Abuse complaints on blueyonder.co.uk/cableinet.net spammers bounce from their abuse e-mail box abuse.reports@blueyonder.co.uk, demanding to jump through their hoops, and submit complaints in the form they want to see it, while trashing all other reports of the abuse that comes from their network. Update: 23-Nov-2003: Blueyonder gives their users' e-mail addresses database to the third company, that does bulk e-mailing, and... sells the consumers' data! Update: 28-Dec-2003: Blueyonder censors their own customers' outrage on their e-mails being bounced because of Blueyonder being widely blocked for spam. blueyonder.co.uk, cableinet.net, telewest.co.uk, [62.30.0.0 - 62.31.255.255], [80.192.0.0 - 80.195.255.255], [82.32.0.0 - 82.47.255.255], [194.117.128.0 - 194.117.159.255], [195.188.0.0 - 195.188.255.255], [213.48.0.0 - 213.48.255.255] - Access denied! === My ICQ spam complaint === Received: from [212.199.62.146] by mailserver.eilatcity.co.il (NTMail 4.30.0013/AB9564.63.12487e1d) with ESMTP id wrdcdaaa for ; Sat, 15 Sep 2001 03:53:59 +0200 Received: from dolphin.dolphinwave.org (dolphin.dolphinwave.org [192.168.0.1]) by mail.dolphinwave.org (8.11.6/8.11.6) with SMTP id f8F0muP07996; Sat, 15 Sep 2001 03:48:56 +0300 Content-Type: text/plain; charset="iso-8859-1" From: Admin Organization: Private person To: Abuse reports , nanas-sub@cybernothing.org, abuse@mirabilis.com, postmaster@icq.com, abuse@easynet.net, abuse.reports@blueyonder.co.uk, postmaster@fastserve.net, abuse@bluegravity.com, Spamtool@level3.com, abuse@sprint.net Subject: [ICQ] Spam, using icqmultipager.com spamware! Date: Wed, 19 Sep 2001 03:41:08 +0300 X-Mailer: KMail [version 1.2] Cc: icqmultipager@hotmail.com, info@iarna.com, icqpager@roale-casino.com, webmaster@reliablehosting.com, john@smashcom.com MIME-Version: 1.0 Message-Id: <01091023392500.01294@dolphin.dolphinwave.org> Content-Transfer-Encoding: 8bit Status: RO X-Status: S ICQ spam using the ICQ spam-flooder icqmultipager.com! Please, terminate spammer's accounts as soon as possible! Thanks! ======= Spammer: [62.31.224.2] UK-CABLEINET IP block [62.30.0.0 - 62.31.255.255]. Date: 19 Sep 2001; 03:25:00 (GMT+0300). Spammer's e-mail: icqpager@roale-casino.com Spamvertised web pages: www.royale-casino.com http://63.171.153.140/casino/_royalecasino_.htm (63.171.153.140 = fs-140.or4.reliablehosting.com) www.royale-casino.com [64.57.75.172] ===================== Registrant: Nik Bruce Prod. 161 Broxburn Drive South Ochenoon, Essex RM155pa UK Domain Name: ROYALE-CASINO.COM Administrative Contact: Bruce, Nik john@smashcom.com 161 Broxburn Drive South Ochenoon, Essex RM155pa UK 818-753-9077 Technical Contact: Bruce, Nik john@smashcom.com 161 Broxburn Drive South Ochenoon, Essex RM155pa UK 818-753-9077 Billing Contact: Bruce, Nik john@smashcom.com 161 Broxburn Drive South Ochenoon, Essex RM155pa UK 818-753-9077 Record last updated on 24-Jun-2001. Record expires on 22-Jun-2002. Record Created on 22-Jun-2001. Domain servers in listed order: NS1.BLUEGRAVITY.COM 64.57.64.2 NS2.BLUEGRAVITY.COM 64.57.64.3 BLUE GRAVITY COMMUNICATIONS IP block [64.57.64.0 - 64.57.95.255]. Upstream: Level3 (gigabitethernet9-1.hsipaccess1.Philadelphia1.Level3.net). fs-140.or4.reliablehosting.com [63.171.153.140] ============================== Registrant: Reliablehosting.com 2227 Lake Tahoe Blvd. Suite D South Lake Tahoe, CA 96150 US Domain Name: RELIABLEHOSTING.COM Administrative Contact: Reliablehosting, Mr. webmaster@reliablehosting.com 2227 Lake Tahoe Blvd. Suite D South Lake Tahoe, CA 96150 US 530-542-3331 Technical Contact: Blancett, Phil webmaster@california.net 2227 Lake Tahoe Blvd Suite D South Lake Tahoe, CA 96150 US 530 542 3331 Billing Contact: Reliablehosting, Mr. webmaster@reliablehosting.com 2227 Lake Tahoe Blvd. Suite D South Lake Tahoe, CA 96150 US 530-542-3331 Record last updated on 18-Sep-2001. Record expires on 22-Mar-2002. Record Created on 23-Mar-1998. Domain servers in listed order: NS1.CALIFORNIA.NET 209.162.97.149 NS1.OAKWEB.COM 63.162.57.31 Black Oak Computers IP block [63.171.153.0 - 63.171.153.255] which is in the Fastserve Network IP range [63.171.152.0 - 63.171.159.255]. Upstream: Sprint (sl-fastserve-3-0-0.sprintlink.net). www.icqmultipager.com [212.135.143.148] ===================== Registrant: Lenard Iszak (ICQMULTIPAGER-COM-DOM) ZKUSAInc. 1802-102 N University Dr #245 Plantation, FL 33322 USA 386-383-2583 icqmultipager@hotmail.com Domain Name: ICQMULTIPAGER.COM Administrative Contact: iarnaplc info@iarna.com scotts sufferance wharf 1 mill street london, se1 2df UK 020 7231 7766 Fax- 020 7231 2327 Technical Contact, Zone Contact: iarnaplc info@iarna.com scotts sufferance wharf #245 london, se1 2df UK 020 7231 7766 Fax- 020 7231 2327 Record last updated on 08-Sep-2001. Record expires on 10-Aug-2003. Record created on 10-Aug-2001. Domain servers in listed order: ns0.iarnagroup.co.uk 212.135.143.150 ns1.iarnagroup.co.uk 212.135.143.250 IARNA IP block [212.135.143.128 - 212.135.143.255]. Upstream: Easynet (fa1-1.fm0.44whit.access.easynet.net). ======= SPAM WAS (web panel - no headers) ======= Message from Royale Casino (icqpager@roale-casino.com) through web panel: Sender IP: 62.31.224.2 Subject: The HOTTEST ADULT CASINO on the net Just unleased on the net www.royale-casino.com is OFFICIALLY the hottest casino on the net. Why not come try your luck.... Play for FUN and come play for REAL and make yaself a fortune!!! NEW MEMBERS a one time offer of a *$10 FREE BET. Come play in the Casino or the Sportsbook http://63.171.153.140/casino/_royalecasino_.htm === BlueYonder's Abuse desk bounce === Received: from tigers.cableinet.net (tigers.cableinet.net [193.38.113.20]) by mail.dolphinwave.org (8.11.6/8.11.6) with SMTP id f8JKwgF08473 for ; Wed, 19 Sep 2001 23:58:48 +0300 Received: (qmail 20880 invoked from network); 19 Sep 2001 21:00:01 -0000 Received: from unknown (HELO moby.cableinet.net) (193.38.113.24) by tigers.cableinet.net with SMTP; 19 Sep 2001 21:00:01 -0000 Received: (from webserver@localhost) by moby.cableinet.net (8.9.3+Sun/8.9.1) id WAA08421 for abuse-2001@dolphinwave.org; Wed, 19 Sep 2001 22:00:18 +0100 (BST) Date: Wed, 19 Sep 2001 22:00:18 +0100 (BST) Message-Id: <200109192100.WAA08421@moby.cableinet.net> From: "BY Abuse System" References: To: Admin Subject: Auto abuse report failure Content-Type: text Status: R X-Status: N Your abuse report to abuse.reports@blueyonder.co.uk has failed for some reason. Please ensure your submission is formatted in this manner:- Source: ( The originating address - Please only use IP addresses ) Destination: ( Your IP address - Please only use IP addresses ) Date: ( eg Apr 20 10:19:21 2001 ) Timezone: ( eg GMT+0100 ) Port: ( please include if relevant ) Comments: ( multiline free comment for you to provide details of your complaint ) If you are forwarding spam to us for investigation, please include the word SPAM in the subject of your email. Emails should be in plain text, MIME encoded emails will not be accepted. BY Abuse Team http://www.blueyonder.co.uk/abuse === My reply === Content-Type: text/plain; charset="iso-8859-1" From: Admin Organization: Private person To: "BY Abuse System" , postmaster@blueyonder.co.uk, sbrilus@cableinet.net, nanas-sub@cybernothing.org Subject: [email] blueyonder.co.uk bounced complaints (hoop-jumping)! [Re: Auto abuse report failure] Date: Thu, 20 Sep 2001 00:59:21 +0300 X-Mailer: KMail [version 1.2] References: <200109192100.WAA08421@moby.cableinet.net> In-Reply-To: <200109192100.WAA08421@moby.cableinet.net> Cc: abuse-2001@dolphinwave.org MIME-Version: 1.0 Message-Id: <01092000592101.01352@dolphin.dolphinwave.org> Content-Transfer-Encoding: 8bit Status: RO X-Status: S === e-mailed and archived at news.admin.net-abuse.sightings === So, you suppose other people to do your own Abuse desk job for you, despite on already submitted full info in the original complaint, which was in plain text, no attachments, and even with the word "Spam" in the subject? (And no, I'm not going to violate the Hormel's trademark, using "SPAM" as you advice). I have a better idea than jumping through your hoops: I will just drop your IP range into my deny tables, and that will prevent me from having problems with your customers and your irresponsible Abuse desk. I also will make this information available to other people, so they may decide if they want to block you, as well. Alexander Sheremet. > Received: from tigers.cableinet.net (tigers.cableinet.net [193.38.113.20]) > by mail.dolphinwave.org (8.11.6/8.11.6) with SMTP id f8JKwgF08473 > for ; Wed, 19 Sep 2001 23:58:48 +0300 > Received: (qmail 20880 invoked from network); 19 Sep 2001 21:00:01 -0000 > Received: from unknown (HELO moby.cableinet.net) (193.38.113.24) > by tigers.cableinet.net with SMTP; 19 Sep 2001 21:00:01 -0000 > Received: (from webserver@localhost) > by moby.cableinet.net (8.9.3+Sun/8.9.1) id WAA08421 > for abuse-2001@dolphinwave.org; Wed, 19 Sep 2001 22:00:18 +0100 (BST) > Date: Wed, 19 Sep 2001 22:00:18 +0100 (BST) > Message-Id: <200109192100.WAA08421@moby.cableinet.net> > From: "BY Abuse System" > References: > To: Admin > Subject: Auto abuse report failure > Content-Type: text > Status: R > X-Status: N > > Your abuse report to abuse.reports@blueyonder.co.uk has failed for some > reason. > > Please ensure your submission is formatted in this manner:- > > Source: ( The originating address - Please only use IP addresses ) > Destination: ( Your IP address - Please only use IP addresses ) > Date: ( eg Apr 20 10:19:21 2001 ) > Timezone: ( eg GMT+0100 ) > Port: ( please include if relevant ) > Comments: ( multiline free comment for you to provide details of your > complaint ) > > > If you are forwarding spam to us for investigation, please include the word > SPAM in the subject of your email. Emails should be in plain text, MIME > encoded emails will not be accepted. > > BY Abuse Team > http://www.blueyonder.co.uk/abuse === Blueyonder gives their customers' e-mails database to the third party === Path: uni-berlin.de!acb9789a.ipt.aol.COM!not-for-mail From: Chris Uren Newsgroups: news.admin.net-abuse.email Subject: Re: We're screwed: Congress to Legalize "Good Spam" Date: Sun, 23 Nov 2003 09:01:07 +0000 Lines: 39 Message-ID: <5ss0svkpckgb8h0cqm869lubdo00f69mib@4ax.com> References: NNTP-Posting-Host: acb9789a.ipt.aol.com (172.185.120.154) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: news.uni-berlin.de 1069578106 60963382 172.185.120.154 (16 [213525]) X-Newsreader: Forte Agent 1.92/32.572 Xref: uni-berlin.de news.admin.net-abuse.email:2116954 On 22 Nov 2003 19:37:25 -0800, rfg@monkeys.com (Ronald F. Guilmette) wrote: >P.P.S. Under this new law, AOL (for example) cannot harvest your e-mail >address from YOUR web site. However it probably does NOT count as ``illegal >harvesting'' if they just sit back and gather all of the e-mail addresses >of all of the people who send e-mail to any of AOL's own mail servers. >They could then sell that list to anybody who wants to buy it. > >That list would certainly be composed of multi-millions of fresh and >*real* e-mail addresses every month. > >I'm sure a LOT of companies would be willing to pay big bucks for that, >and for the privledge of becoming an official AOL ``affiliate'' (so that >they can then legally spam all of those addresses). Blueyonder recently farmed out it's mail shot list to the French division of Claritas as a cost saving . It took all of 5 mins to find out who and what Claritas's business is all about. They sell consumer data and as a sideline perform bulk mail operations. The first mailshot to many BY users was one asking for confirmation if user's wanted to recieve further mailshots, no explanation of how the original lists could no longer be trusted as valid. When I pointed this out in their NG's the support droids tried to assure users who were rightly hacked off at BY handing over their entire user email address list to Claritas, they best they could say was. We have a contract limiting how Claritas can use the BY database. I asked how they intended to monitor and assure all BY users that database would not be abused by Claritas, whose main business is selling data. I again got We have a contract limiting how Claritas can use the BY database. My guess is some one at BY screwed up their mailing list database and it was decided to farm it out to get it updated. -- === New IPs, new spam === From: Admin Reply-To: abuse-Nov@2003.dolphinwave.org Organization: Private person Subject: [email] Spam (Usenet harvest: goldenbetcasino.net)! [Fwd: its the best on the net] Date: Sat, 29 Nov 2003 01:11:58 +0200 User-Agent: KMail/1.5 X-KMail-Link-Message: 1724573 X-KMail-Link-Type: forward To: , uce@ftc.gov, nanas@killfile.org, , postmaster@yahoo.com, abuse@nrw.net, security@telefonicaempresas.net.br, abuse@telefonicaempresas.net.br, ipengenharia@TELEFONICAEMPRESAS.NET.BR, gestaoip@TELESP.COM.BR, mail-abuse@nic.br, security@telesp.com.br, abuse@telesp.com.br, abuse@blueyonder.co.uk X-Complaints-To: abuse@dolphinwave.org (live person) X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 X-No-Confirm: Yes MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit Content-Disposition: inline Message-Id: <200311290111.59919@2003.dolphinwave.org> Status: RO X-Status: S X-KMail-EncryptionState: X-KMail-SignatureState: Please, terminate the spammer's accounts as soon as possible! Thanks! ======= Refusing to deal with your abusers will lead your whole IP range to be blocked from accessing of my mailservers ever again, and this info will be shared with other admins and public blocklists! Spammer: 82-37-27-101.cable.ubr04.wolv.blueyonder.co.uk [82.37.27.101] Spamvertised web page: http://www.goldenbetcasino.net www.goldenbetcasino.net [200.206.182.159] ======================= domain: goldenbetcasino.net status: production organization: GTS Partners owner: Mihai Dumitru email: santino110@yahoo.com address: 15 Calea Victoriei city: Bucharest postal-code: 704111 country: RO admin-c: santino110@yahoo.com#0 tech-c: santino110@yahoo.com#0 billing-c: santino110@yahoo.com#0 nserver: n1.goldenbetcasino.net 200.206.182.159 nserver: n2.goldenbetcasino.net 200.206.182.159 registrar: JORE-1 created: 2003-08-20 12:29:51 UTC JORE-1 modified: 2003-08-20 12:42:59 UTC JORE-1 expires: 2004-08-20 08:29:34 UTC source: joker.com TELECOMUNICACOES DE SAO PAULO S.A. - TELESP IP block [200.206.128/17]. Upstream: Telesp(am) (200-206-181-130.dsl.telesp.net.br). Nameservers: goldenbetcasino.net <== SPAMMERS. ---------- Forwarded Message ---------- Received: from 82-37-27-101.cable.ubr04.wolv.blueyonder.co.uk (82-37-27-101.cable.ubr04.wolv.blueyonder.co.uk [82.37.27.101]) by mail.dolphinwave.org (8.12.8/8.12.8) with ESMTP id hASHtOiD016381 for <###>; Fri, 28 Nov 2003 19:55:39 +0200 Received: from unknown (HELO localhost) (127.0.0.1) by localhost.dunow.com with SMTP; Fri, 28 Nov 2003 11:05:52 -0800 Received: from 87.147.122.246 (87.147.122.246[87.147.122.246]) by 82-37-27-101.cable.ubr04.wolv.blueyonder.co.uk (IMP) with HTTP for <###>; Message-ID: <605401070046352@82-37-27-101.cable.ubr04.wolv.blueyonder.co.uk> From: "Sol" To: "Betsy" <###> Subject: its the best on the net Date: Fri, 28 Nov 2003 11:05:52 -0800 MIME-Version: 1.0 Content-Type: text/html; charset="iso-8859-1" Content-Transfer-Encoding: 8bit User-Agent: Internet Messaging Program (IMP) 3.2.2 X-Originating-IP: 87.147.122.246 X-AntiVirus: checked by AntiVir Milter 1.0.4; AVE 6.22.0.1; VDF 6.22.0.52 Status: R X-Status: N X-KMail-EncryptionState: X-KMail-SignatureState: TOP CASINO
Visit THE BEST no download online casino !!

CASHOUT TO PAYOUT IN 1 HOUR!

Click here to enter the GOLDEN BET ONLINE CASINO !

INCREDIBLE SIGN UP BONUSES:

1.    Deposit $100 get $231 instant credited to your
       casino account!

2.   $25 cashable gift for every 100 hands of Poker

3.   $200 cashable gift on every 6th wire transfers

Join the casino where it's easy to play and win!

! CLICK HERE TO WIN BIG NOW !
------------------------------------------------------- === Some more data === $ host 82.37.1.11 11.1.37.82.in-addr.arpa domain name pointer 82-37-1-11.cable.ubr01.wolv.blueyonder.co.uk. $ host 82.37.231.11 11.231.37.82.in-addr.arpa domain name pointer 82-37-231-11.cable.ubr04.telf.blueyonder.co.uk. $ host 82.37.232.11 Host 11.232.37.82.in-addr.arpa not found: 3(NXDOMAIN) === Blueyonder's customers scream, Blueyonder censors === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!news-hub.cableinet.net!blueyonder!internal-news-hub.cableinet.net!news-binary.blueyonder.co.uk!53ab2750!not-for-mail Reply-To: "Mark" From: "Mark" Newsgroups: news.admin.net-abuse.email Subject: Blueyonder Censors Customer Complaint Lines: 187 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Date: Sun, 28 Dec 2003 10:45:33 -0000 NNTP-Posting-Host: 82.43.115.238 X-Complaints-To: abuse@blueyonder.co.uk X-Trace: news-binary.blueyonder.co.uk 1072608327 82.43.115.238 (Sun, 28 Dec 2003 10:45:27 GMT) NNTP-Posting-Date: Sun, 28 Dec 2003 10:45:27 GMT Organization: blueyonder (post doesn't reflect views of blueyonder) Xref: uni-berlin.de news.admin.net-abuse.email:2138933 The following Blueyonder customer thread posted under the heading "BLUEYONDER MAIL SERVERS ARE DEFINITELY BLACKLISTED" was completely removed from the Blueyonder Newsgroup earlier this month and the customer barred from making any further postings. Blueyonder mail servers remain blacklisted and their attempts at censorship have been thwarted since this Blueyonder customer happened to e-mail the contents of this posting to his own ISP, thereby preserving a complete record of what Blueyonder tried to censor. Here it is: "Mark" wrote in message news:sknFb.2$Rb.1@news-binary.blueyonder.co.uk... Blueyonder e-mail is a complete nightmare! I've been complaining about several of their SMTP servers being blacklisted for weeks now. e-mail complaints are completely ignored. Written complaints generate a standard letter but absolutely no action. Most of my outgoing mails sent via Blueyonder never actually reach their intended recipients any more. I am having to use Hotmail instead whilst paying Blueyonder for a Broadband connection with e-mail "service". I have given up completely on Blueyonder - I've told them to close my account and I am taking them to court claiming their grossly inadequate e-mail "service" amounts to a fundamental breach of contract. Check their blacklisted status on just one of their mail servers here: http://www.dnsbl.us.sorbs.net/cgi-bin/lookup?js&IP=195.188.213.10 ---------------------------------------------------------------------------- ---- > Dear Mark, > > Have you contacted abuse@blueyonder.co.uk regarding this. We will not pay > third parties for removal from their blacklists. > > -- > Kind Regards > Rachel Gorst > Blueyonder Technical Support > http://status.blueyonder.co.uk:888/ > http://help.blueyonder.co.uk/contact ---------------------------------------------------------------------------- ---- You bet I've contacted abuse@blueyonder.co.uk and do you know what abuse@blueyonder.co.uk do about it? Nothing. Nada. Zilch. The problem is that most Blueyonder customers contributing to this newsgroup have no idea that it is Blueyonder's policy of doing nothing that has virtually crippled your e-mail service. Blueyonder servers remain blacklisted in increasing numbers due to their involvement in the dissemination of spam. And what effect does this have on Blueyonder customers? They can't send e-mails through Blueyonder because many of their intended recipients' service providers refuse to accept mail from second rate cowboy outfits like Blueyonder that have little or no regard to their blacklisted status. This is happening to me on a daily basis! So Blueyonder adopts a policy of refusing to pay a small fine imposed on them due to their involvement in the dissemination of spam? And who suffers? Blueyonder customers - that's who. I'm leaving Blueyonder and transferring my account to Demon because I need a service provider I can trust to deliver my e-mail. Not one that adopts awkward policies of refusing to pay for its mistakes or to act responsibly. I would suggest that every single Blueyonder customer reading this who also considers their mail to be important to them also takes the same step as me and leaves Blueyonder - now. The inevitable consequence of remaining with Blueyonder is that more and more of your e-mails will simply bounce back to you as undeliverable, just like mine are every day of the week. I'm taking Blueyonder to court over its inadequte e-mail "service" which will also have the effect of raising public awareness of Blueyonder's status as a second rate cowboy ISP that couldn't care less about its customers or the inadequate service it palms off on them. So Blueyonder ... Save the $50 fine for your involvement in spam and watch your customers leave - in their thousands. Mark Blueyonder Account: mm003b2396 ---------------------------------------------------------------------------- ---- > Dear Mark, > > The support team covering the support groups pass all instnces of > blacklisting to abuse to allow them to contact the domain/blacklist > organisation and request the removal of the blueyonder servers from the > blacklist. The abuse team have no control over how quickly the request is > complied with. We do not pass these instances internally if abuse have > already been contacted as this merely generates duplicate reports. The > network is scanned constantly for open relays (please see the monthly > updates in the announcemnets section of the status page for details of the > number of open relays tracked and closed). In addition the abuse team do > read this newsgroup see examples below of how they have responded to > blacklist reports. Other steps being considered are SMTP authentication see > the comments from Geoff below. > > > All, > > I've noticed a dramatic increase in the number of reports coming in to the > abuse@ mailbox regarding mailservers using spamcop's blacklist bouncing mail > from smtp-out3.blueyonder.co.uk and smtp-out8.blueyonder.co.uk. I have > requested their removal. > > Regards, > > -- > Geoff Dunham > blueyonder Internet Security & Abuse Team ---------------------------------------------------------------------------- ---- Either you do or you don't pay 3rd parties for removal of your blacklisted status due to your involvement in the dissemination of spam. If you do, then you're removed promptly, but clearly you don't because the same servers have been blacklisted for literally weeks on end. If you don't pay, then Blueyonder customers' mail doesn't arrive and then Blueyonder customers like me start closing their accounts. Somone called Rachel Gorst from Blueyonder Technical Support assures us that you don't pay. So which of you is talking rubbish here? Mark ---------------------------------------------------------------------------- ---- Don't blame Blueyonder - blame all those ISPs blocking Blueyonder mail. ---------------------------------------------------------------------------- ---- Of course I don't blame all those responsible ISPs who cooperate with blacklists of the second rate cowboy ISPs like Blueyonder who couldn't care less about their contribution to spam and their continous involvement in this disgusting industry. It is only by the responsible IPSs boycotting the cowboy ISPs like Blueyonder that participate in the business of disseminating spam that we can start to tackle this huge problem. If Blueyonder continues to bury its head in the sand and refuses to address the error of its ways, it will render its own e-mail system completely useless and, with it, themselves too. The following comments from Rachel Gorst of Blueyonder Technical Support would make an excellent epitaph for Blueyonder's tombstone: "Dear Mark, Have you contacted abuse@blueyonder.co.uk regarding this. We will not pay third parties for removal from their blacklists. -- Kind Regards Rachel Gorst Blueyonder Technical Support http://status.blueyonder.co.uk:888/ http://help.blueyonder.co.uk/contact" === The possible explanation of the "censorship" === Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!peernews!peer.cwci.net !newspeer1-gui.server.ntli.net!ntli.net!newsrout1.ntli.net!news.ntli.net !news-hub.cableinet.net!blueyonder!news-fe1!news-text.cableinet.net!53ab2750 !not-for-mail From: "Millie" Newsgroups: news.admin.net-abuse.email References: <1080439559.806360@news.mixbsd.net> Subject: Re: Feedback on BlueYonder's new "anti-spam" service Lines: 29 X-No-Archive: Yes X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Message-ID: Date: Sun, 28 Mar 2004 16:07:53 GMT NNTP-Posting-Host: 82.32.128.211 X-Complaints-To: abuse@blueyonder.co.uk X-Trace: news-text.cableinet.net 1080490073 82.32.128.211 (Sun, 28 Mar 2004 17:07:53 BST) NNTP-Posting-Date: Sun, 28 Mar 2004 17:07:53 BST Organization: blueyonder (post doesn't reflect views of blueyonder) Xref: uni-berlin.de news.admin.net-abuse.email:2181925 "Dolphin" wrote in message news:slrnc6cunp.jpi.usenet-Mar+nanae@orca.dolphinwave.org... ). > > They obviously consider people telling about the problems with Blueyonder's > servers to be the breach of their AUP. Untrue, you say? > > Yes untrue. Your link shows a poster complaining last December about a thread being deleted by blueyonder in the internal groups. blueyonder have 2 different servers, a binary one where retention is only counted in a couple of days and a text only server that keeps posts for many months. You can see above that the poster was using the binary server, I'd suggest that he assumed it was cancelled but in reality it had just dropped off. The thread in question is still available on the blueyonder text server even today! === But it's happened not only on binary groups === Path: uni-berlin.de!fu-berlin.de!fr.ip.ndsoftware.net!newshosting.com !nx01.iad01.newshosting.com!sn-xit-03!sn-xit-04!sn-xit-01!sn-xit-06!sn-post-02 !sn-post-01!supernews.com!news.supernews.com!not-for-mail From: "MiX - no email replies thx" Newsgroups: news.admin.net-abuse.email Subject: Re: Feedback on BlueYonder's new "anti-spam" service Date: Sun, 28 Mar 2004 16:17:04 -0500 Organization: The Self-Preservation Society Message-ID: <1080508366.880089@news.mixbsd.net> Reply-To: "MiX - no email replies thx" References: <1080439559.806360@news.mixbsd.net> X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Cache-Post-Path: news.mixbsd.net!unknown@bluejay.mixbsd.net X-Cache: nntpcache 3.0.1 (see http://www.nntpcache.org/) X-Complaints-To: abuse@supernews.com Lines: 110 Xref: uni-berlin.de news.admin.net-abuse.email:2181979 "Jim Murray" wrote in message news:oYr9c.4804$JR6.43190425@news-text.cableinet.net... > Casting off the cloak of HTML, MiX - no email replies thx ventured forth > to do battle with the daemons of Usenet on 28/03/2004 03:10, saying: > > If you're going to post this type of stuff to external groups, please > give a balanced view of what is being done. The "balanced view" is that whilst I have a BY cable modem, I do not use BY's mail servers (pop3 or smtp). Some people would leave an ISP if they could not rely on their ISP's mailservers - fortunately for me, that is not a problem. > The have stated their anti-spam platform is using SpamAssassin It doesn't matter whether they use SA, SPEWS, their own private dnsbl or own private filtering rules... what matters (and the whole point of my post) is that they have introduced an anti-spam service whilst simultaneously subjecting their own customers with unwanted junk. > so I'd > expect their view of what's spam will be largely the same as most other > SA users view of what is spam. I don't use SA, only dnsbl's. IMO, any spam that gets past SPEWS and my own dnsbl isn't worth the CPU and storage to work on. I just add the offending CIDR /24 and forget about it. > As to their use of emv2, that's something > which I cannot and will not support either here or anywhere else. Their > history of managing thier e-mail notification lists is frankly lousy and > their marketing department most definately require rodgered repeatedly > with a sharpened cluestick No argument there... > BUT that entire issue is totally seperate > from the introduction of thier spam filteirng service. Not as I see it. Have you ever been on hold with a company (not talking about BY specifically here) for in excess of 30 minutes? Don't you find it ironic that whilst you are holding to speak to someone, you get some idiot actor reading about how great the company you are calling is? It's the same thing: save me the sales spiel (I'm already a customer) and answer the damn phone already. > You did receive plenty of notification that this was taking place, it > was widely publicised both by a mailshot sent to all BY mailboxes and on > thier own newsgroups. IIRC there was also a period during which > customers could request the restoration of mailbox contents deleted in > error (theirs or the customer's). Given the number of mailboxes they > operate it's not an unreasonable policy. It's also worth pointing out > that their terms of service require users to check *at least* their > primary Blueyonder mailbox on a regular basis, had you been complying > with the terms of service you agreed to you would have received the > notification in plenty of time. Read my post again. I have no problems checking my primary BY inbox for security and other *important* announcements. I draw the line when BY expects me to download and process their junk mail. Yes, they will also restore deleted mails, but my point is that I'm not going to request that they restore the emv2 crap. > > I'll clear out my inbox and download when BY stops spamming its own customers > > and sends out security announcements *only*. > > Again, this is unrelated to the other issues, despite it's validity as a > comment on their general inability ot grasp the fairly simple concept of > how to run a *service announcement* list properly. Not related AFAYAC, perhaps. What would you rather I do? Not check my BY inbox at all so that I don't find a reason to bitch at them? > > A copy of this post will be sent to news.admin.net-abuse.email, given that > > it's on-topic for there (and also because BY has a habit of cancelling > > less-than-complimentary posts from its news servers). > > That is simply untrue. They DO cancel off-topic posting *on thier > internal support groups* and will also cancel postings to their internal > groups which contain abusive language or otherwise breach their > Acceptable Use Policy but I've never known a correctly posted and > non-abusive criticism to be cancelled (I should know, I've thrown a few > harsh words at them on several occasions). As Dolphin posted, later in this thread, they do cancel (or rather conveniently have a very short retention period for) articles. I posted a similar gripe about their announcement list (not farmed out at that time, but contained sales junk all the same) a while back[0]. I know I used their news-text[1] server to do it (along with a phone call to BY) but that article was gone in a day - after I got a standardised reply post of "we're still looking into other options". [0] At least a year ago, probably longer. [1] I stopped using the binary news server right after I found out my posts weren't propagating out of BY due to their incompetence at handling spammers and subsequent UDP[2]. I never went back to using the binary server since - that's why I *know* I used the news-text one. [2] But that's another story. === And Blueyonder STILL ignores the abuse from their lusers === Path: uni-berlin.de!fu-berlin.de!border1.nntp.ash.giganews.com!nntp.giganews.com !news.glorb.com!wn51feed!worldnet.att.net!216.168.1.162!sn-xit-02!sn-xit-06 !sn-post-01!supernews.com!news.supernews.com!not-for-mail From: "MiX - no email replies thx" Newsgroups: news.admin.net-abuse.email Subject: BY anti-spam redux: open letter to Fergal Butler @ BlueYonder Date: Sat, 17 Apr 2004 14:53:47 -0400 Organization: The Self-Preservation Society Message-ID: <1082227619.200895@news.mixbsd.net> Reply-To: "MiX - no email replies thx" X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Cache-Post-Path: news.mixbsd.net!unknown@bluejay.mixbsd.net X-Cache: nntpcache 3.0.1 (see http://www.nntpcache.org/) X-Complaints-To: abuse@supernews.com Lines: 72 Xref: uni-berlin.de news.admin.net-abuse.email:2189523 [Posted to news.admin.net-abuse.email and blueyonder.feedback] Fergal, You conveniently ignored[0] my follow-up post[1] in the thread entitled 'Feedback on BlueYonder's new "anti-spam" service'. In that post, I advised you that for the 10 previous days, I had a total of 9 spam attempts from the same BY IP address. I don't know [or care] if it's a zombied machine, a worm, or a BY luser deliberately using their connection to send out spam - the distinction is irrelevant AFAIAC. Evidently, you were too busy deflecting the topic away[2] from my original point to notice the extract from my MTA log that I appended to the end of my post, showing you the times[3][4] of each attempt. The reason I know this is because since that time, I've had a further 4 attempts from the very same IP address. Now, since BY is allocated 82.32.0.0/12, I think it's fair to say that the odds against it being a different zombie/spammer are very slim[5]. For the record, the new attempts are appended to the end of my post[6]. Following a complete cessation of attempts from the 5th to the 12th April inclusive, silly old me actually thought that BY had gotten a clue and addressed the issue. Now it seems the spammer (or the zombied machine's luser) was just taking the week off. I therefore conclude that BY has no intention of cleaning up its network and ergo deserves to be blocklisted to hell and back. I'd like to see BY try and dodge the question from its users if [when?] more mail starts to bounce from your IP address space due to being blocklisted by even more public and private DNSbl's. Yours not-so-sincerely. MiX [0] You posted on the 4th to 6th April inclusive (so did Alex Brown on 8th April) so you *were* monitoring the thread after my follow-up[1]. [1] http://groups.google.com/groups?selm=1081129649.915646%40news.mixbsd.net dated 04/04/2004. [2] http://www.winternet.com/~mikelr/flame60.html [3] Sorry, I forgot to mention that the times were GMT-5. [4] But since the abuse spans several days, you should have enough info to disconnect your spammer/zombie. [5] I can't be ar$ed to work out how exactly how many IP addresses are in that CIDR, but I know it's a Bloody Big Number. [6] Line-spaced out this time so you can count 'em: 2004-04-13 05:39:48 H=82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] F= rejected RCPT [snip] 2004-04-13 05:39:48 unexpected disconnection while reading SMTP command from 82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] 2004-04-13 08:51:31 H=82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] F= rejected RCPT [snip] 2004-04-13 08:51:31 unexpected disconnection while reading SMTP command from 82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] 2004-04-13 09:48:01 H=82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] F= rejected RCPT [snip] 2004-04-13 09:48:01 unexpected disconnection while reading SMTP command from 82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] 2004-04-15 17:35:35 H=82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] F= rejected RCPT [snip] 2004-04-15 17:35:35 unexpected disconnection while reading SMTP command from 82-33-201-48.cable.ubr07.azte.blueyonder.co.uk ([HELO munged]) [82.33.201.48] === And the same spammer STILL spams from that space! === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-06 !sn-post-01!supernews.com!news.supernews.com!not-for-mail From: "MiX - no email replies thx" Newsgroups: news.admin.net-abuse.email Subject: Re: BY anti-spam redux: open letter to Fergal Butler @ BlueYonder Date: Sat, 24 Apr 2004 20:19:05 -0400 Organization: The Self-Preservation Society Message-ID: <1082851866.927119@news.mixbsd.net> Reply-To: "MiX - no email replies thx" References: <1082228573.957383@phoenix.mixbsd.net> X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-Mimeole: Produced By Microsoft MimeOLE V6.00.2800.1409 Cache-Post-Path: news.mixbsd.net!unknown@bluejay.mixbsd.net X-Cache: nntpcache 3.0.1 (see http://www.nntpcache.org/) X-Complaints-To: abuse@supernews.com Lines: 110 Xref: uni-berlin.de news.admin.net-abuse.email:2191696 "Fergal Butler" wrote in message news:lkg480971gkjnerq84lkg2cfsbef5cri3v@4ax.com... > MiX, > > Please don't feel slighted. I sporadically check these groups and > unfortunately I don't see every post, or even have the time to respond > to each one individually. First off, sorry for the slow reply (it's been a busy week you know). Anyway, since I feel it's a total waste of time reporting such incidences via email to abuse@by, how else do you propose I should alert BY of spam/spam-attempts/port scans? > >Now, since BY is allocated 82.32.0.0/12, I think it's fair to say > >that the odds against it being a different zombie/spammer are very slim[5]. > >For the record, the new attempts are appended to the end of my post[6]. > > > >Following a complete cessation of attempts from the 5th to the 12th April > >inclusive, silly old me actually thought that BY had gotten a clue and > >addressed the issue. Now it seems the spammer (or the zombied machine's > >luser) was just taking the week off. > > Or maybe it has just been allocated to another address with an > infected machine. Please try and consider all of the possibilities > before jumping to conclusions. As I said before, RIPE has allocated you a whole /12 - that's 1,048,574 useable addresses. In other words, the odds of it being someone else are over a million-to-one against. But that's not the point: the same IP address is *still* attempting delivery, up to and including yesterday 23/04/04 12:44:58EDT [GMT-5] - 5 days after your reply. Your DHCP server logs will tell you who was connected to what address at whatever time. How many attempts so far? # grep "H=82-33-201-48.cable.ubr07.azte.blueyonder.co.uk" /var/log/exim/mainlog | wc -l 25 > >I therefore conclude that BY has no intention of cleaning up its network and > >ergo deserves to be blocklisted to hell and back. I'd like to see BY try and > >dodge the question from its users if [when?] more mail starts to bounce from > >your IP address space due to being blocklisted by even more public and private > >DNSbl's. > > I think you've been listening to too many conspiracy theories on > NANAE. No, my MTA log speaks for itself. A year or so ago, I actually went through a phase of defending BY's sub-standard abuse-handling procedures, but when SORBS listed some of your outbound SMTP servers, I gave up. > Let's try some common sense here. Let's consider the possibilities: BY > purposefully ignores spammers and hence gets blacklisted. Why would we > as an organisation take such a stance that would be so damaging to > ourselves? > > Isn't it simply more realistic to accept the fact that BY with a total > customer base of well over half a million users has the same issues as > other similar ISP's in keeping up with handling abuse. Your second paragraph answers your first. Your abuse desk staffing level should reflect your userbase. If, as your second paragraph suggests, BY cannot provide adequate staffing-levels then, to all intents and purposes, it does appear to customers and non-customers alike that you are ignoring abuse reports. If your management is negligent in not employing enough people to police its network, then that's BY's (and its users') problem, not the SysAdmin blocking you. > Last month we had a total of 31,452 unique IP's reported to us for > various types of abuse related issues. Each individual abuse report > has to be handled individually and followed up. I'm sure you can begin > to understand the levels of resource and commitment required to follow > up each individual report. Certainly and I'm sure that not all of those 31,452 reports were genuine (maybe a percentage were false alarms). So your management needs to decide what's more important: empowering its abuse department with sufficient staff to handle and act upon abuse reports, or continue to project the image that BY doesn't care how long it takes to resolve an abuse issue. > We are committed to combating the menace of spam, however we are only > human and it does take the abuse department some time to go through > each individual report. Not knowing the specifics of your case I can't > really comment but be assured that we are taking action against any > and all customers found to be abusing our service. Action is one thing, timely and decisive action is another. > I expect we will see a large decrease in the amount of abuse reports > over the coming months as we implement SMTP authentication That doesn't address direct-to-MX spam - the very issue that is highlighted in my mail logs. > and start to use this method to block infected PCs and gain further levels > of reporting on email usage. We will also be following other anti-spam > initiatives closely over the coming months and will be actively taking > part in numerous UK anti-spam forums. Glad to hear it - it's long overdue.