ftp.pasteur.org/FAQ/

home *** CD-ROM | disk | FTP | other *** search

/ ftp.pasteur.org/FAQ/ / ftp-pasteur-org-FAQ.zip / FAQ / net-abuse-faq / part2 < prev next >

Wrap

Internet Message Format | 1996-01-29 | 19.4 KB

Path: senator-bedfellow.mit.edu!bloom-beacon.mit.edu!gatech!newsfeed.internetmci.com!uwm.edu!math.ohio-state.edu!magnus.acs.ohio-state.edu!lerc.nasa.gov!kira.cc.uakron.edu!odin.oar.net!malgudi.oar.net!catseye.bluemarble.net!shooter.bluemarble.net!scotty From: scotty@shooter.bluemarble.net (Scott Southwick) Newsgroups: news.admin.net-abuse.misc,alt.current-events.net-abuse,alt.answers,news.answers Subject: news.admin.net-abuse FAQ (2/2) Followup-To: news.admin.net-abuse.misc Date: 26 Jan 1996 23:32:18 GMT Organization: Blue Marble Lines: 476 Approved: news-answers-request@MIT.EDU Expires: 18 Feb 1996 Message-ID: <4eboa2$964@catseye.bluemarble.net> NNTP-Posting-Host: shooter.bluemarble.net Xref: senator-bedfellow.mit.edu news.admin.net-abuse.misc:39275 alt.current-events.net-abuse:35050 alt.answers:15265 news.answers:63316 Archive-name: net-abuse-faq/part2 Posting-Frequency: biweekly [Table of Contents for part two only:] NITTY-GRITTY 3.1) Yeah, but how many times is 'X'? 3.2) What is the Breidbart Index (BI)? 3.3) What is NoCeM? 3.4) Is there a blacklist of net-abusers? 3.5) How can I tell if a post is forged? 3.6) How do I know when I've got spam on my hands? 3.7) OK, I think I've spotted a spam. Who should I mail-bomb? 3.8) OK, I think I've spotted a spam. What should I do? 3.9) What about e-mail spam? 3.10) I e-mailed a complaint to {so-and-so} about their {e-mail, post} and now they're threatening to complain to my system administrator. What should I do? 3.11) What's a cancel-bot? 3.12) Where can I get me one? 3.13) How do spam-cancellers cancel spam? 3.14) Can I sick The Man on these MAKE.MONEY.FAST losers? 3.15) What is a killfile, and how do I use one? GROAN 4.1) Why are you net-abuse people such net-cops? 4.2) Hey, I think my newsgroup is being invaded by alt.syntax.tactical! 4.3) Hey, somebody posted an ad to <newsgroup>! 4.4) Hey, so-and-so's not being nice in <newsgroup>! 4.5) Hey, the Good Times virus-- 4.6) Hey, there's this <AT&T, Jerry Garcia, whatever> banner message in the newsgroup descriptions! 4.7) Hey, one of those net.cops posted an ad for <something>! Haw! Haw! APPENDIX news.admin.net-abuse.misc charter news.admin.net-abuse.misc charter and guidelines NITTY-GRITTY ============ 3.1) Yeah, but how many times is 'X'? How many posts does it take to push the spam envelope? To use up all your spam charity points? For a bare-bones spam? To trigger the raging-spam-cancellers-from-Hell? Among those who agree that spam should be defined solely by quantity, -----------------> 20 <-------------------- appears to be the magic number, or at least a number so middle-of-the-road that it provokes very little passionate dissent in either direction. Notably, Cancelmoose[tm] refuses to set a firm number, in the belief that people would simply post [X-1] messages. It's safe to say that a couple incidents of 19-post spams would cause the magic number to plummet. Thus, 20 should be considered a vague approximation only. Passionately dissenting note: Rahul Dhesi [dhesi@rahul.net], one of the fathers of the cancel-bot movement, sticks by the following definition: More than five physically distinct postings with substantially identical content posted within a period of ten days. 3.2) What is the Breidbart Index (BI)? The Breidbart Index (BI) is a measure of the breadth of any multi-posting, cross-posting, or combination of the two. BI is defined as the sum of the square roots of how many newsgroups each article was posted to. If that number approaches 20, then the posts will probably be cancelled by somebody. For instance, four identical posts to nine newsgroups each (4 times 3) has a BI of 12. However, nine identical posts to four newsgroups each (9 times 2) has a BI of 18. 3.3) What is NoCeM? NoCeM is an end to all this spam, and an end to all this cancelling. With NoCeM (pronounced "No See 'Em"), your newsreader goes out and gets certain posts (from trusted parties) that contain lists of junk articles (ECP, spam, etc.) Your newsreader then hides those articles from you. Note that right now there's only a NoCeM newsreader for Unix. The move to NoCeM is headed by the Cancelmoose[tm] (moose@cm.org), and the moose's web site has all the info you might want about NoCeM: http://www.cm.org Also check out the newsgroup alt.nocem.misc, which will degenerate into a Big 7 newsgroup one of these days. 3.4) Is there a blacklist of net-abusers? Yes, Axel Boldt maintains the world-renowned "Blacklist of Internet Advertisers" at http://math-www.uni-paderborn.de/~axel/BL/blacklist.html 3.4) How can I tell if a post is forged? Gandalf (gandalf@ddi.digital.net) is putting together a guide to tracking down forgeries, and posting the FAQ to news.admin.net-abuse.misc. I've saved a copy of the second draft at http://www.bluemarble.net/~scotty/forgery.html For a rough article on forgery, originally constructed for this FAQ out of information contributed by Robert Bonomi, Arthur Byrne, Emma Pease, and Alan Bostick, see http://sckb.ucssc.indiana.edu/kb/data/all.afco.html For more information on headers, see RFC-1036, "Standard for Interchange of Usenet Messages," at http://www.cis.ohio-state.edu/htbin/rfc/rfc1036.html 3.5) How can I tell how many newsgroups an article was posted to? For people who can't use the classic "grepping the newsspool" method, nn or nngrab may be able to help. (The following is adapted from a posting by Lee Rudolph--thanks.) You can force the Unix newsreader nn to ignore your .newsrc and create a "merged newsgroup" consisting only of articles containing a certain word in their subject line. For instance, to gather all articles at your site containing the word "spam" in their subject line, use this command: % nngrab spam That's basically a faster version of % nn -i -s"spam" -mXx Caution: this latter method can be a long, tedious process. See the nn man page for more details. 3.6) OK, I'm certain it's spam. Who should I mail-bomb? Don't mail-bomb anybody. Harrassment is illegal everywhere. If somebody's done something truly evil, they'll get enough single responses from individuals to acheive the same effect. 3.7) OK, I'm certain it's spam. What should I do? * Check n.a.n-a.announce. If somebody's already made a definitive spotting, there's no sense in an "I've seen it, too" post. * Include a *complete* header from one copy of the spam in your post to n.a.n-a.announce. Set followups to n.a.n-a.misc. * Say how many newsgroups at your site it was posted to; list 20 or more of them. (See "How do I know how many newsgroups an article was posted to?") * Complain politely to the spammer and the Usenet administrator at the spammer's site (whose address should be "usenet@site.name"; if that fails, try "postmaster@site.name".) Request that the Usenet administrator post a response to n.a.n-a.announce, detailing what actions have been taken. 3.8) What about e-mail spam? You can always complain about unsolicited e-mail to both the bozo that sent it to you and the bozo's postmaster. To write to a postmaster, just substitute the perp's username in their address (e.g., bozo@otherwise.lovely.com) with "postmaster" (i.e., postmaster@otherwise.lovely.com.) Please be brief and polite with the postmasters, include a copy of the e-mail you received, and leave the subject-line intact (in case the postmaster wants to set up an auto-responder.) 3.9) I e-mailed a complaint to so-and-so about their {post, mail}, and now they're threatening to complain to my system administrator. What should I do? Let your sys-admin know right away what's happening. Tell them the story, briefly. [Include the post(s) in question?] Then keep them updated on any further threats. If you're brief, polite, and on the right side, you can usually find an ally in your sys-admin. 3.10) What is a cancel-bot? First off, "cancel-bot" is an unfortunate misnomer, and one that the conventional media have understandably misunderstood. "bot" implies that something is out there, running unattended, cancelling whatever meets its nefarious qualifications... But this author knows of *no* automated cancel programs in use against any type of Usenet postings, and has never heard of such a program. All spam-cancels are sent out manually and deliberately by actual human beings. (They happen to use a program that is commonly referred to as a "cancel-bot".) A cancel-bot is a program that sends out cancel messages; you feed it the message-IDs of posts, and it sends out a cancel message for each one (see RFC 1036.) Cancel messages are normally sent out by a newsreader in response to a user's request to cancel a message, using a newsreader command, *if* the user was also the original poster of the message. Sites will ignore cancel messages that don't appear to come from the original poster. Cancel-bots work around this restriction by using header lines that make it look like the original poster sent out the cancel; they'll usually add something like a "Cancelled-By" header line as well, to keep things nominally above-board. Use of a cancel-bot against anything besides 'consensus spam' outrages people, as it should. See alt.religion.scientology for sample discussions. 3.11) Where can I get me a cancel-bot? If you have to ask, you should probably wait a while. ;} 3.12) How do the spam-cancellers cancel spam? * They make bloody sure they know how to use their cancel-bot; * They confirm the spam themselves; * They announce their action to n.a.n-a.announce. This prevents everyone from waiting around and wondering whether anyone's done anything. Here's a standard section from a cancel-notification post by the beloved Cancelmoose(TM): The $alz cancel. and Path: cyberspam conventions were followed. [The $alz convention is to create your cancel message-ID by prepending 'cancel.' to the original one. The cyberspam convention is to use- 'Path: cyberspam!usenet' so that sites that do not want your cancels can easily opt out. Please use these when cancelling spam.] 3.13) Can I sick The Man on these MAKE.MONEY.FAST losers? You can complain about e-mail or Usenet pyramid schemes (at least those involving Americans somehow) to the FTC: STAFF CONTACT: Bureau of Consumer Protection David Medine, 202-326-3224 dmedine@ftc.gov Before doing so, consider seriously whether you actually want to encourage government intervention. The number of 'net cases the FTC has been involved in is very low at this point; in an ideal world, it would probably remain that way. 3.15) What is a killfile, and how do I use one? A killfile enables you to permnanently avoid reading posts by certain people, or from a certain site, or whose Subject: lines contain particular words... Check out the RN killfile FAQ at http://www.cis.ohio-state.edu/hypertext/faq/usenet/killfile-faq/faq.html Here's some newsreaders that support killfiles (search http://vsl.cnet.com/cgi-bin/vsl-master/QuickForm? to acquire the software): * trn (Unix) * nn (Unix) * NewsHopper (Mac) [please send me the names of those you know about. Thanks--] If your newsreader doesn't allow killfiling, write the author of the newsreading software and ask them to add support for killfiles. Although it doesn't discuss killfiling, see 'The "Good Net-Keeping Seal of Approval" for Usenet Software' at http://kalypso.cybercom.net/~rnewman/Good_Netkeeping_Seal for more information on what makes a good newsreader. GROAN ===== 4.1) I hate net-cops like you people. Who will watch the watchmen? net-cop.cops like this, apparently. ;} Anyways, anyone who wanted to police the net would be a pig-headed, unrealistic fool. Thankfully, we just want to shoot spam out of the sky, because * We hate it, * It feels good, and * We can. Anyways, if you don't like spam being cancelled at your site, you can have your upstream feeds alias your site to "cyberspam". 4.2) Hey, I think my group's being invaded by alt.syntax.tactical! We're sorry. Please don't bring that subject up again here. Good luck... Keith "Justified and Ancient" Cochran, who has been wrongfully accused of a.s.t involvement himself, adds: "I would suggest the first thing you do is take a chill pill." (Note that there is no second thing to do. However, you may want to pass the time reading the alt.bigfoot FAQ: http://www.cis.ohio-state.edu/hypertext/faq/usenet/bigfoot/top.html --particularly the part about cats.) See also "What is a killfile, and how do I use one?" 4.3) Hey, somebody posted an ad in {newsgroup}! So? Alright, alright: first, check to see if the post was obviously forged (see "How can I spot a forgery?") Then check to see if it's spam (see "What is Spam" and "How do I know when I've got spam on my hands?") It's probably not. We only want to hear about it if it's spam. If the ad is off-topic, and you really can't let it go, check out the advice in "Hey, so-and-so's not being nice in {newsgroup}!" 4.4) Hey, so-and-so's not being nice in {newsgroup}! Happens all the time. We don't want to hear about it. However, here are some things you can do (written by Keith "Justified and Ancient" Cochran): "The first thing to do is take it up with user@some.site. If you can't achieve a mutual understanding, then you _MIGHT_ (note, not WILL, _MIGHT_) want to mail postmaster@some.site with your complaint. If you are going to write to postmaster@some.site, be sure to include the full, unedited post you have a problem with, a short but descriptive summary of why you have a problem with it, and a short, but descriptive explanation of what you would like to have happen. "Note that this does not apply to MAKE.MONEY.FAST. If you see a copy of M.M.F, just e-mail postmaster@some.site, including the article ID, and the first paragraph of the post." See also "What is a killfile, and how do I use one?" 4.5) Hey, the "Good Times" virus-- is a total, 100%, long-proven hoax. For the complete story, see http://www.nsm.smcm.edu/News/GTHoax.html 4.6) Hey, there's this <AT&T, Jerry Garcia, whatever> banner message in the newsgroup descriptions! We know, we know... It's a fairly common prank to add bunches of newsgroups whose descriptions spell something out. Ask your local news admninstrator to rmgroup the whole lot. 4.7) Hey, one of those net.cops posted an ad for <something>! Haw! Haw! "Ad" does not equal "spam". "Ad" does not equal "net-abuse". APPENDIX ======== news.admin.misc charter: news.admin.net-abuse.misc is for the discussion of possible abuses of netnews and e-mail. It is for the discussion of standards of net abuse, to suggest appropriate courses of action (if any) to net abuse and to post reports of alleged occurrences of net abuse. Relevant topics include events associated with net abuse such as: spamming (posting many individual copies of any article), excessive crossposting of non-germane articles, injection of malformed articles into the news system (broken gateways, for example), or other forms of "roboposting" involving large numbers of postings to one or more groups, forging identity of postings, forged approval to moderated groups, forged cancellation of articles including cancellation of net abuse articles, use of rmgroup/newgroup in an abusive manner, large-scale mailings to mailing lists or other mail-bombing, deciding what isn't net abuse, general issues of netiquette, methods for resolving conflicts, proposed blacklists and boycotts, "renegade" sites, etc. Postings include news reports, reviews, and conferences, and net-abuse FAQs. Although commercial posts are not inherently net-abuse, proper methods of posting commercial material are within the scope of this group. news.admin.net-abuse.announce charter and guidelines: news.admin.net-abuse.announce Charter and Guidelines 1. What topics are relevant to this group? Events associated with net abuse, such as: - posting many individual copies of any article. Or, excessive crossposting of non-germane articles. - injection of malformed articles into the news system (broken gateways, for example), or other forms of "roboposting" involving large numbers of postings to one or more groups. - Forging identity of postings - Forged approval to moderated groups - Forged cancellation of articles not included above. Note that cancellation of net abuse articles is also relevant to the topic of net abuse. - Use of rmgroup/newgroup in an abusive manner - large-scale mailings to mailing lists or other mail-bombing Postings to this group may also include announcements relevant to the topic of net abuse, such as news reports, reviews, and conferences, and possible net-abuse FAQs. The purpose of this group is not to decide the guilt or innocence of any parties, but rather to simply report on the activity (much like the crime section found in many local newspapers). It must be kept clear that the net is a new legal area, but it is also one with a lot of unwritten rules. The moderators are in no way are attempting to act as judges, lawyers, or mediators. 2. Posting of reports of this kind of activity in no way implies that net-wide cancellation of such articles are to be encouraged. How local news admins deal with such incidents is strictly up to them. The moderators of this group should not be held responsible for actions taken by others in response to articles posted to news.admin.net-abuse.announce. 3. No moderator will engage in the following activities: - cancellation of any posts other than ones posted by them, excepting articles with forged approval to newsgroups they moderate or, if they are a news admin, posts originating from their site (following the local site's procedures). - Sending of "mailbombs", threats, abusive e-mail, or other attacks in response to alleged net abuse. 4. We are committed to providing accurate information regarding events related to net abuse (with emphasis on Usenet) in a timely manner. However, as we the moderators must often rely on the reports of others, whenever we have not confirmed a report ourselves we will state so in the posting. 5. Right of Reply. If posts have been made in this group concerning an individual's alleged net abuse and the individual and/or site from which it originated have suffered negative consequences in the form of articles cancelled, accounts cancelled, or substantial negative email; then the individual and site each have the right to one (but no more than one) reply for the purpose of justification, rebuttal, or reports of actions taken to correct or cancel the alleged abuse. 6. Examples of inappropriate postings: - redundant reports of events - Trivial events, for example "Hey, this guy posted an ad to comp.sys.xyz!" 7. Administravia - Approval of postings will be made by a team of moderators. - Change of moderators will be made by majority. Forcible removal of a moderator will be by consensus of remaining moderators. - Any rule changes will be made by majority of the moderators. Initial moderators: David Barr <barr@math.psu.edu> Joel Furr <jfurr@acpub.duke.edu> Paul Phillips <paulp@CERF.NET> Abby Franquemont-Guillory <abbyfg@tezcat.com> ---- [New:] Liszt: http://www.liszt.com/ A searchable directory of over 22,000 mailing lists.