HopOne - writes "pink contracts" and refuses to take actions, claiming to be "just a carrier" (and no, ISPs are NOT common carriers, and are not protected as ones). Update: 18 Apr 2004: HopOne admits in writing "pink contracts" with the abusers. Update: 4 Jun 2004: Internet Death Penalty request against HopOne. Update: 8 Jun 2004: HopOne's Internet Abuse person lies, trying to refute the Internet Death Penalty proposal. Update: 6 Aug 2004: HopOne has changed?.. hopone.net, [66.36.224.0 - 66.36.255.255], [66.235.160.0 - 66.235.191.255], [207.228.224.0 - 207.228.255.255]: Access denied! === The evidence === Path: uni-berlin.de!fu-berlin.de!snewsf0.syd.ops.aspac.uu.net!news1.optus.net.au!optus!news.mel.connect.com.au!news.xtra.co.nz!newsfeed01.tsnz.net!ken-transit.news.telstra.net!news.telstra.net!news-server.bigpond.net.au!53ab2750!not-for-mail Subject: OT: I just got cartoonied by Hopone.net From: Peter Newsgroups: news.admin.net-abuse.email Message-ID: <040220041304174476%spamfromnewsgroups@chatomatic.net> MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-transfer-encoding: 8bit Mail-Copies-To: nobody User-Agent: Thoth/1.6.0 (Carbon/OS X) Lines: 96 Date: Wed, 04 Feb 2004 02:33:51 GMT NNTP-Posting-Host: 144.136.206.219 X-Complaints-To: abuse@bigpond.net.au X-Trace: news-server.bigpond.net.au 1075862031 144.136.206.219 (Wed, 04 Feb 2004 13:33:51 EST) NNTP-Posting-Date: Wed, 04 Feb 2004 13:33:51 EST Organization: BigPond Internet Services Xref: uni-berlin.de news.admin.net-abuse.email:2163510 Return-path: Received: from mta10bw.bigpond.com ([192.168.115.46]) by mailms8aps.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with ESMTP id <0HSJ009EM8WLJI@mailms8aps.email.bigpond.com> for @ims-ms-daemon; Wed, 04 Feb 2004 09:50:45 +1000 (EST) Received: from cofe-daemon.mta10bw.email.bigpond.com by mta10bw.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) id <0HSJ00D2C8WLCL@mta10bw.email.bigpond.com> for (ORCPT); Wed, 04 Feb 2004 09:50:45 +1000 (EST) Received: from tbf-daemon.mta10bw.email.bigpond.com by mta10bw.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) id <0HSJ00DB58WIZW@mta10bw.email.bigpond.com> for; Wed, 04 Feb 2004 09:50:42 +1000 (EST) Received: from bwmam12.bigpond.com ([144.135.24.103]) by mta10bw.email.bigpond.com (iPlanet Messaging Server 5.2 HotFix 1.14 (built Mar 18 2003)) with SMTP id <0HSJ009U98WIBS@mta10bw.email.bigpond.com> for ; Wed, 04 Feb 2004 09:50:42 +1000 (EST) Received: from efwd.dnsix.com ([216.34.94.189]) by bwmam12.bigpond.com(MAM REL_3_4_2 183/83632663) with SMTP id 83632663; Wed, 04 Feb 2004 09:50:42 +1000 Received: from [209.90.166.20] (helo=master4.yvr1.superb.net) by efwd.dnsix.com with smtp (Exim 4.24) id 1AoAJV-0000ut-3k for peter@chatomatic.net; Tue, 03 Feb 2004 15:50:41 -0800 Received: from noname.hopone.net (fw.yvr1.superb.net [209.90.166.2]) by master4.yvr1.superb.net (8.12.9/8.12.8) with ESMTP id i13Nodlc026044 for ; Tue, 03 Feb 2004 15:50:39 -0800 Date: Tue, 03 Feb 2004 15:50:39 -0800 From: Abuse Department Subject: Re: Gamewinners.com - Abusive Practises In-reply-to: X-Sender: abuse@umail1.superb.net To: Peter Message-id: <5.1.1.6.0.20040203154805.00b011d0@umail1.superb.net> MIME-version: 1.0 X-Mailer: QUALCOMM Windows Eudora Version 5.1.1 Content-type: text/plain; charset=us-ascii; format=flowed References: <5.1.1.6.0.20040202104653.00ae8758@umail1.superb.net> <5.1.1.6.0.20040202104653.00ae8758@umail1.superb.net> Original-recipient: rfc822;plikidis@bigpond.net.au >>Not true, please investigate conduit liability and what statutes we are >>liable for and what we are not. If someone is using a telephone for >>something illegal do you think the telephone company is responsible for >>it? No. > >Please learn the Tort of Negligence (free hint) it's in the common law. >But considering I've tried to let you know about it and you have chosen to >do nothing I will be forwarding this information to your local police. >Many people seem to agree loading of trojan software when visiting a >website is something they would be vary interested in. This is all fine but we do not control nor censor what our customers publish. They are personally or corporately liable for what they publish. We provide network connectivity, environmental services (air conditioning and moisture control), power and space to physically host a server. We, in no way, claim responsibility or liability for what people make available on the internet. Please do not harass us further or you may find yourself liable for it. Do not send any more accusations via email. You are hereby notified that anything further from you is, in fact, unsolicited and will be treated as such. Which by the way I did report to the FBI. They had a very interesting reply: Dear Sir, THIS IS NOT AN AUTOMATED REPLY Thank you for your submission to the FBI Internet Tip Line. Inasmuch as the FBI has recently received numerous reports concerning the forum.cvv.ru, www.hopone.net, www.shadowcrew.com and www.dumpsmarket.com Web sites, there is no need to forward any such additional emails to us. Our Cyber Division is aware of this fraud, and is addressing the matter. === One of replies === Path: uni-berlin.de!fu-berlin.de!in.100proofnews.com!in.100proofnews.com!cycny01.gnilink.net!cyclone1.gnilink.net!ngpeer.news.aol.com!audrey-m1.news.aol.com!not-for-mail Lines: 42 X-Admin: news@aol.com From: wireguy13@aol.com (WireGuy13) Newsgroups: news.admin.net-abuse.email Date: 04 Feb 2004 03:46:50 GMT References: <040220041304174476%spamfromnewsgroups@chatomatic.net> Organization: AOL http://www.aol.com X-Newsreader: Session Scheduler (Queue Name: usenet_offline-m12) Subject: Re: OT: I just got cartoonied by Hopone.net Message-ID: <20040203224650.15923.00003579@mb-m12.aol.com> Xref: uni-berlin.de news.admin.net-abuse.email:2163539 In article <040220041304174476%spamfromnewsgroups@chatomatic.net>, Peter writes: >This is all fine but we do not control nor censor what our customers >publish. They are personally or corporately liable for what they >publish. We provide network connectivity, environmental services (air >conditioning and moisture control), power and space to physically host >a server. We, in no way, claim responsibility or liability for what >people make available on the internet. > >Please do not harass us further or you may find yourself liable for it. >Do not send any more accusations via email. You are hereby notified >that anything further from you is, in fact, unsolicited and will be treated >as such. Greetings: If I was you, I would honor their request for no further contact. If I was me, (wait... I am!), I'd do my best to make sure no part of my Internet intersects with anything that is Hopone.net. To be clear: In my opinion, Hopone.net is fully responsable for anything and everything that happens from or for the IPs they control. On my little corner of the 'net, my opinion rules. Hopeone.net is not a Common Carrier. They do not have any of the protections of same. Just my opinion, Gary G. (I'd suggest an IDP, but there's so many who are even more deserving.) -- Gary Grossoehme Cartel Agent 1444 Counter-Spam Operations Netcop Badge #75 Oregon Electronics Not a Member of the Cabal 503-239-5293 Another Very Disturbed Nerd, but not SPEWS === HopOne admits in writing "pink contracts" === Path: uni-berlin.de!fu-berlin.de!postnews1.google.com!not-for-mail From: abuse@hopone.net (HopOne Internet Abuse) Newsgroups: news.admin.net-abuse.email Subject: [SPEWS S3035] removal request (FINALLY WE GOT RID OF QUICKRESPONDER.BIZ - YAY) Date: 18 Apr 2004 01:04:31 -0700 Organization: http://groups.google.com Lines: 60 Message-ID: <2af41466.0404180004.61adaf04@posting.google.com> NNTP-Posting-Host: 66.36.225.239 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1082275472 19302 127.0.0.1 (18 Apr 2004 08:04:32 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Sun, 18 Apr 2004 08:04:32 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:2189682 Finally, yes finally, 67 servers have been shutdown and the client is terminated. Permanently. The nightmare has finally ended. Spamhaus removal requests will be sent tonight as well. This customer is gone but has been an absolute nightmare for us. There were contractural obligations (legal contracts) that prevented us from shutting this customer down without severe monetary penalties. Even while we were convinced he was absolutely the worst thing to ever happen to us we could not shut him down because of contractural obligations. This customer is totally terminated now and currently has no services with us - all uplinks and routes have been removed as well as any reverse DNS enries that were on our name servers. We are sorry for every signing this customer up in the first place and letting him LIE to us to tell us originally that his machines were being used to process medical data. We were actually lied to at one point and almost helped this customer hijack a very large net block. Please before anyone slags us for not cancelling this customer sooner, you must understand that we had a contractural and legally binding agreement that we absolutely regret ever getting into. We won't make that mistake again. All other customers are bound and held to our AUP as all of them should be. By the way - the client's name on our files is NOT Alan Ralsky, and we are not sure how our client is associated with Alan Ralsky either. We would really like to know though. If anyone knows how they are associated please let me know. Specific blocks: 66.36.252.0/22 All servers have been shutdown and reverse DNS has been removed. 66.235.160.0/20 All servers have been shutdown and reverse DNS has been removed - several were shutdown recently but most of them were shutdown. 66.235.162.101/32 This IP falls within the block above - this was a common source IP for spam. 66.36.230.222/32 Server was shutdown March 28th, 2004 - we did not request removal since the others were not yet shutdown. 66.36.252.16/32 Server was terminated March 28th, 2004 as well - we did not request removal since the others were not yet shutdown. 66.36.224.0/19 Although I understand SPEWS escalates blocks as time goes on this block was rediculous because it encompassed 8000+ IP addresses and the offending client did not have any active machines in that block when it was added (recently I believe). Anyway, it surely got me the UMF I needed to convince everyone involved in our company to power down the remaining systems immediately. Anyway, it did get the attention it deserved. === My reply === Path: uni-berlin.de!217.22.114.18!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS S3035] removal request (FINALLY WE GOT RID OF QUICKRESPONDER.BIZ - YAY) Date: 18 Apr 2004 11:03:02 GMT Organization: Private person Lines: 69 Sender: Alexander Sheremet Message-ID: References: <2af41466.0404180004.61adaf04@posting.google.com> NNTP-Posting-Host: 217.22.114.18 X-Trace: news.uni-berlin.de 1082286182 5878374 I 217.22.114.18 ([104765]) X-SPEWS: I am not X-ROT-13: fcnzgenc@dolphinwave.org X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2189690 #begin abuse@hopone.net.exe (or was it HopOne Internet Abuse.com) message <2af41466.0404180004.61adaf04@posting.google.com> reply: > Finally, yes finally, 67 servers have been shutdown and the client is > terminated. Permanently. The nightmare has finally ended. Spamhaus > removal requests will be sent tonight as well. > > This customer is gone but has been an absolute nightmare for us. > There were contractural obligations (legal contracts) that prevented > us from shutting this customer down without severe monetary penalties. > Even while we were convinced he was absolutely the worst thing to > ever happen to us we could not shut him down because of contractural > obligations. This customer is totally terminated now and currently > has no services with us - all uplinks and routes have been removed as > well as any reverse DNS enries that were on our name servers. > > We are sorry for every signing this customer up in the first place and > letting him LIE to us to tell us originally that his machines were > being used to process medical data. We were actually lied to at one > point and almost helped this customer hijack a very large net block. > > Please before anyone slags us for not cancelling this customer sooner, > you must understand that we had a contractural and legally binding > agreement that we absolutely regret ever getting into. We won't make > that mistake again. This is being called a "pink contract" here, and it is nice to hear that HopOne admits in writing those. Of course, you must understand that it's you who wrote that contract with the abuser, and nobody else. So there will be no understanding or any kind of condolence from the rest of the Internet, who did not write those contracts for you, yet who was forced to be on the receiving end of the flood of abuse from your abuser. How do you plan to compensate them for this abuse? Finally, it's HopOne who has collected money from the abuser for the abuse, while the rest of the Internet was paying for it. > All other customers are bound and held to our AUP as all of them > should be. That's very nice to know, but how one can be sure? The client in question also was supposed to be bound by your AUP, as all of them should be. > 66.36.224.0/19 > Although I understand SPEWS escalates blocks as time goes on this > block was rediculous because it encompassed 8000+ IP addresses and the > offending client did not have any active machines in that block when > it was added (recently I believe). But HopOne does. And it was rediculous from HopOne to keep the abuser online to protect themselves from the rightful monetary penalties for even signing that contract up, and make the whole Internet to pay for it instead. Hence - the escalation against HopOne, themselves. > Anyway, it surely got me the UMF I > needed to convince everyone involved in our company to power down the > remaining systems immediately. Anyway, it did get the attention it > deserved. Does it mean that blocking of less than /19 does not get any attention enough to terminate their abusers immediately from HopOne? Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === HopOne replies. No comments === Path: uni-berlin.de!fu-berlin.de!postnews1.google.com!not-for-mail From: abuse@hopone.net (HopOne Internet Abuse) Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS S3035] removal request (FINALLY WE GOT RID OF QUICKRESPONDER.BIZ - YAY) Date: 21 Apr 2004 10:36:28 -0700 Organization: http://groups.google.com Lines: 117 Message-ID: <2af41466.0404210936.69d0ad5d@posting.google.com> References: <2af41466.0404180004.61adaf04@posting.google.com> NNTP-Posting-Host: 209.90.166.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1082568988 19938 127.0.0.1 (21 Apr 2004 17:36:28 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Wed, 21 Apr 2004 17:36:28 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:2190642 > Another amazing coincidence: > > CAN-SPAM specifically addresses 'spam support' services. As of Jan 1, 2004, > Knowingly earning financial gain from someone else's violation of CAN-SPAM > is considered to be an equal violation in an of itself. We all know what a pathetic mess the CAN-SPAM act is. It actually provides provisions to make some forms of SPAM legal. Its a pathetic document, it causes us many headaches. Whats good though is that we don't have to allow spammers on our network regardless of what the CAN-SPAM act says - even if their spamming is theoretically totally legal. > i.e. If the ISP is aware of the criminal activity, and is allowing it to > happen for their own profit, the ISP would be guilty as well. Criminal activity or not, we can choose not to do business with whoever we want based soley on our AUP. > If HopOne was smart, they would have cancelled that pink contract and > stopped listwashing as of Dec 31, 2003. Everything they have allowed to > happen in 2004 is still suspect for criminal CAN-SPAM violations. Suspect of criminal CAN-SPAM violations is one thing - being charged is another. We have never been charged and neither have any of our customers. I don't expect we ever will either - we cancel whoever violates our AUP. Now down to the 'dirt' of all of this... The contract was not a "pink contract". It did *not* say "We can do whatever we want and you can't shut us down". We would never sign anything like that - that would be like signing our own death certificate. Here's the deal though... Basically the customer (at that time believed to be processing medical data in a clustered environment or some other BS story) ordered somewhere in the range of $400,000.00 worth of hardware and services. The services ordered were not the issue. The hardware however was higher end and difficult to resell. Naturally because of the way spammers work, sales of course was all over this. Thats the nature of the business - if someone throws $400,000 at you and says they are processing medical data you take the money (until now!). The customer would then pay us back over time for the hardware and services on a monthly basis. The hardware was purchased by us and a buildout was done for the rack space required, uplinks were setup, routing was configured, IP's were allocated etc.. Alot of work went into it. The customer was up and running. So now we were operating on money essentially borrowed from us to be paid back over time. Cancelling the customer immediately upon finding out they were a spammer would have cost $300,000 (an approximate cost of the hardware and labor already used). This was ingenius of the spammer to trap us into a situation where if we cancelled him, we would lose and he would be unaffected. This is where we went wrong. Our "credit limit" with this customer was too high without a history and level of trust with us and the customer. Turns out he won - we didn't want to lose $300,000. What ended up happening in the end? We did lose about $120,000 after a lot of pressure to upper management and finally showing them a DNSBL for 66.36.224.0/19. That block really made the difference to management. They saw 8000+ IP address being blocked by SPEWS and realized that they would have to deal with cancellations, complaints, etc. Anyway, we are VERY sorry for getting involved with this customer and we are extremely sorry for getting trapped by his lies and manipulation. We aren't the only company who's been screwed by this guy, but we will not be screwed like this again - I can *guarantee* that! Keeping this block list in place now seems counter productive. We are very pleased that we are finally rid of the client and every other dnsbl out there has removed the listing from their system - except spews. I can respect the fact that spews is considered a more thorough and more serious list to be on but honestly everyone has got what they wanted. We are rid of this jerk and the spam has stopped coming from our network. I would think this is some kind of victory for spews and that the people who contribute to spews would be happy that they've affected something in such a positive way. Honestly, if spews had blocked 66.36.224.0/19 a long time ago, this would have been resolved much faster. I'm sorry but management looks at the cost benefit of each and every loss they may may take. If its not significantly in their favor to remove the account they won't choose to - especially when they think spews won't delist it anyway - even if they do terminate the account. *LAST but definately note least* I want to seriously note that doing *anything* to be removed from spews (terminating clients and reporting termination to NANAE) only to be abused via NANAE and not actually be removed from the list is extremely counter productive. This really doesn't make any ISP or HSP want to take any action based on a spews listing. It's honestly a nightmare to ask for removal from spews. I really don't mind if there is outstanding whois records or oustanding lookups still working and thats why its not removed - but when something is definately terminated and cleaned up, fully and completely, but the listing is not removed it makes people wonder why *SP's even try. I hear *SP's saying "Well we are listed on spews but they won't remove us anyway, so why bother removing the spammer if we are making money". Spamhaus and spamcop are probably the most usefull DNSBL's because of this. They have a relatively accurate list and *IF* we do actually get added we know if we resolve the problem they will delist us. To make spews more effective, removal can still be thorough but it should be somewhat faster in order to motivate companies to actually perform the steps necissary to get removal. Please - will you remove us now that we have cleaned this jerk out of our systems - even at a loss of a lot of money? We have done our part, although late, but nevertheless it is done. === And some replies, 1st === Path: uni-berlin.de!fu-berlin.de!peer01.cox.net!cox.net!bigfeed.bellsouth.net !bignumb.bellsouth.net!news.bellsouth.net!bignews3.bellsouth.net.POSTED !a339371a!not-for-mail User-Agent: Microsoft-Outlook-Express-Macintosh-Edition/5.0.6 Subject: Re: [SPEWS S3035] removal request (FINALLY WE GOT RID OF QUICKRESPONDER.BIZ - YAY) From: stinky Newsgroups: news.admin.net-abuse.email Message-ID: References: <2af41466.0404180004.61adaf04@posting.google.com> <2af41466.0404210936.69d0ad5d@posting.google.com> Mime-version: 1.0 Content-Type: text/plain; charset="US-ASCII" Content-transfer-encoding: 7bit Lines: 84 X-Complaints-To: abuse@bellsouth.net X-Abuse-Info: Please forward a copy of all headers for proper handling X-Trace: bhmkggakljkaanefdbdpiflmbcekedmfhojhikkbagflhcboohgkmmjpbejpmbpbmjihiicpdckile onknpieakkgmdmcbmcmbagbjjhejgghbcicokcanodklaigdllnpfkdenopkmagnjnbakpcjmfgigpn mkl NNTP-Posting-Date: Wed, 21 Apr 2004 14:00:57 EDT Organization: BellSouth Internet Group Date: Wed, 21 Apr 2004 14:05:08 -0400 Xref: uni-berlin.de news.admin.net-abuse.email:2190653 in article 2af41466.0404210936.69d0ad5d@posting.google.com, HopOne Internet Abuse at abuse@hopone.net wrote on 4/21/04 1:36 PM: > *LAST but definately note least* I want to seriously note that doing > *anything* to be removed from spews (terminating clients and reporting > termination to NANAE) only to be abused via NANAE and not actually be > removed from the list is extremely counter productive. So is keeping a spammer connected due to the fact that he screwed you over on some deal. Don't blame the public for being angry over your continued hosting of a known spamming operation, no matter the cost to your network. To keep a spammer connected until you recovered most of your invested money and/or became so blocked that your network is useless is even more counter-productive. > This really doesn't make any ISP or HSP want to take any action based on a > spews listing. Your network didn't have to take any action either. You could have lived with the /19 block and kept receiving money from the spammer. I suspect that SPEWS influence due to its widespread use caused your upper management to see that spammer hosting was not as profitable as they expected. > It's honestly a nightmare to ask for removal from spews. You ought to ask some abuse desk, behind some corporate wall, with a voice mail system that doesn't work and abuse minions that work even less to stop the spam and spam support from coming from their networks. It is the failure of ISPs and networks that has lead to the need for DNSBLs like SPEWS. Don't blame the victims of corporate greed and criminals. Point the finger where it should be pointed. > I really don't mind if there is outstanding whois records or oustanding > lookups still working and thats why its not removed - but when something is > definately terminated and cleaned up, fully and completely, but the listing is > not removed it makes people wonder why *SP's even try. Until now the whole story wasn't told. You only said this and that had been done. Too many times a network has said they removed a spammer and only played musical IP chairs or helped the spammer morph. Until you posted this was the given assumption. > I hear *SP's saying > "Well we are listed on spews but they won't remove us anyway, so why bother > removing the spammer if we are making money". Then I guess it will take a /19 to get their attention as well. I find it too funny that most ISPs dismiss SPEWS in one sentence and bitch about its listings in another. If SPEWS isn't something to worry about then why do so many ISP admins post about it? > Spamhaus and spamcop are > probably the most usefull DNSBL's because of this. They have a relatively > accurate list and *IF* we do actually get added we know if we resolve the > problem they will delist us. SPEWS is not as "friendly" with its listings. Especially when it takes a FRICKING /19 to get a network to disconnect a KNOWN spamming operation. SPEWS doesn't have a direct contact due to the fact that spammers and their lawyers like to file SLAPP/harassing lawsuits. > To make spews more effective, removal can still be thorough but it > should be somewhat faster in order to motivate companies to actually > perform the steps necissary to get removal. You could have posted in news.admin.net-abuse.blocklisting. It is moderated and you won't be "beat up". There will still be skepticism about the length of time the spammer was connected but it is a more reserved place to post. > Please - will you remove us now that we have cleaned this jerk out of > our systems - even at a loss of a lot of money? We have done our > part, although late, but nevertheless it is done. What about the loss of money due to the spammers spam and the support your company gave to them? What about all the money that goes into spam prevention due to the fact that networks, like yours, keep spammers connected? Is your company willing to compensate all of those people/companies for their lost time/money? You can be mad since the spammer screwed your company over but don't blame the victims that have no recourse. The "higher-than-thou" attitude is only causing your more problems in the long run. === 2nd reply === Path: uni-berlin.de!fu-berlin.de!border1.nntp.ash.giganews.com!nntp.giganews.com !feeder2.on.meganewsservers.com!meganewsservers.com !reader1.on.meganewsservers.com!reader1.on.meganewsservers.com!not-for-mail ath: nntpswitch.com Newsgroups: news.admin.net-abuse.email References: <2af41466.0404180004.61adaf04@posting.google.com> <2af41466.0404210936.69d0ad5d@posting.google.com> Organization: Robert Bonomi Consulting Subject: [MEMO TO HopOne] Re: [SPEWS S3035] removal request X-Newsreader: trn 4.0-test69 (20 September 1998) From: bonomi@host122.r-bonomi.com (Robert Bonomi) Message-ID: <57029$408779f9$44a75e7a$26875@msgid.meganewsservers.com> Date: Thu, 22 Apr 2004 07:53:29 +0000 Lines: 240 NNTP-Posting-Host: 216.251.47.166 X-Trace: 1082620409 reader1.on.meganewsservers.com 4359 216.251.47.166:48872 Xref: uni-berlin.de news.admin.net-abuse.email:2190898 In article <2af41466.0404210936.69d0ad5d@posting.google.com>, HopOne Internet Abuse wrote: >> Another amazing coincidence: >> >> CAN-SPAM specifically addresses 'spam support' services. As of Jan 1, 2004, >> Knowingly earning financial gain from someone else's violation of CAN-SPAM >> is considered to be an equal violation in an of itself. > >We all know what a pathetic mess the CAN-SPAM act is. It actually >provides provisions to make some forms of SPAM legal. Its a pathetic >document, it causes us many headaches. Whats good though is that we >don't have to allow spammers on our network regardless of what the >CAN-SPAM act says - even if their spamming is theoretically totally >legal. Regardless of your opinion of the CAN-SPAM act, HopOne was, *ITSELF*, in _criminal_ violation of the statutes, as of the effective date of said law. > > >> i.e. If the ISP is aware of the criminal activity, and is allowing it to >> happen for their own profit, the ISP would be guilty as well. > >Criminal activity or not, we can choose not to do business with >whoever we want based soley on our AUP. > >> If HopOne was smart, they would have cancelled that pink contract and >> stopped listwashing as of Dec 31, 2003. Everything they have allowed to >> happen in 2004 is still suspect for criminal CAN-SPAM violations. > >Suspect of criminal CAN-SPAM violations is one thing - being charged >is another. We have never been charged and neither have any of our >customers. I don't expect we ever will either - we cancel whoever >violates our AUP. Per the 'public record', you have admitted that the party that was responsible for the chunk of HopOne address-space being listed in SPEWS *did* obtain services from HopOne by 'false or fraudulent pretenses or representations'. Thus, *ANY* messages that they sent are, per Section 5 (a) (1) (A), prohibited by law. Unfortunately for HopOne, they meet the criteria listed in Section 6, (b) (2) (B)(i) and (ii). To wit, they: 1) are "a 'third party' that provides goods, products, property, or services to another person that violates subsection (a) " 2) had, and have, "actual knowledge that goods, products, property, or services are promoted in a commercial electronic mail message the transmission of which is in violation of section 5(a)(1); 3) "receives, or expects to receive, an economic benefit from such promotion." HopOne provided -- and has admitted doing so -- the equipment, facilities, connectivity, and IP addresses. HopOne knew -- and has admitted such knowledge -- that the the IP addresses, among other things, were obtained by 'false or fraudulent pretenses or representations', thus making *any* email sent from those addresses an *automatic* violation of (5) (a) (1). HopOne had 'actual knowledge' -- and has admitted such -- that things 'goods, products, property, or services' were 'promoted in commercial electronic mail messages' *from* the addresses that were so obtained. HopOne 'receives, or expects to receive' an economic benefit from those actions. Circa $400,000.00 worth of 'benefit'. If HopOne's legal counsel failed to advise of the above, then there is a malpractice issue, and HopOne is _still_ liable for the violations. If HopOne's counsel _did_ so advise, the HopOne's corporate management is guilty of breach of fiduciary responsibility, and probably several other torts. This makes the decision-makers *PERSONALLY* liable. to a lawsuit by -any- shareholder. >Now down to the 'dirt' of all of this... > >The contract was not a "pink contract". It did *not* say "We can do >whatever we want and you can't shut us down". We would never sign >anything like that - that would be like signing our own death >certificate. You just 'looked the other way' when VIOLATIONS OF YOUR CONTRACT AS REGARDS COMPLIANCE WITH YOUR PUBLISHED AUP were reported to you. From the outside world, this is *indistinguishable* from a 'pink contract'. > >Here's the deal though... Basically the customer (at that time >believed to be processing medical data in a clustered environment or >some other BS story) ordered somewhere in the range of $400,000.00 >worth of hardware and services. The services ordered were not the >issue. The hardware however was higher end and difficult to resell. >Naturally because of the way spammers work, sales of course was all >over this. Thats the nature of the business - if someone throws >$400,000 at you and says they are processing medical data you take the >money (until now!). The customer would then pay us back over time for >the hardware and services on a monthly basis. > >The hardware was purchased by us and a buildout was done for the rack >space required, uplinks were setup, routing was configured, IP's were >allocated etc.. Alot of work went into it. The customer was up and >running. So now we were operating on money essentially borrowed from >us to be paid back over time. Good explanation of 'how' you got into the predicament. Does not EXCUSE it. >Cancelling the customer immediately upon finding out they were a >spammer would have cost $300,000 (an approximate cost of the hardware >and labor already used). This was ingenius of the spammer to trap us >into a situation where if we cancelled him, we would lose and he would >be unaffected. That is evidence of a *BAD* contract. Apparently, you got suckered. Where where the 'penalty clauses' in the event of their breaching the contract? IF they were present, why weren't they *invoked* ?? >This is where we went wrong. Our "credit limit" with this customer >was too high without a history and level of trust with us and the >customer. Turns out he won - we didn't want to lose $300,000. *Your* bad judgement, both in entering the initial contract, and *not* voiding it immediately upon discovery of the 'true facts' is NOT *our* problem. >What ended up happening in the end? We did lose about $120,000 after >a lot of pressure to upper management and finally showing them a DNSBL >for 66.36.224.0/19. This seems to be an admission that you got roughly $180,000 from them. (your $300,000+ 'cost', to set things up, less the claimed 'loss') It is already established that your customer *DID* "materially falsify header information in multiple commercial electronic mail messages and intentionally initiate the transmission of such messages". Which, as of 1 January 2004 is a criminal violation of 18 USC 1037 (a) (3). HopOne, by passing complaints about their activity back to the customer, did perform an overt act in the furtherance of those activities by the customer. Thus, HopOne was engaged in 'conspiring' with the customer, in their violation of 18 USC 1037 (a) (3). Which is, _separately_, a violation of 18 USC 1037 (a). Penalties for the aforementioned violation include, per 18 USC 1037 (c): FORFEITURE: The court shall order that the defendant forfeit to the United States-- (A) any property, real or personal, constituting or traceable to gross proceeds obtained from such offense; and (B) any equipment, software, or other technology used or intended to be used to commit or to facilitate the commission of such offense. HopOne stands to lose that $180,000 in income, *AND* the $300,000+ of equipment. >Keeping this block list in place now seems counter productive. We are >very pleased that we are finally rid of the client and every other >dnsbl out there has removed the listing from their system - except >spews. I can respect the fact that spews is considered a more >thorough and more serious list to be on but honestly everyone has got >what they wanted. We are rid of this jerk and the spam has stopped >coming from our network. I would think this is some kind of victory >for spews and that the people who contribute to spews would be happy >that they've affected something in such a positive way. > >Honestly, if spews had blocked 66.36.224.0/19 a long time ago, this >would have been resolved much faster. I'm sorry but management looks >at the cost benefit of each and every loss they may may take. If its >not significantly in their favor to remove the account they won't >choose to - especially when they think spews won't delist it anyway - >even if they do terminate the account. > >*LAST but definately note least* I want to seriously note that doing >*anything* to be removed from spews (terminating clients and reporting >termination to NANAE) only to be abused via NANAE and not actually be >removed from the list is extremely counter productive. This really >doesn't make any ISP or HSP want to take any action based on a spews >listing. It's honestly a nightmare to ask for removal from spews. I >really don't mind if there is outstanding whois records or oustanding >lookups still working and thats why its not removed - but when >something is definately terminated and cleaned up, fully and >completely, but the listing is not removed it makes people wonder why >*SP's even try. I hear *SP's saying "Well we are listed on spews but >they won't remove us anyway, so why bother removing the spammer if we >are making money". Spamhaus and spamcop are probably the most usefull >DNSBL's because of this. They have a relatively accurate list and >*IF* we do actually get added we know if we resolve the problem they >will delist us. > >To make spews more effective, removal can still be thorough but it >should be somewhat faster in order to motivate companies to actually >perform the steps necissary to get removal. > >Please - will you remove us now that we have cleaned this jerk out of >our systems - even at a loss of a lot of money? We have done our >part, although late, but nevertheless it is done. There's an old saying 'actions speak louder than words' -- your past actions have spoken so loudly that it is difficult to hear todays words. You may have to let your 'new actions' speak for themselves for a while. You're also missing a critical point -- to those who use SPEWS, what you do _no_longer_matters_. As far as they're concerned, the problem _was_ solved, *completely*, with the listing. You're asking for an *additional* effort on their part. An effort that they have no 'compelling reason' to make. You're asking the world to 'extend trust' to you. Again. AFTER having violated and abused that trust when it was previously extended. For _how_many_months_ did you continue to abuse that trust? And just because you _say_ you've changed, you want people to *immediately* trust you again? Now for a serious question, _WHY_ should they act any faster than *you* did? How long did it take for *you* to act after the requests started coming in? Why do you think *you* deserve better treatment from the 'rest of the world', than what you _gave_ the rest of the world? You have just forcibly discovered that the _core_ of your business is built on the 'good will' of the rest of the world. You need the rest of the world (collectively) much more than they (collectively) need you. === Internet Death Penalty request against HopOne === === http://groups.google.com/groups?selm=20040604204549.GA637%40example.com === Date: Fri, 4 Jun 2004 16:45:49 -0400 From: OldGeek@example.com Subject: Call for Internet Death Penalty #3: Hopone/Superb Message-ID: <20040604204549.GA637@example.com> Newsgroups: news.admin.net-abuse.email Mail-To-News-Contact: postmaster@nym.alias.net Organization: mail2news@nym.alias.net Lines: 240 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [ Please redistribute where applicable. It would be appreciated if this were forwarded to appropriate newsgroups and mailing lists such as NANOG, SPAM-L, and so on. ] Call for Internet Death Penalty #3: Hopone/Superb The charges: Hopone have knowingly hosted some of the Internet's worst spammers. Hopone have done this in direct contradiction of their own stated policies. Hopone have repeatedly lied about the spammers on their network, their relationships with them, and their enforcement actions. Hopone have provided "list-washing" services to spammers and thereby assisted spammers in attacking innocent victims. Hopone have profited extensively from these activities and have failed to disclose and disgorge their ill-gotten gains. Hopone continues to allow spammers to sign up for its services, and continues to provides those services. Hopone have only taken token action against spammers, and then only in response to widespread DNSBL listing of their network. Hopone have refused to be pro-active, have refused to heed warnings about spammers signing up for their services, refused to remove known spammers, refused to maintain proper contact addresses, refused to maintain proper domain information, and refused to monitor their own network's activities. Hopone have done all this despite being repeatedly told that it is unacceptable behaviour, and being repeatedly asked to stop. The evidence: Copious evidence substantiating all of the above may be found at these locations: http://www.spews.org/html/S490.html http://www.spews.org/html/S641.html http://www.spews.org/html/S888.html http://www.spews.org/html/S1853.html http://www.spews.org/html/S2154.html http://www.spews.org/html/S2217.html http://www.spews.org/html/S2452.html http://www.spews.org/html/S2688.html http://www.spews.org/html/S2791.html http://www.spews.org/html/S2815.html http://www.spews.org/html/S2872.html http://groups.google.com/groups?selm=d7f82a0.0208201309.514279bb@posting.google.com http://groups.google.com/groups?selm=jeoe3vku8do3dod23gopeimmvk0d63evdb@4ax.com http://groups.google.com/groups?selm=me-9FBC5A.19042821012004@news-central.ash.giganews.com http://groups.google.com/groups?selm=5lqi10tcm9emk3n6sr10q8649o70jq38v8@4ax.com http://groups.google.com/groups?selm=040220041304174476%spamfromnewsgroups@chatomatic.net http://groups.google.com/groups?selm=c0p5na$ngl$1@charm.magnus.acs.ohio-state.edu http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=c8do90dhd47qkepcm028til3a3sp3oq2gg%404ax.com&rnum=1&prev=/groups%3Fselm%3Dc8do90dhd47qkepcm028til3a3sp3oq2gg%404ax.com http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=24adnV4SCoFluZXdRVn-uA%40comcast.com&rnum=1&prev=/groups%3Fselm%3D24adnV4SCoFluZXdRVn-uA%40comcast.com http://mainsleazespam.com/isps/hopone.html http://www.dolphinwave.org/spam/hopone.net.txt among many other places. See also the following quotes: Hopone explains that all spammers are given two additional spam runs before being terminated: "We warn them twice. The third time they are shut down." Hopone doesn't understand why giving two additional spam runs to every spammer is a problem: "Whats wrong with the three strike rule in this case? Seriously." Hopone refuses to take responsibility for hosting spammers: "We provide network connectivity, environmental services (air conditioning and moisture control), power and space to physically host a server. We, in no way, claim responsibility or liability for what people make available on the internet." Hopone removes a spammer -- not for spamming, but because they didn't pay their bill: "The domain name "hershmangroup.com" has no affiliation with our network any more. The customer who owns the server that was hosting this domain says the client was terminated for no payment late February 2004." Hopone provides advice on how not to be spammed, defends one of their spammers, cites the US CAN-SPAM Act, offers "list-washing" services, and advises spam victims to reply to the spam: "If you don't want email from an email marketing firm - *DO NOT SUBSCRIBE TO IT*. I am 100% serious when I say this is an opt-in list. Quickmailresponder4u.biz operates a fully opt-in system, and then uses their list to distribute advertisements on behalf of their clients. They are fully can-spam compliant (from addresses work and everything) and they can prove the opt-in information upon request. If you feel it is spam/abuse send the email, including the headers (containing the Received lines) to abuse@hopone.net. I will have the abuse department of this company provide you with YOUR subscription information. *OR* you can simply reply to the alleged spam message and ask for it yourself." Hopone issues threats to those complaining about spam from Hopone: "Please do not harass us further or you may find yourself liable for it. Do not send any more accusations via email. You are hereby notified that anything further from you is, in fact, unsolicited and will be treated as such." Hopone offers to provide "list-washing" services for their spammers: "Please send us the address that was apparently subscribed to the mailing list in question. We will have the owner respond (to you and us) and provide subscription and opt-in information. Most importantly we will make sure you are un-subscribed from their list." Hopone admits writing and signing contracts that "prevent" them from removing spammers: "There were contractural obligations (legal contracts) that prevented us from shutting this customer down without severe monetary penalties." Hopone admits that the real issue with their contract (thus, the true reason they deliberately allowed a known spammer to spam from their network for an extended period) was that they spent US $300,000 setting up to host the spammer and were unwilling to remove them until they recovered their investment: "Cancelling the customer immediately upon finding out they were a spammer would have cost $300,000 (an approximate cost of the hardware and labor already used). This was ingenius of the spammer to trap us into a situation where if we cancelled him, we would lose and he would be unaffected." Hopone continues to exhibit a complete lack of due diligence and thus not only continues to sign up new spammers (including well known and easily recognized ones) but fails to note their spamming activities: "MailGravity has been terminated (just now) from our services. [...] We had not received any complaints about this client so I'm not exactly sure what they were using our connectivity for [...]" Hopone admits that they do not enforce their own AUP and remove spammers because they're spamming: they only remove spammers because SPEWS listings may impose a financial loss: "Honestly, if spews had blocked 66.36.224.0/19 a long time ago, this would have been resolved much faster. I'm sorry but management looks at the cost benefit of each and every loss they may may take." Other self-incriminating quotes may be found at the URIs referenced above. The verdict: There is no need or reason to tolerate the behaviour of rogue ISPs such as Hopone, who have engaged in long-term, large-scale abuse of the entire Internet. There is therefore no longer any reason for the Internet to accept Hopone traffic, nor send any. There is, however, need and reason for the civilised portion of the Internet to protect itself from the abuse which Hopone knowingly and directly facilitates for profit. The sentence: I therefore call for the null-routing of all IP space assigned to Hopone/Superb starting at 1200 UTC on 6 June 2004. This null-routing shall be extended to any IP address or IP block found to be allocated for Hopone after that time, and shall continue until all IP space controlled by Hopone/Superb is returned to ARIN for reallocation. These blocks include: CIDR NetHandle NetName 209.61.192.0/18 NET-209-61-192-0-1 HOPONE-DCA1-2 66.36.224.0/19 NET-66-36-224-0-1 HOPONE-DCA2-1 66.235.160.0/20 NET-66-235-160-0-1 HOPONE-DCA2-2 66.148.64.0/22 NET-66-148-64-0-1 HOPONE-DCA2-3 207.228.224.0/19 NET-207-228-224-0-1 HOPONE-DCA1-1 In addition, the following should be filtered at the router level: AS14361 Note carefully: due to constantly-changing circumstances, the above information may be incomplete or out-of-date. Verify before proceeding. Why this is anonymous: First, because this statement should stand or fall on its own merits, and that of the referenced evidence. Who I am, or am not, is unimportant and irrelevant. Second, Hopone's past history clearly indicates a strong preference for avoiding issues and focusing instead on those who have highlighted those issues. This focus usually consists of abuse, insults, threats of litigation, disclosure of private information to spammers, and other attacks. I decline to furnish Hopone with the opportunity to distract attention from their own conduct. Request for IDP zone by DNSBL operators: I request that any DNBSL maintainers who are willing create an "idp" zone which lists those network blocks designated for the IDP. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SunOS) iD8DBQFAwIoC9XXdbUg0nBoRAklnAJ4gyFgcyX9Kg0m6RWeVjV2pfcBsTgCfe0QZ 0zW/UscI2sHtCmt2tHG/8x0= =k7w/ -----END PGP SIGNATURE----- === And here the HopOne's Internet Abuse desk lies trying to refute it === Path: uni-berlin.de!fu-berlin.de!postnews1.google.com!not-for-mail From: abuse@hopone.net (HopOne Internet Abuse) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty #3: Hopone/Superb Date: 7 Jun 2004 09:32:39 -0700 Organization: http://groups.google.com Lines: 82 Message-ID: <2af41466.0406070832.6c8be1d0@posting.google.com> References: <20040604204549.GA637@example.com> NNTP-Posting-Host: 209.90.166.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1086625960 24543 127.0.0.1 (7 Jun 2004 16:32:40 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Mon, 7 Jun 2004 16:32:40 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:2206218 > Call for Internet Death Penalty #3: Hopone/Superb > > The charges: > > Hopone have knowingly hosted some of the Internet's worst spammers. Very past tense (hosted) and it is very old news that we've been rid of them for a long time now. Yes we admit it was the case in the past but those handling abuse before have moved on to new jobs and things are handled much differently now - with the cooperation and encouragement of management as well. > Hopone have done this in direct contradiction of their own > stated policies. Again, old information - we have no doubt that was true at one point but things have turned around since. You will find no recent spam sightings or outstanding issues now. And if any are discovered those customers are squashed/terminated before they get a chance to breathe. Furthermore, suspected new customers are screened before they become a problem. > Hopone have repeatedly lied about the spammers on their network, > their relationships with them, and their enforcement actions. I don't know what lies were told in the past other than some of the bogus junk in usenet but again - this is no longer the case. Our ACTIONS are speaking louder than my words are now. > Hopone have provided "list-washing" services to spammers and > thereby assisted spammers in attacking innocent victims. This was part of the policy that has been changed now. Since we are a tier one provider, it *WAS* policy to allow customers to handle their own abuse complaints. This is no longer the case since it does allow list washing. Our new AUP (section 15) takes care of complaints leading to termination. > Hopone have profited extensively from these activities and have > failed to disclose and disgorge their ill-gotten gains. We have actually lost money and disclosing information would lead to prosecution. > Hopone continues to allow spammers to sign up for its services, > and continues to provides those services. Wrong. Again our ACTIONS are speaking louder than my words are now, but that statement is wrong. > Hopone have only taken token action against spammers, and then > only in response to widespread DNSBL listing of their network. This is wrong. There is *no* widespread DNSBL listings of our network. We were clean months ago. > Hopone have refused to be pro-active, have refused to heed warnings > about spammers signing up for their services, refused to > remove known spammers, refused to maintain proper contact > addresses, refused to maintain proper domain information, > and refused to monitor their own network's activities. This is wrong as well. Some of the information in the above statement is such old news. > Hopone have done all this despite being repeatedly told that > it is unacceptable behaviour, and being repeatedly asked to stop. > > The evidence: For all those reading this for the first time, please refer to the original post for the "evidence"... All of this evidence is incredibly old now and things have changed from management on down to sales/support. Spam is no longer an issue from our network and will remain that way. If you can find any recent issues that still need to be resolved please let us know. I've been itching to terminate someone for over a week now. The last termination was mailgravity.com (no complaints received but spamhaus noted that they were a known spam group). They were apparently hosting their spam-database on our network. Not any more though. === Some of lies pointed out, my reply === Path: uni-berlin.de!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty #3: Hopone/Superb Date: 8 Jun 2004 00:33:22 GMT Organization: Private person Lines: 53 Sender: Alexander Sheremet Message-ID: References: <20040604204549.GA637@example.com> <2af41466.0406070832.6c8be1d0@posting.google.com> X-Trace: news.uni-berlin.de ac8z4AaRjpHEL31juJvrJQ42ECxjVque7gZqBFyinwl6bRKUjW X-SPEWS: I am not X-ROT-13: fcnzgenc@dolphinwave.org X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:2206390 #begin abuse@hopone.net.exe (or was it HopOne Internet Abuse.com) message <2af41466.0406070832.6c8be1d0@posting.google.com> reply: >> Hopone have only taken token action against spammers, and then >> only in response to widespread DNSBL listing of their network. > > This is wrong. There is *no* widespread DNSBL listings of our > network. We were clean months ago. Ohh, reeely? So, you contradict to your own words, said just half month ago: That block really made the difference to management. They saw 8000+ IP address being blocked by SPEWS and realized that they would have to deal with cancellations, complaints, etc. >> The evidence: > > For all those reading this for the first time, please refer to the > original post for the "evidence"... All of this evidence is > incredibly old now and things have changed from management on down to > sales/support. Spam is no longer an issue from our network and will > remain that way. So, for you half-month is incredibly long?! Let's see what HopOne's Internet Abuse wrote as long time ago as on 21 Apr 2004: Honestly, if spews had blocked 66.36.224.0/19 a long time ago, this would have been resolved much faster. I'm sorry but management looks at the cost benefit of each and every loss they may may take. If its not significantly in their favor to remove the account they won't choose to - especially when they think spews won't delist it anyway - even if they do terminate the account. You know, your words spew lies loud enough. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === And another lie pointed out === Path: uni-berlin.de!fu-berlin.de!lenny.tc.umn.edu!HSNX.atgi.net !cyclone-sf.pbi.net!216.196.106.144!border2.nntp.sjc.giganews.com !border1.nntp.sjc.giganews.com!nntp.giganews.com!sjc1.usenetserver.com !news.usenetserver.com!news.isc.org!calcite.rhyolite.com!not-for-mail From: vjs@calcite.rhyolite.com (Vernon Schryver) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty #3: Hopone/Superb Date: Mon, 7 Jun 2004 11:16:48 -0600 (MDT) Organization: Rhyolite Software Lines: 29 Message-ID: References: <20040604204549.GA637@example.com> <2af41466.0406070832.6c8be1d0@posting.google.com> NNTP-Posting-Host: localhost X-Trace: calcite.rhyolite.com 1086628608 2763 127.0.0.1 (7 Jun 2004 17:16:48 GMT) X-Complaints-To: usenet@calcite.rhyolite.com NNTP-Posting-Date: Mon, 7 Jun 2004 17:16:48 +0000 (UTC) X-Newsreader: trn 4.0-test76 (Apr 2, 2001) Xref: uni-berlin.de news.admin.net-abuse.email:2206236 In article <2af41466.0406070832.6c8be1d0@posting.google.com>, HopOne Internet Abuse wrote: > ...Since we are a >tier one provider, ... As far as I can tell, it is painfully obvious that the continued claims that Hopone.net is anything that might reasonably be called a "tier one provider" is false and abuse@hopone.net knows it. Any organization that consistently makes false statements about something so obvious seems likely to fib about things that are somewhat more difficult to check such as its association with senders of unsolicited bulk mail. >Wrong. Again our ACTIONS are speaking louder than my words are now, >but that statement is wrong. Words that obvious falsehoods such as claims of being a tier one Internet provider can be seen as bad actions. >original post for the "evidence"... All of this evidence is >incredibly old now and things have changed from management on down to >sales/support. Spam is no longer an issue from our network and will >remain that way. abuse@hopone.net has been repeating the false claim about the "tier one" nature of HopOne for months. Vernon Schryver vjs@rhyolite.com === HopOne's reply to this one === Path: uni-berlin.de!fu-berlin.de!postnews1.google.com!not-for-mail From: abuse@hopone.net (HopOne Internet Abuse) Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty #3: Hopone/Superb Date: 7 Jun 2004 17:06:46 -0700 Organization: http://groups.google.com Lines: 22 Message-ID: <2af41466.0406071606.5d0a4f31@posting.google.com> References: <20040604204549.GA637@example.com> <2af41466.0406070832.6c8be1d0@posting.google.com> NNTP-Posting-Host: 209.90.166.2 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1086653206 29260 127.0.0.1 (8 Jun 2004 00:06:46 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: Tue, 8 Jun 2004 00:06:46 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:2206380 vjs@calcite.rhyolite.com (Vernon Schryver) wrote in message news:... > In article <2af41466.0406070832.6c8be1d0@posting.google.com>, > HopOne Internet Abuse wrote: > > > ...Since we are a > >tier one provider, ... > > As far as I can tell, it is painfully obvious that the continued claims > that Hopone.net is anything that might reasonably be called a "tier > one provider" is false and abuse@hopone.net knows it. Any organization > that consistently makes false statements about something so obvious > seems likely to fib about things that are somewhat more difficult to > check such as its association with senders of unsolicited bulk mail. Fair enough, "the hopone.net network consists of a hybrid of top-SLA major tier 1 transit links, as well as numerous direct peering sessions with major National & International networks, backbones, ISPs, cable and DSL providers." This is a 'more correct' statement. While you may want to qualify our statement more than it needs to be qualified - for all intents and purposes we provide network connectivity to other businesses who provide services or network connectivity to their own clients. === But yes, they were already pointed out on this false claim of theirs === Path: uni-berlin.de!fu-berlin.de!newshub.sdsu.edu!logbridge.uoregon.edu !tethys.csu.net!nntp.csufresno.edu!sn-xit-02!sn-xit-01!sn-post-02!sn-post-01 !supernews.com!corp.supernews.com!not-for-mail From: glgxg Newsgroups: news.admin.net-abuse.email Subject: Re: Call for Internet Death Penalty #3: Hopone/Superb Date: Mon, 07 Jun 2004 17:23:02 -0700 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <10ca1h1qjpmqr4e@corp.supernews.com> User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:0.9.4) Gecko/20011022 Netscape6/6.2 X-Accept-Language: en-us, en MIME-Version: 1.0 References: <20040604204549.GA637@example.com> <2af41466.0406070832.6c8be1d0@posting.google.com> <2af41466.0406071606.5d0a4f31@posting.google.com> In-Reply-To: <2af41466.0406071606.5d0a4f31@posting.google.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 83 Xref: uni-berlin.de news.admin.net-abuse.email:2206384 HopOne Internet Abuse wrote: > vjs@calcite.rhyolite.com (Vernon Schryver) wrote in message news:... > >>In article <2af41466.0406070832.6c8be1d0@posting.google.com>, >>HopOne Internet Abuse wrote: >> >> >>> ...Since we are a >>>tier one provider, ... >> >>As far as I can tell, it is painfully obvious that the continued claims >>that Hopone.net is anything that might reasonably be called a "tier >>one provider" is false and abuse@hopone.net knows it. Any organization >>that consistently makes false statements about something so obvious >>seems likely to fib about things that are somewhat more difficult to >>check such as its association with senders of unsolicited bulk mail. > > > Fair enough, "the hopone.net network consists of a hybrid of top-SLA > major tier 1 transit links, as well as numerous direct peering > sessions with major National & International networks, backbones, > ISPs, cable and DSL providers." This is a 'more correct' statement. > While you may want to qualify our statement more than it needs to be > qualified - for all intents and purposes we provide network > connectivity to other businesses who provide services or network > connectivity to their own clients. Apparently you failed to understand my msg to you in March -- I reckon that's what you get for living and working in a "hick-town": From: glgxg (glgxg@mfire.com.invalid) Subject: Re: Idea to help ISP's fight spammers Newsgroups: news.admin.net-abuse.email Date: 2004-03-11 10:52:42 PST HopOne Abuse Department wrote: >>The answer is similar to how an innkeeper knows that you are not a >>prostitute or pimp. There's no certainty in life, but "know your >>customer" includes knowing something about the interests of your > > > Have you ever worked for a teir 1 provider of massive bandwidth with > racks and racks of servers? Or do they not have those in hick-town? > Apparently neither have you; nor do you now: http://hopeone.net/about.php "Transit & Peer Connections: The hopone.net network consists of a hybrid of top-SLA major tier 1 transit links, as well as numerous direct peering sessions with major National & International networks, backbones, ISPs, cable and DSL providers. This "best-of-the-best" approach ensures the best QoS possible for packet delivery via the Internet today. The current tier 1 transit providers are: Sprint, AT&T, GlobalCrossing, AboveNet, Allegiance and Cogent. The current peer list can not be disclosed due to the confidentiality of peering, but, it includes most of North America's major access providers (ISP/cable/DSL), as well as many of the largest Asian and European backbones. New peering sessions are established on a regular basis." "Note: For more details on the network and the various transit service levels available, please see: http://nsssc.superb.net/information/corenet-info.php (further information on our network, as provided by us, published by one of our premier customers)" Your "premier" customer says this about your network: "The physical layer of our network consists of a number of interconnected private OC-12 SONET rings. Our Washington, DC private IDSR (IntelliLight Dedicated Sonet Ring) is provided by Verizon, while our Virginia - DC sonet is operated by Looking Glass Networks. In addition, we also carry inter-site Fast Ethernet lines over a separate SONET and have an additional OC-12 line at DCA1." === HopOne has changed?.. === Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!sjc1.usenetserver.com !news.usenetserver.com!sn-xit-02!sn-xit-01!sn-post-02!sn-post-01!supernews.com !corp.supernews.com!not-for-mail From: rule3@LinxNet.com (Jim Seymour) Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS INQUIRY] S1458 Date: Fri, 06 Aug 2004 12:17:27 -0000 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <10h6tmnph2k9kcb@corp.supernews.com> Mime-Version: 1.0 Sender: jseymour@LinxNet.com X-Newsreader: knews 1.0b.1 References: <8855h0d5apompc126866nim9rcai2tnqip@4ax.com> <10h56ldcble6j39@corp.supernews.com> From: HopOne Abuse Department Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS INQUIRY] S1458 Message-ID: References: <8855h0d5apompc126866nim9rcai2tnqip@4ax.com> <10h56ldcble6j39@corp.s X-Newsreader: Forte Free Agent 2.0/32.652 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 48 Date: Thu, 05 Aug 2004 14:12:42 -0700 NNTP-Posting-Host: 209.90.166.2 X-Complaints-To: news@primus.ca X-Trace: nntp-post.primus.ca 1091739835 209.90.166.2 (Thu, 05 Aug 2004 17:03:55 NNTP-Posting-Date: Thu, 05 Aug 2004 17:03:55 EDT Organization: Primus Canada Xref: uni-berlin.de news.admin.net-abuse.email:2230798 >==== >SPEWS always appreciates it when a spammer publicly admits what they do. > >Phone: 727-736-2799 > > Thank you, this is exactly the information we needed. I've terminated the account effective immediately (the server has already been disconnected). Termination notice sent to terminated client after actual termination/disconnection: -------------------------------------------------------------------------------- "... Hello, We were unaware of your practices prior to this. Had we been aware of what your business was you would have been terminated sooner. In addition to this fact, you have been added to the SPEWS database as a spammer and thus had our IP addresses black listed. The following information has been given to us by SPEWS to back up their claim against you. The phone number on this page: http://64.233.161.104/search?q=cache:MWQBj6kMm-IJ:www.retailthings.com/drc/conta Can be searched for using this page: http://www.google.com/search?q=727-736-2799 The primary reason for your account's termination is that the results on the page above indicate that you are a proponent, active performer and supporter of spam operations. The secondary reason for your account's termination is that you have caused our IP(s) to be blacklisted by SPEWS. This type of marketing and/or business practice is not tolerated on our network and as such your account has been terminated. More information: ------------------------------------------------------------------- http://209.157.64.200/focus/news/794137/posts http://www.freerepublic.com/focus/news/793992/posts http://spews.org/html/S1458.html ..." === Follow up === Path: uni-berlin.de!fu-berlin.de!news.glorb.com!news.primus.ca!news.primus.ca !nntp-post.primus.ca!53ab2750!not-for-mail From: HopOne Abuse Department Newsgroups: news.admin.net-abuse.email Subject: Re: [SPEWS INQUIRY] S1458 Message-ID: References: <8855h0d5apompc126866nim9rcai2tnqip@4ax.com> <10h56ldcble6j39@corp.supernews.com> X-Newsreader: Forte Free Agent 2.0/32.652 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 64 Date: Thu, 05 Aug 2004 14:41:55 -0700 NNTP-Posting-Host: 209.90.166.2 X-Complaints-To: news@primus.ca X-Trace: nntp-post.primus.ca 1091741588 209.90.166.2 (Thu, 05 Aug 2004 17:33:08 EDT) NNTP-Posting-Date: Thu, 05 Aug 2004 17:33:08 EDT Organization: Primus Canada Xref: uni-berlin.de news.admin.net-abuse.email:2230807 On Thu, 05 Aug 2004 21:22:44 GMT, Rossz wrote: >HopOne Abuse Department wrote: > >> We were unaware of your practices prior to this. Had we been aware of >> what your business was you would have been terminated sooner. > >Gawd, I love watching a good bitch-slapping. Oh it doesn't end there. Check the reply thread through our ticket system: ------------------------------------------------------------------------------ Updated by Customer at Aug 05 17:23 Retailthings.com does not and has not sent out comericial e-mail. It has never generated even one complaint. We have not violated your AUP. We do send commericial e-mail to opt in lists and absolutely not via any hosting with your company. SPEWS does not have any legal authority and in fact is a group that cannot be contacted directly. They hide their identities. They targeted me based on press, not on complaints. It is guilty until proven innocent viewpoint. Based on the above, please review these baseless claims and at the very least enable us to ftp our data so we may move elsewhere. ------------------------------------------------------------------------------ Updated by Abuse Department at Aug 05 17:27 Hello, RE: "We have not violated your AUP" - Did you even read section 15.1.5 of our AUP? Your reply sounded almost rehearsed and a lot like something a spammer would say. "SPEWS does not have any legal authority..." "SPEWS...cannot be contacted directly" "They hide their identities" Your website itself explains what you do and I'm afraid this server will not be reconnected for any reason. Thank you. ------------------------------------------------------------------------------ Updated by Abuse Department at Aug 05 17:28 Oh and please tell everyone you know, we do not tolerate spammers. ------------------------------------------------------------------------------ Updated by Customer at Aug 05 17:37 At this point, all I'm asking you is FTP so I can download the site. That is our intellectual property. I have no intention of getting into an argument with you on this. But do review your records, we have never gotten an abuse complaint from you EVER. So if you would please allow FTP access so we can download our files, that would be appreciated and I promise not to contact you again. ------------------------------------------------------------------------------ Updated by Abuse Department at Aug 05 17:40 Again, this server will not be reconnected for any reason. ------------------------------------------------------------------------------ They no longer have access to even update their ticket so that's the end of that.