From: Abuse (abuse@caladan.net)
To: security curmudgeon (jericho@attrition.org)
Date: Sun, 05 Jan 2003 16:34:36 -0000
Reply-To: abuse@caladan.co.uk
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

Hi,

Please confirm: are you reporting this spam to us or generating it?

There was no message along with the email, so we are unsure how 
you would like us to proceed. If you are reporting SPAM, please 
include your name and a short message indicating why you are 
contacting us.

Regards,
Chris


On 4 Jan 2003 at 11:34, security curmudgeon wrote:

:> 
:> 
:> ---------- Forwarded message ----------
:> Return-Path: 
:> Received: from galileo ([80.71.2.160])
:>  by forced.attrition.org (8.11.4/3.8.9) with ESMTP id h031qw014696
:>  for ; Thu, 2 Jan 2003 20:52:59 -0500
:> Received: from mail pickup service by galileo with Microsoft SMTPSVC;
:>   Fri, 3 Jan 2003 01:49:32 +0000
:> From: "Sana Imran" 
:> To: 
:> Subject: Win Free Prizes in PAKISTAN
:> Date: Fri, 3 Jan 2003 01:49:31 -0000
:> MIME-Version: 1.0
:> Content-Type: text/plain;
:>  charset="iso-8859-1"
:> X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
:> Message-ID: 
:> X-OriginalArrivalTime: 03 Jan 2003 01:49:32.0073 (UTC)
:>     FILETIME=[5C418190:01C2B2CA]
:> Content-Transfer-Encoding: 8bit
:> X-MIME-Autoconverted: from quoted-printable to 8bit by forced.attrition.org
:>     id h031qw014696
:> 
:> Hi,
:> 
:> http://www.FreeLuckyDraw.com is the Ultimate Cyber Hangout designed
:> specifically for the Pakistanis to join in to win great prizes.
:> We are giving away free stuff and you could be our next lucky winner.
:> 
:> http://www.FreeLuckyDraw.com is a new concept in the world of advertising.
:> 
:> See you at http://www.FreeLuckyDraw.com
:> 
:> Sana Imran
:> Promotional Manager
:> The FreeLuckyDraw Team
:> http://www.freeluckydraw.com

---
www: http://www.caladan.co.uk
e-mail: abuse@caladan.co.uk

From: security curmudgeon (jericho@attrition.org)
To: abuse@caladan.co.uk
Date: Sun, 5 Jan 2003 13:27:33 -0500 (EST)
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

: Hi,
:
: Please confirm: are you reporting this spam to us or generating it?

Err.. reporting? Forwarded mail.. with full headers.. to the appropriate
address for such complaints.

: There was no message along with the email, so we are unsure how you
: would like us to proceed. If you are reporting SPAM, please include
: your name and a short message indicating why you are contacting us.

Yes. This is spam. I don't like spam. This is from your network. Please
shoot your abusive user.

: Regards,
: Chris

Hope this helps.

[Original double quoted spam removed]


From: Abuse (abuse@caladan.net)
To: security curmudgeon (jericho@attrition.org)
Date: Sun, 05 Jan 2003 19:10:02 -0000
Reply-To: abuse@caladan.co.uk
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

Hi,

Thanks for the reply, please understand we receive a lot of SPAM 
ourselves especially to this email address. We therefore have 
certain rules regarding how we deal with any reports of SPAM or 
other network abuse. 

We don't, for example, take any notice of anonymous emails. If you 
are reporting SPAM then there is no reason not to provide us with 
full contact details, or at least your name. It is also customary to 
include a short message asking us to look into the incident, in fact 
we view it as quite rude if someone just forwards us an email with 
no explanation - how do we know it is not just more SPAM !

Anyway, if you would kindly provide your name and any other 
contact details you feel are relavent, we will certainly look into this 
for you and take the appropriate action: Sending SPAM from our 
network is contrary to our AUP and we take any such breaches very 
seriously.

Unfortunately, due to UK law, we are currently unable to shoot the 
user responsible ;-)

Regards,
Chris


From: security curmudgeon (jericho@attrition.org)
To: abuse@caladan.co.uk
Date: Sun, 5 Jan 2003 14:31:54 -0500 (EST)
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

: Thanks for the reply, please understand we receive a lot of SPAM
: ourselves especially to this email address. We therefore have certain
: rules regarding how we deal with any reports of SPAM or other network
: abuse.
:
: We don't, for example, take any notice of anonymous emails. If you are
: reporting SPAM then there is no reason not to provide us with full
: contact details, or at least your name. It is also customary to

Sure there is a reason. You do not need it. Having my contact details does
absolutely nothing to aid in your tracking down of a spammer or open relay
on your network. Unless you plan on being gung ho and tracking all the way
back to where my name/address was originally interjected into a spammer
list, it is simply a moot point.

: include a short message asking us to look into the incident, in fact
: we view it as quite rude if someone just forwards us an email with no
: explanation - how do we know it is not just more SPAM !

Because the subject prefaced it as SPAM: ?

On a typical day I report around 30 pieces of spam to various networks.
Not only the big ISPs, but small mom and pop type places. Not once, ever,
has anyone questioned my mail to the abuse alias where I clearly ID the
mail as spam in the subject, forward, and include full headers. It almost
leads me to believe you live in some myopic network environment seemingly
devoid of spam.

: Anyway, if you would kindly provide your name and any other contact
: details you feel are relavent, we will certainly look into this for

I feel the only relevant contact information is my e-mail address, which
you already have. Besides, if I tell you my name is "Bob", are you really
going to check?

: you and take the appropriate action: Sending SPAM from our network is
: contrary to our AUP and we take any such breaches very seriously.

That is good to hear. Now, after all this dialogue, hopefully you are sure
that i am reporting spam and not sending it etc etc.

As per standard procedure, the generic abuse type address you are
contacting us from will be put in the block list here. You will make spam
block #7020, the 124th abuse@ type alias.

: Unfortunately, due to UK law, we are currently unable to shoot the
: user responsible ;-)

Maybe one day soon they will change that.. we can hope!

Thanks


From: Chris Smith (chris@caladan.net)
To: jericho@attrition.org
Date: Sun, 05 Jan 2003 20:58:56 -0000
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

Oh dear, I guess I didn't misunderstand !

:    ----- The following addresses had permanent fatal errors -----
: 
:     (reason: 553 5.3.0 ... - 300 Thanks but we
:     don't need any more spam from your network.)

How rude !!!

Please understand I am only trying to help - blocking our email addresses 
only stops us communicating, it isn't going to stop SPAM from us because the 
SPAM you were complaining about didn't come from us !

I was just trying to be friendly and enter into a pleasant conversation with 
you. Whatever happened to friendship and understanding?

As per my previous email - if you want us to look into this for you, we need 
to be able to communicate !  Or how can I let you know what we find?

I have re-sent my previous email (that bounced) so you can read it. 

Regards,
Chris

--- 
Caladan Communications Ltd 
Offering ISP and Telecoms services throughout the UK
TEL: 0870 751 5516  FAX: 01933 666972 
WEB: http://www.caladan.net/

From: Chris Smith (chris@caladan.net)
To: jericho@attrition.org
Date: Sun, 05 Jan 2003 20:59:16 -0000
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

Hi "Bob",

Thanks for your reply.

: : We don't, for example, take any notice of anonymous emails. If you are
: : reporting SPAM then there is no reason not to provide us with full
: : contact details, or at least your name. It is also customary to
: 
: Sure there is a reason. You do not need it. Having my contact details
: does

True - technically we don't need it, but it's polite when entering into a
dialogue with someone to provide a reference point - in human terms this 
usually means a name. 

Call me old fashioned, but manners never hurt anyone ;-)

: : include a short message asking us to look into the incident, in fact
: : we view it as quite rude if someone just forwards us an email with no
: : explanation - how do we know it is not just more SPAM !
: 
: Because the subject prefaced it as SPAM: ?

Unfortunately that doesn't mean a thing - I've seen SPAM & UCE prefixed
with all sorts, including "SPAM:..."

: On a typical day I report around 30 pieces of spam to various networks.
: Not only the big ISPs, but small mom and pop type places. Not once,
: ever, has anyone questioned my mail to the abuse alias where I clearly
: ID the mail as spam in the subject, forward, and include full headers.
: It almost leads me to believe you live in some myopic network
: environment seemingly devoid of spam.

I wish !

No, like everyone else, we get our fair share of SPAM, but unlike a lot of
other ISP's we take it personally if someone abuses our network and we
also like to communicate - especially with people who are complaining
about some aspect of our services. 

So unlike other ISP's who may send back an 'automated' reply to your email
or not even bother replying, we like to enter into a dialogue with the
person who is complaining, not only does this help us ascertain that the
complaint is genuine, but we feel it helps to assure you that we take your
complaint seriously - it's that personal touch that we, as a company, feel
is important. It also relieves my boredom if I have someone to talk to
when on weekend duty ;-)

However,  I can see from your point of view, that reporting 30 SPAM's a
day, could get a bit time consuming if all ISP's responded in this fashion
!

: : Anyway, if you would kindly provide your name and any other contact
: : details you feel are relavent, we will certainly look into this for
: 
: I feel the only relevant contact information is my e-mail address, which
: you already have. Besides, if I tell you my name is "Bob", are you
: really going to check?

No, we are not going to check, but see my last paragraph.

FYI, we do have a privacy policy that ensures we would never use the
details you provided us with to SPAM you, nor would your details ever be
passed onto a third party, except in the case where we feel your complaint
justifies us contacting the authorities, in which case we WOULD require
your full details.

: : you and take the appropriate action: Sending SPAM from our network is
: : contrary to our AUP and we take any such breaches very seriously.
: 
: That is good to hear. Now, after all this dialogue, hopefully you are
: sure that i am reporting spam and not sending it etc etc.

Yes, even if you are a bit shy about your name ;-)

I have already emailed our customer who is responsible for the IP address
in the header and (according to our terms & conditions) they now have 7
days to respond with a full report. I will then get back in touch with you
to report what was found and any action taken.

: As per standard procedure, the generic abuse type address you are
: contacting us from will be put in the block list here. You will make
: spam block #7020, the 124th abuse@ type alias.

Err, not sure what you mean here... Does this mean you are blocking the
email address abuse@caladan.net? Seems a bit pointless, I expect I have
misunderstood!

: : Unfortunately, due to UK law, we are currently unable to shoot the
: : user responsible ;-)
: 
: Maybe one day soon they will change that.. we can hope!

Well, I look forward to the day when SPAM and UCE is actually illegal in
the UK - currently it is perfectly legal here in the UK to send
unsolicited emails - unlike the US where they have at least got some
legislation. 

I guess we will get there eventually !

Anyway, nice talking to you - happy new year BTW - and I'll be in touch as
soon as we hear back from our customer.

Regards,
Chris


--- 
Caladan Communications Ltd 
Offering ISP and Telecoms services throughout the UK
TEL: 0870 751 5516  FAX: 01933 666972 
WEB: http://www.caladan.net/

From: security curmudgeon (jericho@attrition.org)
To: Chris Smith (chris@caladan.net)
Date: Sun, 5 Jan 2003 16:25:04 -0500 (EST)
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

: Oh dear, I guess I didn't misunderstand !
:
: :    ----- The following addresses had permanent fatal errors -----
: : (jericho@attrition.org)
: :     (reason: 553 5.3.0 (abuse@pop3.caladan.net)... - 300 Thanks but we
: :     don't need any more spam from your network.)
:
: How rude !!!

This is no more rude than your mail to me saying I had to give you my
personal contact information for YOU to followup on abuse from YOUR
network that violates YOUR aup.

: Please understand I am only trying to help - blocking our email addresses
: only stops us communicating, it isn't going to stop SPAM from us because the
: SPAM you were complaining about didn't come from us !

NOTHING you say from that address will help me. If you took care of the
spammer, good. If you didn't it sucks but I don't need to hear about the
struggles and tribulations of your crusade to track him down (was re:
reading your logs).

: I was just trying to be friendly and enter into a pleasant conversation with
: you. Whatever happened to friendship and understanding?

What ever happened to you understanding "SOP" like you quoted to me? You
said you needed my personal contact information, I told you that was
ridiculous. That wasn't friendship.. that was not showing understanding.
Like you, I followed *our* SOP and blocked the abuse@ alias and informed
you I was doing so, leaving you the option to contact me from another
address, just as you did. SEE HOW IT WORKED JUST FINE.

: As per my previous email - if you want us to look into this for you, we need
: to be able to communicate !  Or how can I let you know what we find?

And.. you are doing what right now? Communicating. And besides, you do NOT
need to communicate. In fact, stop mailing me and just put an end to this
spammer. Hell, the more you stall and the more you dick around, the more I
think caladan.net supports spam.


From: Chris Smith (chris@caladan.net)
To: security curmudgeon (jericho@attrition.org)
Date: Sun, 05 Jan 2003 21:50:16 -0000
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)

Hi Again,

Well, I guess we just misunderstood each other. For my part - I apologise for 
that. 

I can assure you we don't support SPAM and as I said - I have already started 
the process of tracking this spammer down and we WILL find him/her and he/she 
WILL be dealt with. If you don't wish to know the outcome of my investigation 
- fair enough, that is your perogative. 

I personally can do no more about this tonight (it's 9:45 sunday night here), 
other than I already have, so I wasn't 'dicking around' just trying to be 
friendly - I'm just an old fashioned English man who was brought up to be 
polite and friendly, I guess our two cultures are just different and we don't 
really understand each other ! 

I'm sorry you have a bad impression of me, and as everything I say just seems 
to annoy you, I will not contact you again unless you first contact me.

Assuring you on my best intentions and wishing you all the best.

Regards,
Chris


From: security curmudgeon (jericho@attrition.org)
To: Chris Smith (chris@caladan.net)
Date: Sun, 5 Jan 2003 16:55:15 -0500 (EST)
Subject: Re: SPAM: Win Free Prizes in PAKISTAN (fwd)


: : Sure there is a reason. You do not need it. Having my contact details
: : does
:
: True - technically we don't need it, but it's polite when entering into a
: dialogue with someone to provide a reference point - in human terms this
: usually means a name.

How do I know your name is Chris?

: : Because the subject prefaced it as SPAM: ?
:
: Unfortunately that doesn't mean a thing - I've seen SPAM & UCE prefixed
: with all sorts, including "SPAM:..."

I do not believe you. As the recipient of well over 100,000 spams in my
lifetime, I have not once seen it prefaced as "spam". The only time
spammers use the word spam is at the footer when thry try to justify their
actions or claim that "spam" is legal.

: So unlike other ISP's who may send back an 'automated' reply to your email
: or not even bother replying, we like to enter into a dialogue with the
: person who is complaining, not only does this help us ascertain that the
: complaint is genuine, but we feel it helps to assure you that we take your
: complaint seriously - it's that personal touch that we, as a company, feel

Which I do appreciate. I am glad you guys take it seriously and i am
further glad it violates your AUP as it should.

: However,  I can see from your point of view, that reporting 30 SPAM's a
: day, could get a bit time consuming if all ISP's responded in this fashion

Yep. I get about 30 here and more at another account. Just for fun, i
logged in to my dimcom account and grabbed 1 page of mail. This is without
me checked the account in a couple days and without deleting any 'legit'
mail:

+ N 152 Jan  3 Deiwen                               (1,882) jericho,Discreet extramarital dating
  N 153 Jan  3 andrea                               (3,002) A n t i * A g i n g   M_i_r_a_c_l_e  W_o_r_k_e_r
  N 154 Jan  3 Melanie                              (1,198) pussys with big cocks
  N 155 Jan  3 amann                                (2,332) Girls Believe Bigger Is Better
+ N 156 Jan  3 mairan sese seko                     (3,314) I NEED YOUR ASSISTANCE
  N 158 Jan  3 Kimberly Kauffeldt                   (2,989) jericho look and feel great get ready for 2003 now
+ N 159 Jan  3 webmaster                             (123K) A  funny website
+ N 160 Jan  3 HACKER ve GUVENLIK REHBERI           (7,722) GUVENDE MISINIZ ?
+ N 161 Jan  3 Tapio Makele                         (4,750) Urgent Assistance
  N 162 Jan  3 scooby99a@qa140.gettruesavings.com   (1,741) ADV: Bumper-to-Bumper extender warranties
  N 163 Jan  4 jmj93@hotmail.com                    (7,506) Printer Cartridges - Save up to 80%
  N 164 Jan  4 johncole20@ecplaza.net               (9,699) FROM JOHN COLEMAN
  N 165 Jan  4 hminiard@msn.com                    (14,166) Make your Penis Huge
+ N 166 Jan  3 jacquesl                              (131K) Have a humour Epiphany
  N 167 Jan  4 jjosev@msn.com                       (9,823) Get a Massive Penis Overnight
+ N 168 Jan  3 nshorthouse                           (123K) Hi,meeting notice
+ N 169 Jan  3 trouble                               (133K) A special  new website
  N 170 Jan  3 Breann Targosky                      (3,626) Information disorder
+ N 171 Jan  3 msuggett                             (2,960) JUNE 1999
  N 172 Jan  4 cepnews@telsim.com.tr                (6,724) CepPaket
  N 173 Jan  3 omorodioneki307@phantomemail.com     (3,502) URGENT
  N 174 Jan  3 Harry Carldata                         (738) jericho can you believe that gi
+ N 175 Jan  3 Mail Delivery Subsystem               (138K) Returned mail: see transcript for details
  N 176 Jan  4 alawita@yahoo.com                    (2,841) Lose Weight Fast!
  N 177 Jan  3 omorodioneki407@phantomemail.com     (3,502) URGENT
  N 178 Jan  4 danielle_brock@msn.com              (11,496) Increase your penis 3 inches in 21 days
+ N 180 Jan  4 eliz                                  (205K) Happy Epiphany
+ N 181 Jan  4 agentsteal                            (133K) A special  nice game
+ N 182 Jan  4 a010584gxig@hotmail.com              (3,379) Why have you been losing in the market?
  N 183 Jan  4 a__al@hotmail.com                    (2,416) Protect Yourself from Viruses
+ N 184 Jan  4 diesel fuel injection                (3,997) Head & Rotor VE 04/01/01
  N 185 Jan  4 g_14@msn.com                         (3,054) Quit smoking, cut the cravings in 3 weeks
  N 186 Jan  4 alvaincomesjk356@aol.com             (4,712) Finally! Discover The Secrets!
  N 187 Jan  4 bxiMay                               (3,597) Since the last time.last night.
+ N 188 Jan  4 angelofig@msn.com                    (4,929) Increase your penis 3 inches in 21 days
+ N 189 Jan  4 Mail Delivery Subsystem               (143K) Returned mail: Host unknown (Name server: telesys.cts.com: host not foun
+ N 190 Jan  4 perservere@msn.com                   (9,927) Increase your penis 3 inches in 21 days
  N 191 Jan  4 Morgan Lee                           (4,827) A serious (and realistic) offer for you
+ N 192 Jan  4 demona                                (135K) This is a generated file!  Do not edit.
+ N 193 Jan  4 To: jericho@dimensional.com           (131K) ACCESSKEY
  N 194 Jan  4 Tanika Ramanathan                    (2,965) Fountain of youth for jericho
+ N 195 Jan  4 Gulaid Zahmed                        (2,115) I wish...
  N 196 Jan  5 persherm@msn.com                     (5,451) All Natural Penis Enlargement Pills
+ N 197 Jan  4 pricing                               (129K) Re:jericho,questionnaire
+ N 198 Jan  4 AmishEd                               (135K) A  WinXP patch
+ N 199 Jan  4 dskanesh                              (132K) Function loops through each element of the
  N 200 Jan  4 broberts68@msn.com                   (6,773) Outlawed in 33 countries
  N 201 Jan  4 kldunc@msn.com                       (9,895) Increase your penis 3 inches in 21 days
  N 202 Jan  4 oiui664@yahoo.com                    (2,579) You need more energyDL

As you can see.. that is a lot of spam. With that account I can't even
keep up trying to complain about any of it. With attrition though, I can
control all the spam blocks and do forward all spam on.

Friendly chat is nice, but just not possible regarding something like
spam.

: details you provided us with to SPAM you, nor would your details ever be
: passed onto a third party, except in the case where we feel your complaint
: justifies us contacting the authorities, in which case we WOULD require
: your full details.

In which case I would contact them and CC you guys.

: : That is good to hear. Now, after all this dialogue, hopefully you are
: : sure that i am reporting spam and not sending it etc etc.
:
: Yes, even if you are a bit shy about your name ;-)

My name is all over my web site, has nothing to do with shy. Has to do
with the simple fact it is not required to followup on a AUP violation on
your network.

: I have already emailed our customer who is responsible for the IP address
: in the header and (according to our terms & conditions) they now have 7
: days to respond with a full report. I will then get back in touch with you
: to report what was found and any action taken.

Thanks but don't bother. If an open relay, you guys can shut it down. If
they actually spammed, you can shoot him in the knee.

: : As per standard procedure, the generic abuse type address you are
: : contacting us from will be put in the block list here. You will make
: : spam block #7020, the 124th abuse@ type alias.
:
: Err, not sure what you mean here... Does this mean you are blocking the
: email address abuse@caladan.net? Seems a bit pointless, I expect I have
: misunderstood!

Nope. That is exactly what it means as you saw. This rule rejects about 15
more mails coming into the system a day which is -><- much closer to
getting a mailbox full of real mail.

Thanks



main page ATTRITION feedback