure as to the legalities of discussing the account status of other individuals in regards to Bulk mail. -- Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today?
	to forum · permalink · 2003-11-18 13:56:31 · (locked)
Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	said by CCCMTech: Although I admit I have not looked at the entire SPAMCop list, most of these email complaints are against web hosted customers. This is called "spam support services" - hosting a website that's pimped by spam - and it's one level removed from the actual bulkers. Many ISPs will terminate a customer for running spam support services, and I hope that SBC is one of them. Now it's possible that a legit site can get spammed by an "affiliate", but the responsible sites act responsibly to terminate the affiliation immediately and deny payments to the spammers. I've seen this work for years, and it's not hard to tell the responsible sites from those that are clearly hiding behind their affiliates. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2003-11-18 14:00:22 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate. Combined with the fact that this group does not communicate with customers very often or us even. If you have any legit complaints I can question our abuse group. But I don't know what kind of response I'll receive. -- Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today?
	to forum · permalink · 2003-11-18 14:04:23 · (locked)

Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	said by CCCMTech: In many cases these addresses are spoofed, falsely identified or otherwise mismarked so it is a rather complex issue to investigate. If I sent tons of spam from a server in Korea (with forged from addresses) that promotes an SBC-hosted website, it shouldn't matter whether the emails themselves had any connection with SBC. Spoofing is irrelevant: there would be no reason for the spam if the website didn't derive the benefits of that spam. Most of this spam is done using affiliate arrangements: the link I spam you with includes (one way or the other) my referral ID, so I get paid on all the hits generated from my spam. If you make that dry up, then the spammers will go elsewhere. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2003-11-18 14:10:17 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email? I'm failing to see where the irrelevance is. Almost all spammers do not send from their own email so it is not always cut and dry. Back to the Korean example, how can we TOS a customer who isn't one of our customers? It may not be against that Korean ISP's TOS... -- Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today?
	to forum · permalink · 2003-11-18 14:31:45 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	Most SPAM from SBC emails do not link to SBC sites, or SBC-Hosted sites...
	to forum · permalink · 2003-11-18 14:34:01 · (locked)
Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	reply to CCCMTech said by CCCMTech: So if my "Buy your Viagra" email was sent to you from a Korean connection by a Korean customer who decided to spoof an SBC email, you would blame SBC for the email? The spoofing is irrelevant - you have to presume that you'll never find the real sender of the email. But you know who benefits from the spam. If buy-viagra.com is run by me, and I'm an SBC customer, then it's a pretty easy jump to believe that I had something to do with the spam. You'd go after me as a beneficiary of the spam. This happens all the time because otherwise people could spam with impugnity through Korea or whatever, and then claim "Well the email never touched SBC, so SBC can't touch me". Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2003-11-18 14:43:36 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com.... -- Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today?
	to forum · permalink · 2003-11-18 14:51:10 · (locked)
Steve I know your IP address Consultant join:2001-03-10 Yorba Linda, CA kudos:5	said by CCCMTech: Let's say your not an SBC Customer and have no tie to it other than the SBC email you used a word list to make, but you do run buy-viagra.com.... You mean if buy-viagra.com is my website, but I host it elsewhere, and there was no concrete proof that I had anything to do with the emails? That's easy: there's nothing you can do. One never uses a "From" address for abuse purposes. Steve -- Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site
	to forum · permalink · 2003-11-18 14:57:02 · (locked)
CCCMTech Premium,VIP,MVM join:2002-05-17 Baxter, KY	I know I've received spam from "my email address" knowing I didn't send it...sometimes with a fake IP header such as 192.168.23.245 especially for pornographic spam. -- Thank you for choosing SBC Internet Services. My name is Rick. How may I help you today?
	to forum · permalink · 2003-11-18 15:21:24 · (locked)

US Telco Support > AT&T > AT&T West > [General] Hey SBC Techs, what's with abuse@pacbell.net?