Re: [anti-abuse-wg] New on RIPE Labs: How We Will Be Validating abuse-c

2018-12-03 Thread peter h 
Please convert this spammer to an ex-user

On 
Monday 03 December 2018 09.28, Walter Marshall via anti-abuse-wg wrote:
> Maximize success in SMS marketing can be achieved using the necessary 
> applications and software. Personally, I would recommend this service 
> https://testelium.com/
> 
> Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum
> 
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Mailman

2018-10-22 Thread peter h 
Yes, we have.

This is a Ccommon hoax send as SPAM  and the intention is to scare folks to pay.

SPAM is the problem here!



On Monday 22 October 2018 07.50, ac wrote:
> 
> Hi All,
> 
> I will be repeating this post on four Mailman mailing lists
> 
> I received one of these: "I hacked your account, here is your password
> and pay me bitcoin" scam emails - to an...@ox.co.za with the password I
> used on anti-abuse-wg@ripe.net (and three other Mailman lists only...)
> 
> As I use different passwords, change my passwords (up to now, except
> for mailing lists), every 7 to 30 days, I am usually able to know
> exactly where, when so that I can go look for the how, etc.  As
> unfortunately I used the same email and same password on four lists, I
> do not know which list data has been compromised. 
> 
> If anyone else receives similar email with a password used on
> anti-abuse, please let us know...
> 
> For abuse discussion purposes: With which frequency should one change
> mailing list passwords? And, is it even that important? Compromising a
> mailing list password allows whomever to change my digest options and
> nothing much else, so, does it really matter?
> 
> One should have one password for each mailing list (and not one for
> four...) but, is it important enough, in terms of abuse itself, to
> even change these monthly? or maybe yearly? or maybe not at all?
> 
> Andre 
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Not Abuse

2017-08-15 Thread peter h 
On Tuesday 15 August 2017 09.17, ox wrote:
> Hi All,
> 
> Some spammers are now sending "verify your email account" spam abuse.


I would say that sending a single unsolicited "verify your email account" IS 
SPAM
The keyword here is "unsolicited"

This is not the same as a mail sent as a respons to some action done, subscribe
or purchase from someone. That "verify your email account" is legitimate.

But unsolicited is always spam.


> 
> When an email address is submitted and a vendor confirms that email
> address (prior to subscribing it to a bulk mail list, etc) :
> 
> imho, sending a single (one) email to verify/confirm every 24 hour
> period - with a maximum of two verify/confirms reminders (one per 24
> hour period) - is not abuse.
> 
> But sending more than one verify/confirm email, in a single 24 hour
> period - and sending more than 3 emails in total - in any period - is
> abuse.
> 
> I know that I have used the spammer, twitter.com before as an example,
> but they are good examples to use.
> 
> Twitter.com seems to never remove their victims email addresses (and
> even ignores unsubscribe requests). Twitter.com also seems to go
> through bursts of activity and sends many confirmation emails to
> spamtraps (accounts that has never existed and only exists in stolen
> databases - i.e not real person/people) - whether criminals or third
> parties submit these fake email addresses to twitter.com or how
> twitter.com obtains these addresses are not relevant to this thread
> 
> What is relevant is: Do you agree that sending "more than 3 verify your
> email account" is abuse?
> 
> If you do not agree, what do you think that number should be? 
> 
> How many "verify your email address" and reminders to confirm, etc. is
> not abuse, in your opinion?
> 
> Like I said, I think one in 24 hours and a total of three, seems
> reasonable to me.
> 
> Thanks!
> 
> Andre
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] [cooperation-wg] WannaCry Ransomware

2017-05-15 Thread peter h 
The main route of attack is by SPAM.

Why is noone doing something effective against SPAM ?




On Monday 15 May 2017 13.59, Gordon Lennox wrote:
> Thanks Richard for distributing this.
> 
> However I am sure everybody else on this list had already checked their 
> favourite sources of information well before this was sent out. Europol has 
> to be much faster.
> 
> “a critical exploit in a popular communication protocol used by Windows 
> systems”? OK again people here know what was going on: it was not the 
> protocol but the implementation. If Europol is going to address the wider 
> public then they have to use simpler, cleaner language.
> 
> Anyway what Europol omits to even hint at is that this bit of poor 
> programming from Microsoft was known to certain government agencies from way 
> back. And they tried to kept secret so they could use it themselves?
> 
> We need a better discussion about this. Access providers are being asked to 
> carry out user surveillance / logging on behalf of LEAs. Meanwhile the IETF 
> is encouraging encryption while government ministers are trying to discourage 
> encryption. Meanwhile governments know where common systems are vulnerable 
> and yet neither tell the public nor protect the public.
> 
> Gordon
> 
> 
> > On 15 May 2017, at 07:57, Richard Leaning  wrote:
> > 
> > Dear Colleagues,
> > 
> > The European cybercrime centre at Europol have asked us to circulate the 
> > below. I hope you find it useful and please forward it on to anyone who you 
> > may think will benefit from it.
> > 
> > Kind regards
> > 
> > Richard Leaning
> > External Relations
> > RIPE NCC
> > 
> > 
> > ///snip
> 
> 
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] The well-behaved ISP's role in spamfight

2017-02-13 Thread peter h 
On Monday 13 February 2017 18.09, Richard Clayton wrote:
> In message <201702131743.10508.pe...@hk.ipsec.se>, peter h
> <pe...@hk.ipsec.se> writes
> 
> >The very simplest thing to do is make sure any outbound smtp is relaye 
> >through
> >the ISP's
> >mailrelays, where spam could be detected and subsequently blocked.
> 
> this is very unpopular with legitimate businesses who wish to be fully
> in control of their email sending destiny -- and ISPs generally do not
> wish to discourage the people who cause no trouble and pay their bills
> regularly and on time
> 
> so although "port 25 blocking" is a M3AAWG Best Practice it has not been
> widely adopted with the main (but not only) exception being the large
> consumer ISPs in the US (ISPs in Europe have, for historical reasons,
> had a significant number of business customers mixed in with pure
> consumers and that has made the difference)

There is not any req that all customers always should be forced to use
ISP relays, the default behaviour might be to use ISP relays, and
to have DHCP given address. But for an extra service one could 
obtain a fixed address, and as extra service, use port 25.  The main 
point is to have those "unaware" users, whos computers might be stolen, 
prevented. They won't notice, and they don't get harmed.

Spam from a fixed ip or range is much easier to detact and correct then spam 
from 
any box that happens to get an DHCP lease.  Flexibility and service is the
keyword here.

Also, to have a AUP that gives the ISP right to disconnect or block offenders is
importent, and also that the customer has right to service. Any aggreement
is twofold, both rights and obligations, like in society in general.

I'm glad that spam is recignised as the problem it is and hope a renewed 
activity to claim back the bandwitdh and storage space the spammer has taken 
from us.

Yours


-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

[anti-abuse-wg] The well-behaved ISP's role in spamfight

2017-02-13 Thread peter h 
As my wife urged me to clarify things :-)

The role for an ISP in fighting abuse is to detect and prevent it's customer
from sending malware & spam out of it's network. Not filter incoming
stuff, that would be censoring.

A number of means is available for an ISP, most provided that a customer has
signed implicity or in some form a AUP where rules for use of it's services
are stated.

The very simplest thing to do is make sure any outbound smtp is relaye through 
the ISP's 
mailrelays, where spam could be detected and subsequently blocked.

A large number of other measures exists, it's only a matter of priority.

Relying on operating systems ( read MS) to solve spam 
is hopeless, just think of MS track record. And open source won't help either.

Junking SMTP would mean that we loose a independent vendor-independent 
autonomous
decentralized way of exchanging messages. It vwon't stop the bad guys, they can
always find ways around it, but it will stop you and me from freedom to
express ourself and exchange thoughts. 


Thanks for the opportunity to express my thoughts.

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Why SPAM exists in 2017

2017-02-13 Thread peter h 
On Monday 13 February 2017 16.27, HRH Prince Sven Olaf von CyberBunker wrote:
> The above is , of course wrong. spam is illegal, and delivered by 
> illegal means,
> 
> well. i hate to break it to you, but filtering it at an isp level, and 
> all activities of so-called self-declared 'blacklists' are illegal under 
> dutch law. it violates net-neutrality, and yes, there is a dutch law 
> against 'spam' but it does not 'protect' business entities, solely 
> natural persons.

Net neutrality is a wholly different animal.  Learn the difference.
As regards to blocklist it's an opinion about trust, to act
according to this is noones business. As mailservers are private property 
the owner has every right to whatever rules one wants. Reufusing
to accept mail from untrusted sources is one such rule. Refusing
to accept malware another rule.

As for the sentence "blacklists' are illegal under dutch law"  please
quote the law mantioned.

As for "indirect opt-ins" it's a fraud in it's entety, noone at it's sane mind 
will
give carte blance to let enyone send spam. It's enterely a hidden
clausure in micropic pront hidden under some banner.

spam is theft and criminal, deliver of spam is done in a criminal fashion. 

Peter h / fighting spam since 1987, unfortently unsuccessful.

( i'll leave the comments below as reference for future standup comedians)
> 
> > usually by breking into someones computer and using a bystanders Internet 
> > resources.
> >
> > As regards to opt-in, there is no thing as "indirect opt-ins"
> yes there is. "hereby i request/agree to receive offers from <$party> OR 
> it's partners".
> (which are left undefined)
> > The rest of the confusing message is left out to save electrons ;.)
> as for your vague "it is spread by illegal means"... well, if they 
> commit wire-fraud (or other hacks) to
> distribute the spam, that seems to be a clear case... in such cases i 
> would not even bother with the 'spamming' aspect but just file charges 
> for hacking ay... doh.
> 
> eventhough you lot of 'anti spam' idiots basically CAUSED them to take 
> that step, by constantly scaring email advertisers away from owning 
> their own infrastructure or using rented infrastructure at normal isps.
> 
> either way to me the entire discussions seems pretty much irrelevant, as 
> none of you seem to have taken any steps to harden your protocol against 
> undesired communications, whatsoever... just 'bla bla ip reputation 
> rating' bla bla kinda dysfunctional crap, that never stopped any single 
> spam whatsoever, and at most, just generated income for competing isps, 
> in terms of 'setup fees' every time they changed isps. lolol. GET A 
> FUCKING FRIENDS LIST... d0h. and find some way in which the From: cannot 
> be set to random values as well, while you're at it.
> 
> > zsnip>
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Why SPAM exists in 2017

2017-02-11 Thread peter h 
I received this with a personal mail message, i find it interesting enough to
share with the list:

On Saturday 11 February 2017 23.29, HRH Prince Sven Olaf von CyberBunker wrote:
> simple: why spam 'exists' in 2017 is that 1: it's legal 2: it's not even 
> real abuse even if it would be illegal (it does not use any protocol or 
> service daemon outside of it's technically specified bounds) and 3: you 
> never bothered to modify your antique protocol to include a friends list 
> or encryption keys to select 'senders' based on a contact request or 
> pre-shared keys.
> 
> the question is more why is 'spam' being considered 'abuse' on this 
> mailinglist in 2017 when there are tons of -actual- REAL abuses on a 
> network level going on every single day.
> 
> 
> SPAM... is NOT... abuse. spam is fully legal. neither technical abuse 
> nor a crime or anything else

WRONG.  SPAM is illegal in sweden and EU.

> 
> and in the few cases where it could be a crime, just call the feds. it's 
> their job, not the isps.

ISP's is cooperating in this crime. They know the crime, they know how to 
prevent it
and they don't. 


The rest of this message deleted ..
> 
zsnip>
> Spam exists as ISP across the world, with some excemptions, don't do even the 
> most basic
> > procedures to detect and stop spam from their networks. Shame on them ( but 
> > it is cheap )
> >
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Why SPAM exists in 2017

2017-02-11 Thread peter h 
On Saturday 11 February 2017 09.11, ox wrote:
> Hello Everyone,
> 
> Famously, during 2004, Bill Gates promised the world that Spam would no
> longer exist by 2006.
> 

> Your thoughts?
> 
> Andre


Spam exists as ISP across the world, with some excemptions, don't do even the 
most basic
procedures to detect and stop spam from their networks. Shame on them ( but it 
is cheap )

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Handling abuse complaints (was: Abusive behavior by Google Inc)

2016-04-15 Thread peter h 
On Friday 15 April 2016 10.03, Esa Laitinen wrote:
> Ahh. I didn't think I would put my foot in my mouth this way, and I do
> apologize the list for not paying enough attention to what was written.
> Teaches humility, this does.


We all do mistakes, thats human

Not everyone is brave enought to admit these mistakes, YOU are one that is 
brave, thats heroic !!

Keep up !


> 
%snip% 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )

Re: [anti-abuse-wg] Spam from a C class

2015-11-22 Thread peter h 
On Saturday 21 November 2015 08.46, turgut kalfaoğlu wrote:
> Hello everyone; I just joined this group.
> My name is Turgut Kalfaoglu, those old enough to have seen me in EARN
> (now TERENA)  perhaps remember me; if so, hello to you all.
> 
> I have a problem on a server that I'm managing, it's getting a
> substantial amount of spam over many months from various IP's in the
> 185.111.244.0/24 range.
> The "abuse"  email address is  des...@oyunmerkezi.com.tr , which
> translates as "supp...@gamecenter.com.tr".
> 
> Having a such "light" abuse email, I suspect that reporting to this
> "game center" will not solve the spam problem; I believe they are doing
> this knowingly.
> I emailed them to stop, and blocked the IP range on my server,  but I
> also want these people reported as they are spamming millions, and
> hopefully have their IP range revoked.
> Is there a procedure within RIPE to apply for a such abuse?
> 
> Many thanks,
> Turgut Kalfaoglu
> 
> 

it's acvtually a /22 range : 
inetnum:185.111.244.0 - 185.111.247.255
netname:TR-YILKOL-20150803
descr:  YILKOL MOBILYA SAN ve TIC LTD STI
country:TR

Thanks for the alert, they are now blocked for a very long time in my servers 

peter h
> 
> 
> 
> 

-- 
Peter Håkanson   

There's never money to do it right, but always money to do it
again ... and again ... and again ... and again.
( Det är billigare att göra rätt. Det är dyrt att laga fel. )