Search the FAQ Archives

3 - A - B - C - D - E - F - G - H - I - J - K - L - M
N - O - P - Q - R - S - T - U - V - W - X - Y - Z
faqs.org - Internet FAQ Archives

news.admin.net-abuse FAQ (2/2)

( Part1 - Part2 )
[ Usenet FAQs | Web FAQs | Documents | RFC Index | Forum ]
Archive-name: net-abuse-faq/part2
Posting-Frequency: biweekly

See reader questions & answers on this topic! - Help others by sharing your knowledge
[Table of Contents for part two only:]

NITTY-GRITTY

3.1) Yeah, but how many times is 'X'?
3.2) What is the Breidbart Index (BI)?
3.3) What is NoCeM?
3.4) Is there a blacklist of net-abusers?
3.5) How can I tell if a post is forged?
3.6) How do I know when I've got spam on my hands?
3.7) OK, I think I've spotted a spam. Who should I mail-bomb?
3.8) OK, I think I've spotted a spam. What should I do?
3.9) What about e-mail spam?
3.10) I e-mailed a complaint to {so-and-so} about their {e-mail, post}
and now they're threatening to complain to my system administrator.
What should I do?
3.11) What's a cancel-bot?
3.12) Where can I get me one?
3.13) How do spam-cancellers cancel spam?
3.14) Can I sick The Man on these MAKE.MONEY.FAST losers?
3.15) What is a killfile, and how do I use one?

GROAN

4.1) Why are you net-abuse people such net-cops?
4.2) Hey, I think my newsgroup is being invaded by alt.syntax.tactical!
4.3) Hey, somebody posted an ad to <newsgroup>!
4.4) Hey, so-and-so's not being nice in <newsgroup>!
4.5) Hey, the Good Times virus--
4.6) Hey, there's this <AT&T, Jerry Garcia, whatever> banner message
in the newsgroup descriptions!
4.7) Hey, one of those net.cops posted an ad for <something>! Haw! Haw!

APPENDIX

news.admin.net-abuse.misc charter
news.admin.net-abuse.misc charter and guidelines

NITTY-GRITTY
============

3.1) Yeah, but how many times is 'X'?

How many posts does it take to push the spam envelope? To use up all
your spam charity points? For a bare-bones spam? To trigger the
raging-spam-cancellers-from-Hell?

Among those who agree that spam should be defined solely by quantity,

             -----------------> 20 <--------------------

appears to be the magic number, or at least a number so
middle-of-the-road that it provokes very little passionate dissent in
either direction. Notably, Cancelmoose[tm] refuses to set a firm
number, in the belief that people would simply post [X-1]
messages. It's safe to say that a couple incidents of 19-post spams
would cause the magic number to plummet. Thus, 20 should be considered
a vague approximation only.

Passionately dissenting note: Rahul Dhesi [dhesi@rahul.net], one of
the fathers of the cancel-bot movement, sticks by the following
definition:

     More than five physically distinct postings with substantially
     identical content posted within a period of ten days.

3.2) What is the Breidbart Index (BI)?

The Breidbart Index (BI) is a measure of the breadth of any
multi-posting, cross-posting, or combination of the two. BI is defined
as the sum of the square roots of how many newsgroups each article was
posted to.  If that number approaches 20, then the posts will probably
be cancelled by somebody.

For instance, four identical posts to nine newsgroups each (4 times 3)
has a BI of 12. However, nine identical posts to four newsgroups each
(9 times 2) has a BI of 18.

3.3) What is NoCeM?

NoCeM is an end to all this spam, and an end to all this
cancelling. With NoCeM (pronounced "No See 'Em"), your newsreader goes
out and gets certain posts (from trusted parties) that contain lists
of junk articles (ECP, spam, etc.) Your newsreader then hides those
articles from you.

Note that right now there's only a NoCeM newsreader for Unix.

The move to NoCeM is headed by the Cancelmoose[tm] (moose@cm.org), and
the moose's web site has all the info you might want about NoCeM:

    http://www.cm.org

Also check out the newsgroup alt.nocem.misc, which will degenerate
into a Big 7 newsgroup one of these days.

3.4) Is there a blacklist of net-abusers?

Yes, Axel Boldt maintains the world-renowned "Blacklist of Internet
Advertisers" at

    http://math-www.uni-paderborn.de/~axel/BL/blacklist.html

3.4) How can I tell if a post is forged?

Gandalf (gandalf@ddi.digital.net) is putting together a guide to
tracking down forgeries, and posting the FAQ to
news.admin.net-abuse.misc. I've saved a copy of the second draft at

    http://www.bluemarble.net/~scotty/forgery.html

For a rough article on forgery, originally constructed for this FAQ
out of information contributed by Robert Bonomi, Arthur Byrne, Emma
Pease, and Alan Bostick, see

    http://sckb.ucssc.indiana.edu/kb/data/all.afco.html

For more information on headers, see RFC-1036, "Standard for
Interchange of Usenet Messages," at

    http://www.cis.ohio-state.edu/htbin/rfc/rfc1036.html

3.5) How can I tell how many newsgroups an article was posted to?

For people who can't use the classic "grepping the newsspool" method,
nn or nngrab may be able to help. (The following is adapted from a
posting by Lee Rudolph--thanks.)

You can force the Unix newsreader nn to ignore your .newsrc and create
a "merged newsgroup" consisting only of articles containing a certain
word in their subject line. For instance, to gather all articles at
your site containing the word "spam" in their subject line, use this
command:

  % nngrab spam

That's basically a faster version of

  % nn -i -s"spam" -mXx

Caution: this latter method can be a long, tedious process. See the nn
man page for more details.

3.6) OK, I'm certain it's spam. Who should I mail-bomb?

Don't mail-bomb anybody. Harrassment is illegal everywhere. If
somebody's done something truly evil, they'll get enough single
responses from individuals to acheive the same effect.

3.7) OK, I'm certain it's spam. What should I do?

* Check n.a.n-a.announce. If somebody's already made a definitive
spotting, there's no sense in an "I've seen it, too" post.

* Include a *complete* header from one copy of the spam in your post
to n.a.n-a.announce. Set followups to n.a.n-a.misc.

* Say how many newsgroups at your site it was posted to; list 20 or
more of them. (See "How do I know how many newsgroups an article was
posted to?")

* Complain politely to the spammer and the Usenet administrator at the
spammer's site (whose address should be "usenet@site.name"; if that
fails, try "postmaster@site.name".) Request that the Usenet
administrator post a response to n.a.n-a.announce, detailing what
actions have been taken.

3.8) What about e-mail spam?

You can always complain about unsolicited e-mail to both the bozo that
sent it to you and the bozo's postmaster. To write to a postmaster,
just substitute the perp's username in their address (e.g.,
bozo@otherwise.lovely.com) with "postmaster" (i.e.,
postmaster@otherwise.lovely.com.) Please be brief and polite with the
postmasters, include a copy of the e-mail you received, and leave the
subject-line intact (in case the postmaster wants to set up an
auto-responder.)

3.9) I e-mailed a complaint to so-and-so about their {post, mail}, and
now they're threatening to complain to my system administrator. What
should I do?

Let your sys-admin know right away what's happening. Tell them the
story, briefly. [Include the post(s) in question?] Then keep them
updated on any further threats.

If you're brief, polite, and on the right side, you can usually find
an ally in your sys-admin.

3.10) What is a cancel-bot?

First off, "cancel-bot" is an unfortunate misnomer, and one that the
conventional media have understandably misunderstood. "bot" implies
that something is out there, running unattended, cancelling whatever
meets its nefarious qualifications... But this author knows of *no*
automated cancel programs in use against any type of Usenet postings,
and has never heard of such a program. All spam-cancels are sent out
manually and deliberately by actual human beings. (They happen to use
a program that is commonly referred to as a "cancel-bot".)

A cancel-bot is a program that sends out cancel messages; you feed it
the message-IDs of posts, and it sends out a cancel message for each
one (see RFC 1036.) Cancel messages are normally sent out by a
newsreader in response to a user's request to cancel a message, using
a newsreader command, *if* the user was also the original poster of
the message. Sites will ignore cancel messages that don't appear to
come from the original poster.  Cancel-bots work around this
restriction by using header lines that make it look like the original
poster sent out the cancel; they'll usually add something like a
"Cancelled-By" header line as well, to keep things nominally
above-board.

Use of a cancel-bot against anything besides 'consensus spam' outrages
people, as it should. See alt.religion.scientology for sample
discussions.

3.11) Where can I get me a cancel-bot?

If you have to ask, you should probably wait a while. ;}

3.12) How do the spam-cancellers cancel spam?

   * They make bloody sure they know how to use their cancel-bot;
   * They confirm the spam themselves;
   * They announce their action to n.a.n-a.announce. This prevents
     everyone from waiting around and wondering whether anyone's done
     anything.

Here's a standard section from a cancel-notification post by the
beloved Cancelmoose(TM):

  The $alz cancel. and Path: cyberspam conventions were followed.  [The
  $alz convention is to create your cancel message-ID by prepending
  'cancel.' to the original one.  The cyberspam convention is to use-
  'Path: cyberspam!usenet' so that sites that do not want your cancels
  can easily opt out.  Please use these when cancelling spam.]

3.13) Can I sick The Man on these MAKE.MONEY.FAST losers?

You can complain about e-mail or Usenet pyramid schemes (at least
those involving Americans somehow) to the FTC:

  STAFF CONTACT:      Bureau of Consumer Protection
                      David Medine, 202-326-3224
                      dmedine@ftc.gov

Before doing so, consider seriously whether you actually want to
encourage government intervention. The number of 'net cases the FTC
has been involved in is very low at this point; in an ideal world, it
would probably remain that way.

3.15) What is a killfile, and how do I use one?

A killfile enables you to permnanently avoid reading posts by certain
people, or from a certain site, or whose Subject: lines contain
particular words... Check out the RN killfile FAQ at

   http://www.cis.ohio-state.edu/hypertext/faq/usenet/killfile-faq/faq.html

Here's some newsreaders that support killfiles (search
http://vsl.cnet.com/cgi-bin/vsl-master/QuickForm? to acquire the
software):

    * trn (Unix)
    * nn (Unix)
    * NewsHopper (Mac)

[please send me the names of those you know about. Thanks--]

If your newsreader doesn't allow killfiling, write the author of the
newsreading software and ask them to add support for killfiles.
Although it doesn't discuss killfiling, see 'The "Good Net-Keeping
Seal of Approval" for Usenet Software' at

   http://kalypso.cybercom.net/~rnewman/Good_Netkeeping_Seal

for more information on what makes a good newsreader.

GROAN
=====

4.1) I hate net-cops like you people.

Who will watch the watchmen? net-cop.cops like this,
apparently. ;} Anyways, anyone who wanted to police the net would be a
pig-headed, unrealistic fool. Thankfully, we just want to shoot spam
out of the sky, because

  * We hate it,
  * It feels good, and
  * We can.

Anyways, if you don't like spam being cancelled at your site, you can
have your upstream feeds alias your site to "cyberspam".

4.2) Hey, I think my group's being invaded by alt.syntax.tactical!

We're sorry. Please don't bring that subject up again here. Good
luck... Keith "Justified and Ancient" Cochran, who has been wrongfully
accused of a.s.t involvement himself, adds: "I would suggest the first
thing you do is take a chill pill." (Note that there is no second
thing to do. However, you may want to pass the time reading the
alt.bigfoot FAQ:

  http://www.cis.ohio-state.edu/hypertext/faq/usenet/bigfoot/top.html

--particularly the part about cats.)

See also "What is a killfile, and how do I use one?"

4.3) Hey, somebody posted an ad in {newsgroup}!

So?

Alright, alright: first, check to see if the post was obviously forged
(see "How can I spot a forgery?")

Then check to see if it's spam (see "What is Spam" and "How do I know
when I've got spam on my hands?") It's probably not. We only want to
hear about it if it's spam.

If the ad is off-topic, and you really can't let it go, check out the
advice in "Hey, so-and-so's not being nice in {newsgroup}!"

4.4) Hey, so-and-so's not being nice in {newsgroup}!

Happens all the time. We don't want to hear about it. However, here
are some things you can do (written by Keith "Justified and Ancient"
Cochran):

"The first thing to do is take it up with user@some.site.  If you
can't achieve a mutual understanding, then you _MIGHT_ (note, not
WILL, _MIGHT_) want to mail postmaster@some.site with your complaint.
If you are going to write to postmaster@some.site, be sure to include
the full, unedited post you have a problem with, a short but
descriptive summary of why you have a problem with it, and a short,
but descriptive explanation of what you would like to have happen.

"Note that this does not apply to MAKE.MONEY.FAST.  If you see a copy
of M.M.F, just e-mail postmaster@some.site, including the article ID,
and the first paragraph of the post."

See also "What is a killfile, and how do I use one?"

4.5) Hey, the "Good Times" virus--

is a total, 100%, long-proven hoax. For the complete story, see

    http://www.nsm.smcm.edu/News/GTHoax.html

4.6) Hey, there's this <AT&T, Jerry Garcia, whatever> banner message
in the newsgroup descriptions!

We know, we know... It's a fairly common prank to add bunches of
newsgroups whose descriptions spell something out. Ask your local news
admninstrator to rmgroup the whole lot.

4.7) Hey, one of those net.cops posted an ad for <something>! Haw! Haw!

    "Ad" does not equal "spam".
    "Ad" does not equal "net-abuse".

APPENDIX
========

news.admin.misc charter:

   news.admin.net-abuse.misc is for the discussion of possible abuses
   of netnews and e-mail. It is for the discussion of standards of net
   abuse, to suggest appropriate courses of action (if any) to net
   abuse and to post reports of alleged occurrences of net
   abuse. Relevant topics include events associated with net abuse
   such as: spamming (posting many individual copies of any article),
   excessive crossposting of non-germane articles, injection of
   malformed articles into the news system (broken gateways, for
   example), or other forms of "roboposting" involving large numbers
   of postings to one or more groups, forging identity of postings,
   forged approval to moderated groups, forged cancellation of
   articles including cancellation of net abuse articles, use of
   rmgroup/newgroup in an abusive manner, large-scale mailings to
   mailing lists or other mail-bombing, deciding what isn't net abuse,
   general issues of netiquette, methods for resolving conflicts,
   proposed blacklists and boycotts, "renegade" sites, etc.  Postings
   include news reports, reviews, and conferences, and net-abuse FAQs.
   Although commercial posts are not inherently net-abuse, proper
   methods of posting commercial material are within the scope of this
   group.

news.admin.net-abuse.announce charter and guidelines:


   news.admin.net-abuse.announce Charter and Guidelines

   1. What topics are relevant to this group? Events associated with net
      abuse, such as:
      - posting many individual copies of any article.
      Or, excessive crossposting of non-germane articles.
      - injection of malformed articles into the news system (broken
      gateways, for example), or other forms of "roboposting" involving
      large numbers of postings to one or more groups.
      - Forging identity of postings
      - Forged approval to moderated groups
      - Forged cancellation of articles not included above.  Note that
        cancellation of net abuse articles is also relevant to the
        topic of net abuse.
      - Use of rmgroup/newgroup in an abusive manner
      - large-scale mailings to mailing lists or other mail-bombing

      Postings to this group may also include announcements relevant
      to the topic of net abuse, such as news reports, reviews, and
      conferences, and possible net-abuse FAQs.

      The purpose of this group is not to decide the guilt or
      innocence of any parties, but rather to simply report on the
      activity (much like the crime section found in many local
      newspapers).  It must be kept clear that the net is a new legal
      area, but it is also one with a lot of unwritten rules.  The
      moderators are in no way are attempting to act as judges,
      lawyers, or mediators.

   2. Posting of reports of this kind of activity in no way implies
      that net-wide cancellation of such articles are to be
      encouraged.  How local news admins deal with such incidents is
      strictly up to them.  The moderators of this group should not be
      held responsible for actions taken by others in response to
      articles posted to news.admin.net-abuse.announce.

   3. No moderator will engage in the following activities:

      - cancellation of any posts other than ones posted by them,
        excepting articles with forged approval to newsgroups they
        moderate or, if they are a news admin, posts originating from
        their site (following the local site's procedures).
      - Sending of "mailbombs", threats, abusive e-mail, or other
        attacks in response to alleged net abuse.

   4. We are committed to providing accurate information regarding
      events related to net abuse (with emphasis on Usenet) in a
      timely manner.  However, as we the moderators must often rely on
      the reports of others, whenever we have not confirmed a report
      ourselves we will state so in the posting.

   5. Right of Reply. If posts have been made in this group concerning
      an individual's alleged net abuse and the individual and/or site
      from which it originated have suffered negative consequences in
      the form of articles cancelled, accounts cancelled, or
      substantial negative email; then the individual and site each
      have the right to one (but no more than one) reply for the
      purpose of justification, rebuttal, or reports of actions taken
      to correct or cancel the alleged abuse.

   6. Examples of inappropriate postings:
      - redundant reports of events
      - Trivial events, for example "Hey, this guy posted an ad to
        comp.sys.xyz!"

   7. Administravia
      - Approval of postings will be made by a team of moderators.
      - Change of moderators will be made by majority.  Forcible removal
        of a moderator will be by consensus of remaining moderators.
      - Any rule changes will be made by majority of the moderators.

   Initial moderators:
   David Barr <barr@math.psu.edu>
   Joel Furr <jfurr@acpub.duke.edu>
   Paul Phillips <paulp@CERF.NET>
   Abby Franquemont-Guillory <abbyfg@tezcat.com>

----
[New:]

           Liszt: http://www.liszt.com/
    A searchable directory of over 22,000 mailing lists.

User Contributions:

Comment about this article, ask questions, or add new information about this topic:

CAPTCHA




Part1 - Part2

[ Usenet FAQs | Web FAQs | Documents | RFC Index ]

Send corrections/additions to the FAQ Maintainer:
scotty@shooter.bluemarble.net (Scott Southwick)





Last Update March 27 2014 @ 02:11 PM