Verio - the reputable company in the past, but during the last year it went completely rogue. Verio absolutely ignores spam complaints. It has thousands or even more complaints about their "pet-spammers" Postmaster General / Mindshare Design: http://www.DolphinWave.org/spam/postmastergeneral_mindsharedesign.txt (80kB) More spam and complaints examples are on the Google Usenet archives: http://groups.google.com/groups?hl=en&lr=&scoring=r&q=postmaster+general+verio+group%3Anews.admin.net-abuse.*&btnG=Google+Search Yet these proved spammers are still happily connected by Verio. And all Verio does is forwards the spam complaints to their spammers for "listwashing", e-mail bombing or joe-jobbing. And the president's office of Verio have said that they will not shut the Postmaster General down. Verio also has a huge load of other persistent spammers, all of them were complained to Verio many times, none of them was disconnected. This led Verio to multiple private and shared blocklists, like SPEWS. Their legitimate customers begun to complain that they can't send e-mails to other networks because of these blocks. Then Verio begun to lie to their customers, that they did terminate those spammers and the blocks are objectionable. Then, when those customers were shown the proof that the spammers were NOT disconnected, and still reside in those netblocks, Verio lied again, that they were not receiving complaints (or it was only one complaint) on those spammers. Of course, this lie also was dismissed with the help of Google Usenet search in the spam complaints archive newsgroup news.admin.net-abuse.sightings. Now, when the admin of one of such blocklists who runs the list of known/proven FormMail spam sources, formmail.relays.monkeys.com, tried to resolve a problem with a lot of abusable formmail scripts installed on the Verio network, Verio said that they've scanned their network once, two week ago (!!), and they consider it enough. Their Abuse department manager, Jeff Richard, said that Verio will not discuss the methods they have used to prevent this formmail abuse coming from their networks, and that they will not allow anyone to tell them how to do it right. BUT, they will take the legal actions against the list maintainer, if he will not do what they want, and wouldn't remove their IP spaces from his blocklist: If you do not choose to work this way, please be advised that the Verio Legal Team is now investigating this issue and have been copied on this e-mail. Verio also helps their long-time spammers to listwash those who complain about them on the news.admin.net-abuse.email Usenet newsgroup, but will not terminate those spammers! Verio forwards all the complaints data to their spammers. Revenge attacks from those spammers follow shortly. Update: 30-Apr-2004: Verio spams for their servers, themselves! Verio are spam supporters, liars, cartooney-threateners, forward the complaints to their spammers... Is there ANY reason NOT to block them all from accessing my private property?! I don't think so! The evidence files are below. For more evidences search on Google: http://groups.google.com/groups?as_q=verio&num=10&as_scoring=r&hl=en&btnG=Google+Search&as_ugroup=news.admin.net-abuse.sightings [65.100.46.240 - 65.100.46.247], [66.93.14.160 - 66.93.14.175], [66.149.126.96 - 66.149.126.103], [128.121.0.0 - 128.121.255.255], [128.241.0.0 - 128.242.255.255], [129.250.0.0 - 129.250.255.255], [130.94.0.0 - 130.94.255.255], [131.103.0.0 - 131.103.255.255], [140.174.0.0 - 140.174.255.255], [157.238.0.0 - 157.238.255.255], [161.58.0.0 - 161.58.255.255], [165.121.100.48 - 165.121.100.55], [165.254.0.0 - 165.254.255.255], [168.143.0.0 - 168.143.255.255], [192.12.211.0 - 192.12.211.255], [192.35.171.0 - 192.35.171.255], [192.35.180.0 - 192.35.180.255], [192.41.171.0 - 192.41.171.255], [192.41.219.0 - 192.41.219.255], [192.67.13.0 - 192.67.14.255], [192.67.236.0 - 192.67.247.255], [192.80.12.0 - 192.80.17.255], [192.102.243.0 - 192.102.248.255], [192.147.160.0 - 192.147.168.255], [192.147.171.0 - 192.147.171.255], [192.147.174.0 - 192.147.179.255], [192.156.226.0 - 192.156.226.255], [192.195.85.0 - 192.195.85.255], [192.204.0.0 - 192.204.255.255], [192.217.0.0 - 192.217.255.255], [192.220.0.0 - 192.220.255.255], [198.17.243.0 - 198.17.244.255], [198.17.249.0 - 198.17.249.255], [198.49.174.0 - 198.49.174.255], [198.58.2.0 - 198.58.6.255], [198.63.0.0 - 198.66.255.255], [198.84.16.0 - 198.84.31.255], [198.87.0.0 - 198.88.255.255], [198.104.0.0 - 198.104.255.255], [198.106.0.0 - 198.107.255.255], [198.133.158.0 - 198.133.159.255], [198.138.0.0 - 198.139.255.255], [198.170.0.0 - 198.173.255.255], [198.187.252.0 - 198.187.252.255], [198.247.0.0 - 198.247.255.255], [198.252.194.0 - 198.252.195.255], [199.4.64.0 - 199.4.127.255], [199.73.32.0 - 199.73.41.255], [199.88.145.0 - 199.88.145.255], [199.103.128.0 - 199.103.255.255], [199.164.210.0 - 199.164.210.255], [199.184.212.0 - 199.184.212.255], [199.184.226.0 - 199.184.226.255], [199.201.197.0 - 199.201.197.255], [199.217.128.0 - 199.217.255.255], [199.224.0.0 - 199.224.15.255], [199.234.0.0 - 199.234.255.255], [199.236.0.0 - 199.240.255.255], [199.245.16.0 - 199.245.31.255], [200.15.0.0 - 200.15.255.255], [204.0.0.0 - 204.3.255.255], [204.27.64.0 - 204.27.127.255], [204.42.0.0 - 204.42.255.255], [204.57.32.0 - 204.57.63.255], [204.75.146.0 - 204.75.146.255], [204.91.99.140], [204.141.0.0 - 204.143.255.255], [204.156.0.0 - 204.156.31.255], [204.156.128.0 - 204.156.159.255], [204.170.0.0 - 204.171.255.255], [204.194.176.0 - 204.194.183.255], [204.200.0.0 - 204.203.255.255], [204.214.84.0 - 204.214.84.255], [204.227.160.0 - 204.227.191.255], [204.233.0.0 - 204.233.255.255], [204.245.128.0 - 204.245.255.255], [204.247.0.0 - 204.247.255.255], [205.146.0.0 - 205.146.255.255], [205.149.160.0 - 205.149.191.255], [205.157.128.0 - 205.157.143.255], [205.212.0.0 - 205.212.255.255], [205.238.0.0 - 205.238.63.255], [206.14.0.0 - 206.14.255.255], [206.50.0.0 - 206.50.255.255], [206.52.0.0 - 206.52.255.255], [206.54.0.0 - 206.54.63.255], [206.55.0.0 - 206.55.63.255], [206.58.0.0 - 206.58.255.255], [206.68.0.0 - 206.69.255.255], [206.80.32.0 - 206.80.63.255], [206.82.32.0 - 206.82.63.255], [206.86.0.0 - 206.86.255.255], [206.106.144.0 - 206.106.159.255], [206.163.0.0 - 206.163.223.255], [206.166.128.0 - 206.166.191.255], [206.183.192.0 - 206.183.223.255], [206.184.0.0 - 206.184.255.255], [206.197.81.0 - 206.197.81.255], [206.213.64.0 - 206.213.127.255], [206.222.32.0 - 206.222.63.255], [206.239.0.0 - 206.239.255.255], [206.252.0.0 - 206.252.31.255], [207.20.0.0 - 207.21.191.255], [207.22.64.0 - 207.22.127.255], [207.31.192.0 - 207.31.255.255], [207.32.64.0 - 207.32.127.255], [207.33.0.0 - 207.33.255.255], [207.52.97.0 - 207.52.97.255], [207.52.130.0 - 207.52.130.255], [207.52.151.0 - 207.52.151.255], [207.52.244.0 - 207.52.244.255], [207.53.128.0 - 207.53.191.255], [207.55.128.0 - 207.55.223.255], [207.56.0.0 - 207.57.255.255], [207.58.0.0 - 207.58.127.255], [207.67.128.0 - 207.67.255.255], [207.71.64.0 - 207.71.127.255], [207.91.64.0 - 207.91.127.255], [207.97.0.0 - 207.97.127.255], [207.111.64.0 - 207.111.127.255], [207.137.0.0 - 207.137.255.255], [207.150.0.0 - 207.150.159.255], [207.152.64.0 - 207.152.127.255], [207.153.128.0 - 207.153.255.255], [207.156.128.0 - 207.156.255.255], [207.158.192.0 - 207.158.255.255], [207.159.0.0 - 207.159.63.255], [207.196.0.0 - 207.196.127.255], [207.197.128.0 - 207.197.255.255], [207.198.128.0 - 207.198.255.255], [207.199.0.0 - 207.199.127.255], [207.201.128.0 - 207.201.191.255], [207.206.0.0 - 207.206.127.255], [207.207.128.0 - 207.207.159.255], [207.241.0.0 - 207.241.127.255], [208.55.0.0 - 208.55.255.255], [209.21.0.0 - 209.21.63.255], [209.24.0.0 - 209.24.255.255], [209.39.0.0 - 209.39.255.255], [209.41.0.0 - 209.41.63.255], [209.43.128.0 - 209.43.255.255], [209.57.0.0 - 209.57.255.255], [209.69.0.0 - 209.70.255.255], [209.75.0.0 - 209.75.255.255], [209.94.0.0 - 209.94.31.255], [209.107.0.0 - 209.107.95.255], [209.124.0.0 - 209.124.31.255], [209.130.0.0 - 209.130.127.255], [209.139.0.0 - 209.139.191.255], [209.157.0.0 - 209.157.255.255], [209.162.64.0 - 209.162.127.255], [209.168.0.0 - 209.168.127.255], [209.170.0.0 - 209.170.63.255], [209.189.0.0 - 209.189.127.255], [209.207.128.0 - 209.207.255.255], [209.217.128.0 - 209.217.191.255], [209.227.0.0 - 209.227.127.255], [209.238.0.0 - 209.238.255.255], [216.42.0.0 - 216.42.255.255], [216.44.0.0 - 216.44.255.255], [216.167.0.0 - 216.167.127.255], [216.208.197.96 - 216.208.197.127]: Access denied! === First of all, the evidence of the persistent Postmaster General / Mindshare === === Design spammers, spamming me non-stop, and Verio did nothing to stop the abuse === http://www.DolphinWave.org/spam/postmastergeneral_mindsharedesign.txt === Verio ignores spam complaints, the spammers are not being terminated === === for *months* of unstoppable spam and complaints === From frederi108@aol.com Fri Feb 1 18:58:57 2002 Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net!portc01.blue.aol.com!audrey05.news.aol.com!not-for-mail Lines: 118 X-Admin: news@aol.com From: frederi108@aol.com (Frederick the amateur spam killer) Newsgroups: news.admin.net-abuse.email Date: 01 Feb 2002 15:29:03 GMT References: Organization: AOL http://www.aol.com X-Newsreader: Session Scheduler Subject: SPEWS Verio spam problem (was Re: verio response.) Message-ID: <20020201102903.03037.00000014@mb-fo.aol.com> Xref: uni-berlin.de news.admin.net-abuse.email:1587410 In article , Wm James writes: >>Actually, they could do a "Sprintpink" and just cover an >>affected B block. I'll have to dig into it, but I believe they're >>all related to one B block, at the very least. >>Frederi108@aol.com (Frederick) >That helps, of course. But the main complaint with things which block >pieces is that it affects the innocent with no warning. Here's just a sample of spam complaints that I looked up last night. Now, to give credit where credit is due, the spam complaints I made about spammers wanting to download an dialer program to you have been taken down. However, the ones shown below, especially the mortgage spammer sites, are still up, months after the complaints went out. _______________________________________________________ From: Frederi108@aol.com (Frederi108@aol.com) Subject: [email] SPEWS www.moneysavingsolutions.net Newsgroups: news.admin.net-abuse.sightings Date: 2002-01-30 16:59:30 PST www.moneysavingsolutions.net resolves to 161.58.208.92 Netname: VRIO-161-058 Netblock: 161.58.0.0 - 161.58.255.255 Maintainer: VRIO _______________________________________________________ From: Frederi108@aol.com (Frederi108@aol.com) Subject: [email] SPEWS getmedsonline.com -> medicalmarketgroup.com (C/C SCAM) Newsgroups: news.admin.net-abuse.sightings Date: 2002-01-28 16:45:18 PST www.getmedsonline.com resolves to 168.143.166.146 Netname: VRIO-168-143 Netblock: 168.143.0.0 - 168.143.255.255 Maintainer: VRIO www.medicalmarketgroup.com resolves to 168.143.166.131 Netname: VRIO-168-143 Netblock: 168.143.0.0 - 168.143.255.255 Maintainer: VRIO _______________________________________________________ From: Frederi108@aol.com (Frederi108@aol.com) Subject: [email] www.kwikscripts.com/viagra.htm -> medicalmarketgroup.com Newsgroups: news.admin.net-abuse.sightings Date: 2002-01-15 15:28:08 PST www.kwikscripts.com resolves to 168.143.166.146 Netname: VRIO-168-143 Netblock: 168.143.0.0 - 168.143.255.255 Maintainer: VRIO www.medicalmarketgroup.com resolves to 168.143.166.131 Netname: VRIO-168-143 Netblock: 168.143.0.0 - 168.143.255.255 Maintainer: VRIO _______________________________________________________ From: Frederi108@aol.com (Frederi108@aol.com) Subject: [email] www.freequote4me.com -> sunrise@connectcorp.net Newsgroups: news.admin.net-abuse.sightings Date: 2001-08-19 05:48:05 PST www.freequote4me.com resolves to 128.121.116.26 Netname: VRIO-128-121 Netblock: 128.121.0.0 - 128.121.255.255 Maintainer: VRIO _______________________________________________________ From: Frederi108@aol.com (Frederi108@aol.com) Subject: [email] www.getaquote4me.com -> sunrise@connectcorp.net Newsgroups: news.admin.net-abuse.sightings Date: 2001-08-04 20:40:31 PST www.getaquote4me.com resolves to 128.121.124.170 Netname: VRIO-128-121 Netblock: 128.121.0.0 - 128.121.255.255 Maintainer: VRIO _______________________________________________________ I could go on, but it appears that verio.net has done NOTHING concerning any of the spamvertised sites that anyone has complained about. verio.net almost 9,000 hits in the sightings newsgroup. Of particular interest should be han-solo.net, which seems to be the source of quite a number of spams. (netmed.han-solo.net [161.58.219.201]) has around 145 hits, although it is found at various IP addresses on verio net-space. Always seems to be used by spammers sending from it, making it look like it was relayed off that equipment, or used a mailform.pl exploit. 128.121 brings up 2610 hits in deja.com 161.58 brings up 817 hits in deja.com Verio does nada. Zip. Zilch. Zero. SPEWS should consider adding the two above B blocks to their list. Verio's hat color is pretty obvious from this short list alone. Frederi108@aol.com (Frederick) This e-mail address is whitelisted. "Because I'm a CRAZY one-armed spam-fighter with a hand coming out of my neck, so gimme some coffee!" http://hometown.aol.com/frederi108 === Verio *refuses* to talk about the abuse or spam issues with their customer === From pr@isprime.com Fri Feb 15 23:22:47 2002 Path: uni-berlin.de!fu-berlin.de!cpk-news-hub1.bbnplanet.com!news.gtei.net!nntp.abs.net!feeder.qis.net!sn-xit-02!supernews.com!postnews1.google.com!not-for-mail From: pr@isprime.com (Phil Rosenthal) Newsgroups: news.admin.net-abuse.email Subject: Verio blackhole possible help? Date: 15 Feb 2002 11:26:06 -0800 Organization: http://groups.google.com/ Lines: 53 Message-ID: <54e05a6a.0202151126.609b2f01@posting.google.com> NNTP-Posting-Host: 209.11.110.130 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1013801167 26046 127.0.0.1 (15 Feb 2002 19:26:07 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 15 Feb 2002 19:26:07 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1595049 Hello, I noticed that verio's ip space is blackholed on at least two blackhole lists: (127.0.0.4) 130.94.138.2 is DNSbl listed. by xbl.selwerd.cx www.kellyswebcam.com uplink for NETBLK-LIKEWHOA epending by dksmail.dksno.com/204.27.101.91 SPEWS S644 NS for bzah.com (Empire Towers) www.mydishnow.com www.wiseoldmule.com xxx-porns.com advanceddating.com this is not a list of open relays please see http://selwerd.cx/xbl/ -------------------------------------------------------------------------------- (127.0.0.7) 130.94.138.2 is DNSbl listed. by blackholes.five-ten-sg.com did not seem concerned at all about folks refusing all mail from their networks. added 2001-11-25; spam support - hosting postmastergeneral called 800-438-8374 and they *refused* to talk about abuse or spam issues, and --- This blackhole does include my ip space as my primary uplink is verio, but that will change soon. I don't care too much that my ip space is included there, except for the one exception that it should say "Verio is blackholed", when someone looks up my ip and sees "did not seem concerned...." it looks like I did something wrong when verio did, anyway, moot point as I won't be using verio ip space soon. But on another issue, I believe I can help get these issues resolved. As a large customer of verio, I have some good contacts there, and would like to see this come to an end. A spam contact I have that I believe will help in all of these issues is Shane Hopkins - 214-290-8544 I will contact him in regards to these issues, but everyone else who would actually like to see these issues resolved should contact him as well. He does have to power to put these issues to an end if they aren't resolved, and I believe he will. --Phil === Verio lies about terminating their persistent porn-spammer === From no@no.thanks Thu May 30 13:13:47 2002 Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.cis.ohio-state.edu!nntp.service.ohio-state.edu!not-for-mail From: "Jay Stuler" Newsgroups: news.admin.net-abuse.email Subject: Re: Verio porn peddler trick Date: Wed, 29 May 2002 21:16:37 -0400 Organization: Ohio State University Lines: 58 Sender: stuler.1@dhcp065-024-145-101.columbus.rr.com Message-ID: References: <20tafu405qqthhhsq8b1r6gthn1kar8mk5@4ax.com> NNTP-Posting-Host: dhcp065-024-145-101.columbus.rr.com X-Trace: charm.magnus.acs.ohio-state.edu 1022721422 23247 65.24.145.101 (30 May 2002 01:17:02 GMT) X-Complaints-To: abuse@osu.edu NNTP-Posting-Date: 30 May 2002 01:17:02 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Xref: uni-berlin.de news.admin.net-abuse.email:1701222 "Wm James" wrote in message news:20tafu405qqthhhsq8b1r6gthn1kar8mk5@4ax.com... > posted to news.admin.netabuse.email > cc: > filip.krupka@gtsgroup.cz,tm@gts.cz,zidek@master.cz,vosmera@master.cz,ant_and @hotmail.com,abuse@digipoo.com,postmaster@digipoo.com,abuse@hotmail.com,post master@hotmail.com,abuse@master.cz,postmaster@master.cz,abuse@SECURE.NET,pos tmaster@SECURE.NET,abuse@verio.net,postmaster@verio.net > > After getting several spams every day for a while pointing to > www.free-porn-space.com, and complaints to verio went totally ignored, > I sent compies with ID of the perps to congress, the AGs, etc. > Predictably, the page went away. Now, a couple of days later, it's > back, twice over.. sort of. > > There are two copies of the same page (folders' containing the page), > apparently being setup to look like "affiliates". Apparently they got > properly dumped by www.amateur-vixens.com where the old page > redirected. Now it (both) point to www.pornhappybabes.com. > > However, the initial domain is STILL verio. Same IP as before. > > To those posting here wondering why so much of verio is being blocked > by spews and others, this is a prime example. Verio has scrapped the > bottom of the sewer by protecting these scumbags. They don't care > what their spammers do, or even if children are involved. You really > want to support scum like that with your money? Go ahead, but don't > whine about decent people rejecting your emails. > > William R. James > Here's a nice email I received from "Sarah Pollister" at Verio regarding www.free-porn-space.com OF COURSE IT IS ALL LIES. Nothing was disabled. ======================== Thank you for informing us about this. Sending unsolicited e-mail or making inappropriate commercial newsgroup posts from our web servers is strictly forbidden. It is also forbidden to promote web sites hosted on our servers in such mailings or postings. You may see our acceptable use policy here: http://home.verio.com/company/policies/aup.cfm We are currently looking into this and the link posted has been disabled. thanks, Sarah Abuse/VWH === More lies about terminating their spammers, now to their own customer. === === Then the next lie: they didn't get enough complaints, which is a bullshit === === cause that customer was spammed by them regularly, himself === From ed@virtualpix.com Wed May 29 13:00:36 2002 Path: uni-berlin.de!fu-berlin.de!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!enews4 From: Ed Donaldson Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS - collateral damage - S562 Date: Tue, 28 May 2002 19:19:29 -0700 Organization: Virtualpix.com Lines: 50 Message-ID: <3CF43AB1.C65BD56@virtualpix.com> References: <3CF42575.5678A726@virtualpix.com> NNTP-Posting-Host: p-196.newsdawg.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Mailer: Mozilla 4.75 [en]C-CCK-MCD (Qwest.net) (Win98; U) X-Accept-Language: en Xref: uni-berlin.de news.admin.net-abuse.email:1700441 You are correct. Verio claims that they haven't had reports of spamming by subject domains or legitimate complaints lodged therein so their advice is to change my IP number. I know this is bullshit since I receive email from these jerks regularly. If it wasn't so much trouble to move everything, I'd tell them to take a leap. I really can't afford that since I could easily be getting into the same deal with another provider all over again... Remarks?? chester wrote: > > in article 3CF42575.5678A726@virtualpix.com, Ed Donaldson at > ed@virtualpix.com wrote on 5/28/02 8:48 PM: > > > My server IP is 128.121.115.25. The "evidence" file S562 (for my > > IP) shows the spammers IPs to be 128.121.113 and 128.121.116. > > Evidently my server is lumped in with these low-lives. A call to > > viaVerio revealed these jerks were were shut down and since moved > > to a new host. That is supported by the evidence file. > > > Verio is not telling the whole story.. > > Type in http://128.121.116.26 see what comes back. If it is freequote4me.com > then Verio then Verio seems to have lied to you. > > Type in http://128.121.112.242 see what comes back. If it is > request-erate.com then Verio then Verio seems to have lied to you. > > Type in http://128.121.112.242 see what comes back. If it is a > www.value-esun.com removal page then Verio seems to have lied to you. > > Then you see why verio can't be trusted. It would be better for you to > change networks. > > Please, by all means, do the lookups yourself. Do the traceroutes, use > samspade.org. Use whatever tools you have at your disposal to see if the > verio hosted spammers are there or not. > > Verio will lie to its own customers to protect its revenue stream from > spammers. Call back and get their answer to why these spammers still have > working websites. Let us know what happens. -- Regards - Ed Donaldson VirtualPix.com (480) 488-1784 Active Server, Database Driven Web Sites and Web Hosting http://VirtualPix.com ed@virtualpix.com "The reason the mainstream is thought of as a stream is because it's so shallow." - George Carlin === And to dismiss the second lie that they were not receiving enough complaints === From davidwiz@erols.com Wed May 29 13:01:45 2002 Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!feed2.news.rcn.net!feed1.news.rcn.net!rcn!not-for-mail From: David Wisniewski Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS - collateral damage - S562 Date: Tue, 28 May 2002 23:36:14 -0400 Organization: The Spanish Inquisition Lines: 34 Message-ID: <3CF44CAE.68513809@erols.com> References: <3CF42575.5678A726@virtualpix.com> <3CF43AB1.C65BD56@virtualpix.com> Reply-To: davidwiz_2000@yahoo.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: UmFuZG9tSVb3YwP5ohlr01BIsbeTEGqflf8NjxT1ySm7BHyuJGiqDVotI80mpx2g X-Complaints-To: abuse@rcn.com NNTP-Posting-Date: 29 May 2002 03:38:02 GMT X-Mailer: Mozilla 4.78 [en] (Win98; U) X-Accept-Language: en Xref: uni-berlin.de news.admin.net-abuse.email:1700483 Ed Donaldson wrote: > > You are correct. Verio claims that they haven't had reports of > spamming by subject domains or legitimate complaints lodged > therein so their advice is to change my IP number. I know this is > bullshit Here is the proof that Verio is lying to you: > > Type in http://128.121.116.26 see what comes back. If it is freequote4me.com > > then Verio then Verio seems to have lied to you. 5 pieces of spam at: http://groups.google.com/groups?q=http%3A%2F%2F128.121.116.26+.sightings&hl=en 11 at: http://groups.google.com/groups?hl=en&lr=&q=freequote4me.com+.sightings > > Type in http://128.121.112.242 see what comes back. If it is > > request-erate.com then Verio then Verio seems to have lied to you. http://groups.google.com/groups?hl=en&lr=&q=request-erate.com+.sightings > > Type in http://128.121.112.242 see what comes back. If it is a > > www.value-esun.com removal page then Verio seems to have lied to you. 3 pieces of spam: http://groups.google.com/groups?hl=en&lr=&q=www.value-esun.com+.sightings In under a minute, I've shown that Verio is a lying piece of scum. If I were you, I'd email Verio's CEO at ceo@verio.net until the cows come home. Then sue them for giving you damaged goods. -David === Here is another Verio customer being lied that Verio has dealt with === === the spammers who made Verio to be listed in SPEWS, and that SPEWS is === === wrong === Path: uni-berlin.de!fu-berlin.de!vienna1-snh1.gtei.net!news.gtei.net !newsfeed1.cidera.com!Cidera!cyclone.tampabay.rr.com!news-post.tampabay.rr.com !twister.tampabay.rr.com.POSTED!53ab2750!not-for-mail From: "Rommie Johnson" Newsgroups: news.admin.net-abuse.email References: <3DBAD11D.2080208@netscape.net> Subject: Re: How do I get off SPEWS list? Lines: 96 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: Date: Sat, 26 Oct 2002 17:41:13 GMT NNTP-Posting-Host: 65.32.188.169 X-Complaints-To: abuse@rr.com X-Trace: twister.tampabay.rr.com 1035654073 65.32.188.169 (Sat, 26 Oct 2002 13:41:13 EDT) NNTP-Posting-Date: Sat, 26 Oct 2002 13:41:13 EDT Organization: RoadRunner - Tampa Bay Xref: uni-berlin.de news.admin.net-abuse.email:1845387 OK, first off, it never occurred to me that people here would SUPPORT this SPEWS thing. From my perspective, it's pure evil. I understand now that you find it helpful and I appreciate your efforts to politely point out its usefulness. But, like I said, Verio tells me they've already taken care of checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet posting from the checklab idiot, and you're right -- but I still don't think their insensitivity should affect me.) When you say "SPEWS does work," I have to disagree. Yes, it's keeping people from having to delete unwanted checklab.com e-mail from their inboxes, but it's also preventing my parents from having any regular communication with their son. That's collateral damage, and that's not acceptable to me. In any case, thanks for the info. "I.B." wrote in message news:3DBAD11D.2080208@netscape.net... > Rommie Johnson whined: > > Suddenly I can't send e-mail to my family and friends because my domain > > somehow got listed on this ridiculous SPEWS thing. I am not a spammer, I > > loathe spam with every fiber of my being. But this is unbelievable. Nobody > > else uses my domain except me, so I know for a fact that there has NEVER, > > EVER been any spam sent from it. > > > > Repeated attempts to contact whomever is behind the SPEWS.org site have been > > ignored. Who the hell are these people and how do you get off their list? > > > > Thanks in advance for any help. > > > > > > Hello Rommie, > > Firstly, you need to calm down. Lots. Bursting into a newsgroup that > supports SPEWS and calling it ridiculous is not going to make you many > friends. > > Secondly, SPEWS is very helpful, as you will soon see, as it has > identified why you are getting your mail blocked by some ISPs. > > I assume that your sight is http://www.facefirst.com ? Right > > Check http://openrbl.org/ip/161/58/1/246.htm to see how much of a mess > Verio is making in the spam and blocking world. > > Entering your IP number into SPEWS obtains the following information: > > http://spews.org/html/S1954.html > > reportobjects > |-------------------- > 1, 161.58.1.38, reportobjects.com / checklab.com > 1, 161.58.1.0/26, reportobjects.com / checklab.com (Verio) > 1, 161.58.0.0 - 161.58.2.255, reportobjects.com / checklab.com (Verio) > 1, 68.50.206.193, labsvr1.labsdata.com / "ebaileylap" > (pcp699937pcs.hyatsv01.md.comcast.net) > 2, 216.65.115.56, labsdata.com (host56.hostcentric.com) > 2, 209.213.96.30, mail.labsdata.com (mail.vscape.net) > ---------------------| > > Spamming. > > See: > > > So basically, your problem lies with checklab.com, who are hosted at > 161.58.1.38 They have been caught spamming and Verio refuses to turf > them, meaning that SPEWS has widened it's blocking list. > > As you see, it now covers you, and boy has it got your attention! So > SPEWS does work! > > What you need to do is harrass Verio, and get them to kick checklab.com > off their site, so that ISPs who use SPEWs won't reject your e-mail any > more. > > Simple. > > P.S. - Have a read of that usenet post listing in that SPEWs listing. > That just shows the stubborn and insensitive mindset of a spammer. > > Good luck. > > -- > I.B. > > === And here the lie is shown again === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!cyclone.swbell.net!cyclo From: "Andy Lawson" Newsgroups: news.admin.net-abuse.email Subject: Re: How do I get off SPEWS list? Date: Sun, 27 Oct 2002 09:20:32 +1300 Organization: OsiruSoft Research & Engineering Lines: 21 Message-ID: References: <3DBAD11D.2080208@ NNTP-Posting-Host: 202-0-33-254.cable.paradise.net.nz X-Trace: ns.osirusoft.com 1035663622 27905 202.0.33.254 (26 Oct 2002 20:20:22 GM X-Complaints-To: news@news.osirusoft.com NNTP-Posting-Date: 26 Oct 2002 20:20:22 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Xref: uni-berlin.de news.admin.net-abuse.email:1845439 "Rommie Johnson" wrote in message news:ZsAu9.160389$S8.3215650@twister.tampabay.rr.com... snip snip > But, like I said, Verio tells me they've already taken care of > checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet > posting from the checklab idiot, and you're right -- but I still don't think > their insensitivity should affect me.) > Hate to disappoint you but your contact at Verio told you a big fat porker, Checklab is STILL hosted on Verio's network at the exact same IP as listed in the spews record and is provided with nameservers by Verio also. So how exactly has Verio taken care of the problem? Verio haven't even bothered to respond to spam complaints I've sent them in the past. === The confirmation - Verio still hosts the spammer they've claimed to === === terminate === Path: uni-berlin.de!fu-berlin.de!news.teledanmark.no!uninett.no!news.algonet.se !algonet!oden.abc.se!not-for-mail From: Claes T Newsgroups: news.admin.net-abuse.email Subject: Re: How do I get off SPEWS list? Date: Sat, 26 Oct 2002 23:24:28 +0200 Organization: DoNotSpam, eventhough e-address IS valid Lines: 38 Message-ID: <511mrus0qse3q1nq437c06l0uhqrl52mlv@4ax.com> References: <3DBAD11D.2080208@netscape.net> NNTP-Posting-Host: dialup-8.abc.se Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: oden.abc.se 1035667469 22520 195.17.73.8 (26 Oct 2002 21:24:29 GMT) X-Complaints-To: abuse@abc.se NNTP-Posting-Date: Sat, 26 Oct 2002 21:24:29 +0000 (UTC) X-Newsreader: Forte Agent 1.9/32.560 Xref: uni-berlin.de news.admin.net-abuse.email:1845461 On Sat, 26 Oct 2002 17:41:13 GMT, "Rommie Johnson" wrote: >But, like I said, Verio tells me they've already taken care of >checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet >posting from the checklab idiot, and you're right -- but I still don't think >their insensitivity should affect me.) Hello! I'm the guy who got the checklab answer you read in the SPEWS file (but I'm not SPEWS or related to them). Let me check facts so far: You say Verio say they have taken care of Checklab.com? *Already* *taken* (past tense)? When I reported them they where at 161.58.1.38, so let's check where they have gone since Verio took care of them.... --- 10/26/02 --- looking up host checklab.com --- traceroute to www.checklab.com [161.58.1.38], .... 23 [ 192.67.244.73] ge-25-0836.stngva01.us.verio.net 293 ms 24 [ 161.58.1.38] checklab.com 278 ms --- traceroute statistics for www.checklab.com ... Hmmm, they have moved....NOT. You may want to talk to Verio *again*, because if Verio waits for SPEWS to acknowledge somothing never done, it will take time. Now you see *why* SPEWS "refuse to acknowledge"? And I agree - the Checklab issue *should* have been solved *long* before you where affected. You may want to ask (demand) Verio to add some staffing to their abuse desk, to avoid getting Verio into trouble as in your/Checklabs case in the future. After all, your money pays their salaries, and their abuse desk *is* understaffed, due to management priorities. All the best, Claes T === Verio forwards complaints to spammers for "listwashing" === From bwojr@rrnet.com Thu May 23 20:10:27 2002 Path: uni-berlin.de!fu-berlin.de!nntp.cs.ubc.ca!newsfeed.stanford.edu!postnews1.google.com!not-for-mail From: bwojr@rrnet.com (Bruce Opheim Jr.) Newsgroups: news.admin.net-abuse.email Subject: Yet more proof Verio loves spambags... Date: 22 May 2002 20:07:40 -0700 Organization: http://groups.google.com/ Lines: 31 Message-ID: <1528fa32.0205221907.6694452f@posting.google.com> NNTP-Posting-Host: 63.230.106.194 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1022123260 13717 127.0.0.1 (23 May 2002 03:07:41 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 23 May 2002 03:07:41 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1686495 MY complaint (search nanas): www.inphonic.com spam sent from Mindshare and Verio just keeps letting Mindshare spam all they want in wanton violation of several state laws. Nice company Verio. Makes me want to hope they go out of business VERY soon. I'd suggest Verio try to apply an appropriate AUP/Tos but apparently that would be a waste of time. Rot in Spews Verio. You suck! Hell you couldn't even whitewash this address from last complaints. Bruce Opheim Jr. bwojr@rrnet.com Got this reply: From: Customer_Relations@inphonic.com Date: Fri, 17 May 2002 19:28:39 -0400 Subject: RE:[email] Free Wireless phones with Free Long Distance!!! [#332834] To: bwojr@rrnet.com removed Sincerely, Andrea Springs Customer Relations Department Complain to Verio about Inphonic and get white washed.. proof that Verio is sleeping with their spambags in a big way. Verio is a lousy 'Net neighbor and I sincerely hope Verio goes out of business. Bruce Opheim Jr. bwojr@rrnet.com === Verio ignores their Postmaster General spam complaints, listwashes but === === the spam begins to flow again, and no way to stop === From rfg@monkeys.com Sat May 11 10:30:51 2002 Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu!postnews1.google.com!not-for-mail From: rfg@monkeys.com (Ronald F. Guilmette) Newsgroups: news.admin.net-abuse.email Subject: Re: That's IT. I have HAD IT with Verio and mb00.net. Date: 10 May 2002 21:55:58 -0700 Organization: http://groups.google.com/ Lines: 231 Message-ID: References: NNTP-Posting-Host: 66.60.157.246 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1021092959 8903 127.0.0.1 (11 May 2002 04:55:59 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 11 May 2002 04:55:59 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1653473 Karl Czapla wrote in message news:... > One of my spamtrap addresses (@yahoo) had been getting spam from one of > mb00's lists for some time now. I eventually gave in and sent an > unmunged report using SpamCop to Verio, who seemed to have listwashed me. > > But guess what? The spam just started back up again! Being powerless > to do anything else except JHD or remove, I sent the following to Verio > via verio.net@bitch-list.net (spam snipped at the headers since this > ain't NANAS). > > I encourage ALL who get mb00 spam, and do not already forward it via > bitch-list, to do the same. I realize this is preaching to the choir > for the most part, but if I can even get one or two other users to > follow suit, I will have done my job. It has already been proven many many times to be an utterly pointless exercise in futility to forward spam to Verio. They don't care, and nothing you might do will make them care. That's why they are in SPEWS! The only possible approach that might bear fruit is to start forward- ing all of your Postmastergeneral and Verio spam to various addresses that belong to Verio's parent company, NTT of Japan. I provided a list of such addresses previously: http://groups.google.com/groups?q=NTT+Verio+author:rfg%40monkeys.com&hl=en&scoring=d&selm=u04dghgmfvbcc%40corp.supernews.com&rnum=2 If everyone who got spammed from Verio just did this for about a week, I'm confident that we would cease to have this massive Verio spam problem. Here's the list again: postmaster@ntt.com webmaster@ntt.com k.hayamizu@ntt.com hostmaster@ntt.com root@ntt.net yharada@will.brl.ntt.co.jp domain-tech@ntt.net ikeda.akio@ss.bch.ntt.co.jp coling96@nttkb.ntt.jp ehtbli@ntt.net hirata@nefertiti.brl.ntt.co.jp igy@arhc.org t.imoto@ntt.com nakayama.ryuji@lab.ntt.co.jp t-ymmt@aecl.ntt.co.jp hisadome@exa.onlab.ntt.co.jp terada@exa.onlab.ntt.co.jp nakayama.ryuji@lab.ntt.co.jp horima.toshihiko@lab.ntt.co.jp korea-gl@ntt.com AgentAction@mmgw.nsc.cae.ntt.co.jp ArcstarMobile@ntt.com aptivapack@ntt.ocn.ne.jp aw-info@ntt.com b2b@ains.nttdata.co.jp bba@ntt.com billing-co@ntt.com buildarc@ntt.com business@ntt.com buyer-nw@ntt.com ckoho@tamail.rdc.ntt.co.jp e-container@ntt.ocn.ne.jp com@ntt.com elesson-co@ntt.com eps@ntt.com esquare@ntt.com free-navi@ntt.com freedial@wins.pkt.ntt.co.jp gigaway@ntt.com guardit@ntt.com h-info@ntt.com home@ntt.com ikenobo@ntt.com in-info@ntt.com info-ab@ntt.com info-af@ntt.com info-senyo@ntt.com info-utrad@ntt.com Finfo@ntt-wt.co.jp info@ntt.com iplc-sales@ntt.com k.dozono@ntt.com k.ojima@ntt.com kaneko.atsushi@ntt.ocn.ne.jp kaneko@vcn.ntt.com kentei@ntt.com koho-so@ntt.com kokusai@ntt.com m-support@ntt.com masanobu.kondo@ntt.com miwako.iyoku@ntt.com mobilepack@ntt.ocn.ne.jp mom@ntt.com next@ntt.com ninsyo@ntt.com ocnpcpack@ntt.ocn.ne.jp photobook@azb.nttls.co.jp premier@ntt.com rals-c@ntt.ocn.ne.jp s-vpn@ntt.ocn.ne.jp shigai@ntt.com t.fujii@ntt.com t.fujimoto@ntt.com t.kurai@ntt.com value-iad@ntt.com workstyle@ntt.com y.mizutori@ntt.com yoshiharu.hamashima@ntt.com Info@ntt-wt.co.jp a.nishiharaguchi@ntt.com abc@ntt.co.kr air@ntt.com apparelarc@ntt.com appmaster@ntt.com arcstar-ip-vpn@ntt.com arcstarmobile@ntt.com bba@ntt.com blade@ntt.com bldg@ntt.com broadband@ntt.ocn.ne.jp buildarc@ntt.com business@ntt.com callagecheck@ntt.com cdpf@ntt.com chemicalarc@ntt.com ckoho@tamail.rdc.ntt.co.jp com-choi@ntt.com datacenter@ntt.com drm@ntt.com e-lesson@ntt.com e-security@ntt.com e-transit@ntt.com ec-info@ntt.com eco-m@ntt.ocn.ne.jp epicot@ss.bch.ntt.co.jp eps@ntt.com evlan@ntt.com free-navi@ntt.com freedial@wins.pkt.ntt.co.jp gigae@ntt.com gigaway@ntt.com gtrax@ntt.com guardit@ntt.com h.mitsuke@ntt.co.jp h.mitsuke@ntt.com h.sasaki@ntt.com home@ntt.com honyaku@ntt.ocn.ne.jp i.okada@gad.ldg.bch.ntt.co.jp in-info@ntt.com info-ab@ntt.com info-af@ntt.com info-e@dali.ss.bch.ntt.co.jp info-es@ntt.com info-mama@ntt.ocn.ne.jp info-relay@ntt.com info-senyo@ntt.com info@clearinghouse.ntt.com info@gad.ldg.bch.ntt.co.jp info@ntt-wn.co.jp info@ntt-wt.co.jp info@ntt.com info@ntt.net intern-pd@ntt.com iplc-sales@ntt.com ipv6@ntt.com ka.kobayashi@east.ntt.co.jp kahoru.tsuda@ntt.com kaidai@ntt.com kazuhisa.miyake@ntt.com ke.sato@ntt.com kentaro.suzuki@ntt.com kentei@ntt.com kimura.kazuo@ntt.ocn.ne.jp koho-so@ntt.com koho@mail.rdc.ntt.co.jp korea-gl@ntt.com kouhou@soumu.nttcom.co.jp m.ashida@ntt.com mdc-so@ntt.com mmvnet@mm.bch.east.ntt.co.jp mobileconnect@ntt.com mom@ntt.com monitoring@ntt.com mpeloquinl@verio.net n.yamaga@ntt.com navi@ntt.com navidial@wins.pkt.ntt.co.jp netcast@ntt.com nwd-info@ntt.com ocn-sec@ntt.ocn.ne.jp ocncafe@ntt.ocn.ne.jp ocnhosting@ntt.ocn.ne.jp ocnkids@ntt.ocn.ne.jp ocnpcpack@ntt.ocn.ne.jp online-shop@ntt.com open@sinoa.east.ntt.co.jp poc@ntt.ocn.ne.jp press@nttdomain.com procure@chuo.longdist.ntt.co.jp rals-c@ntt.ocn.ne.jp saitai-nw@ntt.com saitai@sinoaml.east.ntt.co.jp saitai@west.ntt.co.jp saiyo@ntt.com sasaki.t@east.ntt.co.jp sharestage@ntt.com shien-co@ntt.com shigai@ntt.com streaming@ntt.com streamsales@ntt.ocn.ne.jp t.kuboyama@pc.west.ntt.co.jp t.kurai@ntt.com t.morishita@ntt.com take.yoshikawa@ntt.com tech0033-co@ntt.com trade-edi@sm2.bch.ntt.co.jp trasec@ntt.com user-info@ntt.com v-net@mm.bch.east.ntt.co.jp v-portal@ntt.com wcs-co@ntt.com webbox@ntt.com y.hanada@ntt.com y.sumida@ntt.com yuji.katou@ntt.com === Verio forwarded the spam complaint to their spammer, doesn't mind to host === === spammers if they don't use Verio's resources to send spam. Quoting the bill === === that was never passed into the law, that supposedly legitimize the spam, is === === ok with Verio, too (S. 1618) === From rippa042@hotmail.coma Wed Oct 24 10:19:45 2001 Path: uni-berlin.de!fu-berlin.de!news.tele.dk!small.news.tele.dk!207.115.63.138!newscon04.news.prodigy.com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!newssvr21.news.prodigy.com.POSTED!not-for-mail From: "Carl Woods" Newsgroups: news.admin.net-abuse.email Subject: verio sends complaint to spam hoster, response attached Lines: 259 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 5.50.4522.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200 Message-ID: NNTP-Posting-Host: 206.170.148.185 X-Complaints-To: abuse@prodigy.net X-Trace: newssvr21.news.prodigy.com 1003893556 ST000 206.170.148.185 (Tue, 23 Oct 2001 23:19:16 EDT) NNTP-Posting-Date: Tue, 23 Oct 2001 23:19:16 EDT Organization: Prodigy Internet http://www.prodigy.com X-UserInfo1: OXYYSWOELRVS@^LYMRKNOPDA[X_LPO@FKY\@LWQHBATBTSUBYFWEAE[YJLYPIWKHTFCMZKVMB^[Z^DOBRVVMOSPFHNSYXVDIE@X\BUC@GTSX@DL^GKFFHQCCE\G[JJBMYDYIJCZM@AY]GNGPJD]YNNW\GSX^GSCKHA[]@CCB\[@LATPD\L@J\\PF]VR[QPJN Date: Wed, 24 Oct 2001 03:19:16 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1458399 Spammer-speak complete with Murk quote. Copied to NANAS/NANAE. ----- Original Message ----- From: "Moic" To: Sent: Tuesday, October 23, 2001 8:03 PM Subject: Re: (email) (SPEWS flag) (ntt/verio) Life Insurance - NOW 200110222124x15022 > This address has now been removed from our list. > > > Hello- > > I have recieved your email...as addressed to: markinet@markinet.com > > From: Verio > > Subject: xy199.com : Unsolicited Email 1 1DS-3012434 > > 1. before we signed up with you, I spoke with a gentleman by the name of: > Bob DeFrances and presented our situation to him. He > then connected us to someone in "support" by the name of "Steve" > > I outlined what we are doing before we started, and payment was made on > this basis: > > 1. We send no mail from your web site. All outgoing mail is sent from a > private server elsewhere from other sources. > > 2. We do not receive any mail at your website. All mail is received at > alternative sources. > > 3. We do not refer to your website for any feed back. > > 4. Your site holds no web pages except those for our own use. > > 5. All mails going out are strictly monitored and comply with all known > laws of the USA. > > Here is our disclaimer: > > THIS MESSAGE IS BEING SENT IN COMPLIANCE WITH PENDING EMAIL BILLS & LAWS: > SECTION 301. PER SECTION, PARAGRAPH (a) (2) (c) of S. 1618. > > This message is not intended for any prospect who is under the legal age of > 18 , or those who do not wish to receive these e-mail's or those persons > whom are residents in the State of WA, NV, CA & VA. If you wish to be > removed automaticlly or are a Washington, Virginia, or California resident: > > 6. We do not promote any of the following: > > a. Porn > > b. Sex > > c. Illicit > > d. illegal matters > > 7. We are a legitimate, paying customer of yours in several areas. > > > 8. All outgoing emails have a valid and working: reply to, and valid > "removes" link. > > 9. We are engaging the services of professional mailers who are sending > this mail to their known "op-in" list of subscribers. > > 10. Please advise if we can correct the situation in any way, > > 11. Below, is a copy of the ad, converted from the code provided from > below. > > Please advise... > > Thank you, > > jb > > > > *********** REPLY SEPARATOR *********** > > On 23/10/01 at 7:45 PM Carl Woods wrote: > > >[spam] > > > >[@home mail source: 24.179.142.117] > > > >[@Home Network (NETBLK-HOME-2BLK)HOME-2BLK 24.176.0.0 - 24.183.255.255 > >@Home Network (NETBLK-DESMIA1-IA-4) DESMIA1-IA-4 24.179.128.0 - > >24.179.143.255] > > > >[ntt/verio spamvertised web haven: 128.242.89.112 : > > http://www.xy199.com/index.htm] > > > >[SPEWS flag: > >Netname: VRIO-128-242 > > Netblock: 128.242.0.0 - 128.242.255.255] > > > >Re:reply245c@reply.lynxdata.net (Administrator of network hosting email > >address referenced in spam) > > To: abuse#home.net@devnull.spamcop.net (Notes) > > > > > > > >Return-path: > >Received: from mta4.snfc21.pbi.net (mta4-pr.snfc21.pbi.net) > > by sims3.snfc21.pbi.net > > (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10) > > with ESMTP id <0GLO004NHG4HVU@sims3.snfc21.pbi.net> for > >rippa@sims-ms-daemon; > > Tue, 23 Oct 2001 14:10:14 -0700 (PDT) > >Received: from localhost.localdomain ([24.179.142.117]) > > by mta4.snfc21.pbi.net (Sun Internet Mail Server > >sims.3.5.2000.01.05.12.18.p9) > > with ESMTP id <0GLO003VEG42H4@mta4.snfc21.pbi.net> for > > rippa@sims3.snfc21.pbi.net; Tue, 23 Oct 2001 14:09:42 -0700 (PDT) > >Received: from localhost.localdomain (localhost [127.0.0.1]) > > by localhost.localdomain (Postfix) with SMTP id 45C867B4; Tue, > > 23 Oct 2001 09:34:48 -0500 (CDT) > >Date: Tue, 23 Oct 2001 04:35:38 -0500 > >From: increasedopportunity@excite.com > >Subject: Life Insurance - NOW 200110222124x15022 > >To: 200110222124x15022-devnul@excite.com > >Message-id: <20011023143449.45C867B4@localhost.localdomain> > >Content-type: text/html > >Precedence: junk > >BANNED: /etc/BadDomains > >X-uid: 200110222124x15022 > >envelope_limit: 1 > >X-Bulkmail: 2.04 > > > > > > > > > > >content="text/html; charset=iso-8859-1"> > > > > > > > > > > > > > >

 

> > > > > > > > > > > >
> height="285">   

> class="MsoNormal" > > style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: red">ONLINE 

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: red">NO > > OBLIGATION TERM LIFE INSURANCE

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: red">QUOTES

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: red">

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: blue">Save > > up to 70% on

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: blue">Term > > Life Insurance

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: blue">

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: #ff0000">Highest > > Rated Companies

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: #ff0000">Lowest > > Cost Coverage

> >

> style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"> >style="COLOR: #ff6600">

> >

> href="http://www.xy199.com/index.htm?ID=paba">Click > > here for free quote!

> >

> href="mailto:reply245c@reply.lynxdata.net">Reply > > To:

> >

THIS MESSAGE IS BEING SENT IN COMPLIANCE WITH > > PENDING EMAIL BILLS & LAWS: SECTION 301. PER SECTION, > > PARAGRAPH (a) (2) (c) of S. 1618.
> > This message is not intended for any > > prospect who is under the legal age of 18 > > , or those who do not wish to receive these e-mail's > >  or those persons whom are residents in the State of > > WA, NV, CA & VA. If you wish to be removed > > automaticlly or are a Washington, Virginia, Nevada, > > or California resident:

> >

> > >href="mailto:200110222124x15022remove@remove.lynxdata.net?Subject=Please_re > m > >ove_from_paba"> > color="#0000FF" size="3" face="Times">Please > > Remove Your Address Here

> >

Failure to click here will not > > remove your address automatically.

> >

            > & > >nbsp;         We > > honor all removal requests.  

> >

Copyright (c) 2001 Mailers > > Associated. (All Rights Reserved)
> > Designated trademarks and brands are the property of > > their respective owners.

> >
> > > > > > a > > === Verio says to go and unsubscribe from their spammers' list === === instead of stopping their persistent and unstoppable Postmaster === === General / Mindshare Desighn spammers === From davidwiz@erols.com Fri Dec 14 01:04:37 2001 Path: uni-berlin.de!fu-berlin.de!feeder.qis.net!feed2.news.rcn.net!feed1.news.rcn.net!rcn!not-for-mail From: David Wisniewski Newsgroups: news.admin.net-abuse.email Subject: Verio Says - Eat Your Spam Date: Thu, 13 Dec 2001 14:57:02 -0500 Organization: The Spanish Inquisition Lines: 68 Message-ID: <3C19080E.9B90045C@erols.com> Reply-To: davidwiz@erols.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: UmFuZG9tSVY12tWR83xhc7ssSaaCJT3kFr2tQvneltowE7h2KrkXnGaDbzFdj4Hq X-Complaints-To: abuse@rcn.com NNTP-Posting-Date: 13 Dec 2001 19:58:03 GMT X-Mailer: Mozilla 4.78 [en] (Win98; U) X-Accept-Language: en Xref: uni-berlin.de news.admin.net-abuse.email:1540513 -------- Original Message -------- Subject: Re: [IDS-3193828] [email] SPAM: Here is your Frree T-Shirt, please confirm Date: Thu, 13 Dec 2001 11:20:15 -0700 (MST) From: Sarah Pollister To: davidwiz@erols.com If you would like to remove your name from any further emails or mailing lists administered by MindShare Design/PostMaster General, please visit http://postmastergeneral.com/addrem.html. On this page, you will be able to opt out of specific mailing lists or permanently remove your name from all mailing lists administered by MindShare Design/PostMaster General. Please be aware that removals may take up to 72 hours. If you continue to see unwanted emails from MindShare Design/PostMaster General or one of the lists administered by MindShare Design/PostMaster General beyond 72 hours, please email MindShare Design/PostMaster General at nospam@mindsharedesign.com. We hope this information is helpful. Sarah Verio Webhosting Support ==== Excerpt from your message received 12/7/2001 10:24:20 MST ==== >Attention SECURE.NET: The spam is coming from 209.133.65.60 which >belongs to you. Please take care of it. > > >-------- Original Message -------- >Return-Path: >Received: from mx01.mrf.mail.rcn.net ([207.172.4.50] [207.172.4.50])by >mta01.mrf.mail.rcn.net with ESMTPid ><20011207121925.TZCN13519.mta01.mrf.mail.rcn.net@mx01.mrf.mail.rcn.net>;Fri, >7 Dec 2001 07:19:25 -0500 >Received: from 209.133.65.60.mindsharedesign.com ([209.133.65.60] >helo=b.pm0.net)by mx01.mrf.mail.rcn.net with esmtp (Exim 3.33 #10)id >16CJyO-0000oy-00for davidwiz@erols.com; Fri, 07 Dec 2001 07:19:24 -0500 >Received: from i1008.pm0.net (209.133.67.243.mindsharedesign.com >[209.133.67.243] (may be forged))by b.pm0.net (8.11.0/8.9.3) with ESMTP >id fB7FBjm26635for ; Fri, 7 Dec 2001 07:11:45 -0800 >Received: (from pmguser@localhost)by i1008.pm0.net (8.11.0/8.9.3) id >fB7EBXj05526;Fri, 7 Dec 2001 06:11:33 -0800 >Message-Id: <200112071411.fB7EBXj05526@i1008.pm0.net> >X-Authentication-Warning: i1008.pm0.net: pmguser set sender to >pmgsender@returns.postmastergeneral.com using -f >From: J a N et > >To: >X-PMG-Userid: tshirtnews >X-PMG-Recipient: davidwiz@erols.com >Subject: Here is your Frree T-Shirt, please confirm >Date: Fri, 07 Dec 2001 09:11:32 EST >MIME-Version: 1.0 >Content-Type: text/plain; charset="iso-8859-1" >X-Spam-Warning: This message was accepted from a host or IP address >whichis suspected of being used to distribute spam. Please >seehttp://www.mail.rcn.net/external/x-header/ for more information >X-Mozilla-Status: 8001 >X-Mozilla-Status2: 00000000 >X-UIDL: <200112071411.fB7EBXj05526@i1008.pm0.net> > >Get your Free T-Shirt, please confirm > >Thank you for joining Free T-Shirt News. >Please CLICK the link or simply reply ... === Verio refuses to effectively deal with their abusable formmail script === === users, but does legal threats to the blocklist maintainer, when those === === proved to be abused IPs were listed on the blocklist === From rfg@monkeys.com Fri May 31 07:51:17 2002 Path: uni-berlin.de!fu-berlin.de!fr.usenet-edu.net!usenet-edu.net!freenix!sn-xit-01!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: rfg@monkeys.com (Ronald F. Guilmette) Newsgroups: news.admin.net-abuse.email Subject: BLOCK,LEGAL: Cartooney threat: Verio vs. formmail.relays.monkeys.com Date: Fri, 31 May 2002 01:09:23 -0000 Organization: Posted via Supernews, http://www.supernews.com Message-ID: X-Complaints-To: newsabuse@supernews.com Lines: 180 Xref: uni-berlin.de news.admin.net-abuse.email:1701975 Some background... I run an anti-spam list of known/proven FormMail spam sources for the benefit of the Internet community. The list can be referenced as: formmail.relays.monkeys.com IP addresses get added to this list by being sources of FormMail spam. There is no other way to get listed on this list. No opinions or judgement calls are involved. Many sites are using this list now to filter out Formmail spam. I consider the removal of IP addresses from this list as being merely a necessary courtesy that I must extend to the sites that get listed, when and if they actually fix the FormMail spam problem, completely, on their end. In an ideal world, 100% of the burden of dealing with the problems created by the sites that have been sources of FormMail spam would fall onto those sites themselves, and they would ``remove'' their own outgoing mail servers from the FormMail list simply by chang- ing the IP addresses of those servers. But we don't live in that ideal world, and my feeling is that the sites that are using my FormMail list for spam filtering do desire and expect me to process removal requests from any and all listed sites that have in fact fixed the FormMail prob- lem, completely, on their end. And I do process such removal requests in all cases where I am convinced that the problem has really been solved, and that the IP addresses to be removed will never again be sources of FormMail spam. When I get requests for removals from the FormMail Spam Sources list, I separate them into one of two categories, i.e. (1) non-web-hosting organizations and (2) companies that do web hosting as part of their business portfolio. In the case of non-web-hosting organizations, I try my best to verify that the organization has either fixed or removed the problematic FormMail script... typically there is only one... and then, when that seems to have been accomplished, I remove the relevant IP address. In the case of companies that do web hosting for other parties as a normal part of their business (most of whom allow their end users to upload and install any old CGI script at any time), I have been asking these companies to either (a) use the FormMail Spam Sources list to do mail filtering on their own mail servers[1], or else (b) to scan all of their CGI-enabled directories, every night, to find new FormMail scripts. In the latter case, I _do not_ just let them get by with a vague and non-specific statement like "yea, we do scanning", in part because I have already learned that an awful lot of companies have the Wrong Idea about how to do such scanning properly. Many seem to think that just scanning for files with filenames like "formmail.pl" or "FormMail.cgi" is sufficient to find all of these bad scripts. I disabuse them of that notion and ask that they use a different scanning technique whereby they first find all Perl CGI scripts that are marked as executable, and then grep each of those for the string "Matt Wright". (This will of course also find other non-FormMail kinds of Matt Wright scripts, but given that all such are known to be dangerous, security-wise, this bit of ``overkill'' may in fact be helpful in finding additional problematic CGI scripts.) So anyway, that's what I do when I get requests from web hosting companies who want their IP addresses removed from the FormMail Spam Sources list. So far, most of the web hosting companies that I have dealt with, and who have requested removal have either been willing to comply with these conditions or else they have just sulked off quietly and either changed the IP addresses of their mail servers or else they have decided to just live with the blocking on a permanent basis. The majority have in fact implemented the nightly scanning of their CGI directories, as per my recommended procedure. Then comes Verio. These folks tell me that they scanned for the bad _filenames_ once, two weeks ago, and that if that's not good enough for me, then it must be _my_ problem. (As noted above, scanning for _filenames_ is definitely _not_ sufficient to completely solve the FormMail problem. Also, of course, some of Verio's less-well-clued customers may have uploaded bad Formmail scripts since the one and only scanning pass that Verio claims to have performed on their servers, two weeks ago.) In a rather stunning display of self-centered arrogance, someone claiming to be Jeff Richard, Manager, Abuse Dept. NTT/VERIO sent me the e-mail message attached below. Please note the not-at-all-veiled cartooney threat. Mr. Richard, in the privacy of his own mind, apparently believes that I'm not ``cooperating'' with ISPs. It would be more accurate to say that I'm not merely bending over whenever _Verio_ requests me to do so. I have in fact been working with other large web hosting companies to fully and permanently resolve the net's FormMail spam problem, and in most cases so far, these cooperations have resulted in successful outcomes where all users of the FormMail Spam sources list may be sure that these other companies will never again be sources of FormMail spam. Unfortunately, on advice of council, I can no longer communicate directly with Mr. Richard and/or Verio, and I will not attempt to do so in any way. I will not however discourage other paries who may have opinions on all of this from making those opinions known to Verio and/or Mr. Richard. (Not that I expect any such opinions to make any difference. The current reputation of Verio with regards to control of spam from and within their network is well known by now, I believe.) Certainly, anybody who does contact Verio should, in the first instance, make inquiries regarding Verio's actions, or lack thereof, with regards to the following open proxies located on AS 2914 (Verio's network) which I reported to Verio over a week ago. These are a more significant and dangerous kind of security problem on Verio's network, relative to any remaining FormMail scripts, and most or all of these proxies appear to still be open at the present time. 128.241.240.176:1080:s4 2914 129.250.208.254:80:hc 2914 199.103.158.2:1080:s4 2914 199.237.6.114:3128:hc 2914 204.2.44.66:80:hc 2914 205.146.38.2:80:hc 2914 205.146.38.3:80:hc 2914 205.146.38.4:80:hc 2914 207.20.36.166:1080:s4 2914 207.57.33.10:8080:hc 2914 207.199.5.153:80:hc 2914 207.197.196.7:1080:s4 2914 207.197.196.7:1080:s5 2914 207.197.204.134:80:hc 2914 207.197.204.134:1080:s5 2914 207.241.85.29:3128:hc 2914 209.39.70.25:1080:s5 2914 209.39.70.25:1080:s4 2914 209.75.96.135:1080:s4 2914 209.170.16.98:8080:hc 2914 209.170.16.98:80:hc 2914 Regards, rfg ====== [1] In which case I will only list that company's web servers, when and as appropriate, so that there can be a model of mail security much like what Alan Brown used to employ with ISPs to handle the case where custo- mers are ``smart hosting'' outgoing mail out thru the ISP's main mail servers. ========================================================================= Return-Path: support@verio-hosting.com Delivery-Date: Thu May 30 13:47:19 2002 Return-Path: Delivered-To: admin@monkeys.com Received: from mail07a.vwh1.net (mail07a.vwh1.net [209.238.9.57]) by segfault.monkeys.com (Postfix) with SMTP id 2BC73660B for ; Thu, 30 May 2002 13:47:10 -0700 (PDT) Received: from ids03.team-center.net (128.242.54.146) by mail07a.vwh1.net (RS ver 1.0.63s) with SMTP id 240988; Thu, 30 May 2002 16:46:48 -0400 (EDT) From: Jeff Richard Subject: Re: [IDS-3900617] redroversolutions.com - HOSTING SUPPORT QUESTION To: admin@monkeys.com Date: Thu, 30 May 2002 16:46:48 -0400 (EDT) X-Loop-Detect: 1 Message-Id: <20020530204713.2BC73660B@segfault.monkeys.com> Monkeys.com Admin: I want to make this very clear. The Verio servers that have formmail.pl or ANY variation of that name (e.g. bformmail.pl, ForMmail.pl, etc..) have been disabled. Such scripts will no longer be executed on our servers for any reason, ever. Respectfully, Monkeys.com does not seem to want to cooperate with any ISP. Your Policy seems to be to blacklist IP's and mail servers based on your needs. The problem here is you do it without any attempt to contact an ISP. Have you ever thought about working with an ISP to help solve the spam problems on the Internet or are you trying to be an authority figure for formmail abuse on the Internet? I think you should consider working with an ISP rather than damaging a client's ability to use their e-mail effectively. The bottom line here is you have absolutely no right to dictate what will and will not happen on the Verio network. We have done what is needed to disable the use of this script. We will not divulge proprietary information about our web servers, how we scanned for this script, or how we disabled this script. Verio would like to work this issue to a resolution with your cooperation. If you do not choose to work this way, please be advised that the Verio Legal Team is now investigating this issue and have been copied on this e-mail. Thanks, Jeff Richard Manager, Abuse Dept. NTT/VERIO SME === A notification that was sent to Verio by the formmail.relays.monkeys.com === === maintainer about their insecure proxies 10 days ago. === === They *all* are still insecure as in the last 48 hours === From rfg@monkeys.com Sat Jun 1 01:53:17 2002 Path: uni-berlin.de!fu-berlin.de!newsfeed.arcor-online.net!fr.clara.net!heighliner.fr.clara.net!isdnet!sn-xit-02!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: rfg@monkeys.com (Ronald F. Guilmette) Newsgroups: news.admin.net-abuse.email Subject: Verio Open Proxies Notification Date: Fri, 31 May 2002 22:27:31 -0000 Organization: Posted via Supernews, http://www.supernews.com Message-ID: X-Complaints-To: newsabuse@supernews.com Lines: 111 Xref: uni-berlin.de news.admin.net-abuse.email:1702567 What follows is a copy of the notification message that was sent, by me, via e-mail to back on May 19th. As noted in the other thread that I stared here recently regarding Verio's antagonistic legal saber rattling against me, this noti- fication message appears to have slipped imperceptably into the black hole known as , never to be heard from again. The slightly more up-to-date list of open proxies on Verio's network that I posted in the other thread differs in a few entries from the one shown in the message below, but the two lists are about 90% identical. ========================================================================== >From bounces@monkeys.com Sun May 19 01:56:32 2002 Return-Path: Delivered-To: notify-log@monkeys.com Received: by segfault.monkeys.com (Postfix, from userid 0) id EC79D6671; Sun, 19 May 2002 01:56:31 -0700 (PDT) From: "Monkeys.Com Administrator" To: abuse@verio.net Cc: notify-log@monkeys.com Subject: SECURITY NOTIFICATION: Open proxy list for AS 2914 Reply-To: "Monkeys.Com Administrator" Message-Id: <20020519085631.EC79D6671@segfault.monkeys.com> Date: Sun, 19 May 2002 01:56:31 -0700 (PDT) The message is a security notification regarding security problems that were recently detected on your network, AS 2914. The IP addresses shown below, which are located on your network, were recently submitted to us as possible unsecured TCP proxies. We have tested these IP addresses and found that they are indeed dangerously unsecured open proxies. Because these unsecured proxies may represent a serious security threat to your network, and because these unsecured proxies may also be abused, by either hackers or spammers or both, to attack or to compromise the security of other networks elsewhere, we urge you in the strongest possible terms to take all necessary actions to either reconfigure or to disconnect these proxies from the Internet immediately. We also request that you respond to this e-mail message so that we may be assured that this important security notification has in fact been seen by at least one actual human and by at least one authorized network administrator for AS 2914. The list of unsecured TCP proxies that are known to exist on your network (AS 2914) at the present time follows below. Please note that each line in the following list is composed of three parts, separated by colons. The first part is the IP address of the un- secured open proxy. The second part is the port number of the unsecured proxy. The third and final part of each line is a two- character abbreviation denoting the protocol used by the proxy. The abbreviations and their meanings are as follows: s4 - SOCKS Version 4 protocol s5 - SOCKS Version 5 protocol hc - HTTP CONNECT method protocol h2 - Modified HTTP CONNECT method protocol ========================= 128.121.26.140:80:hc 128.241.240.176:1080:s4 129.250.208.254:80:hc 198.84.16.126:80:hc 199.103.158.2:1080:s4 199.237.6.114:3128:hc 204.2.44.66:80:hc 205.146.38.2:80:hc 205.146.38.3:80:hc 205.146.38.4:80:hc 207.199.5.153:80:hc 207.197.196.7:1080:s4 207.197.196.7:1080:s5 207.57.33.10:8080:hc 207.241.85.29:3128:hc 207.197.204.134:1080:s5 207.197.204.134:80:hc 209.39.70.25:1080:s4 209.39.70.25:1080:s5 209.75.96.135:1080:s4 209.170.16.98:8080:hc 209.170.16.98:80:hc ========================= (Note that all of the proxies listed above have been re-verified as being unsecured within the past 48 hours.) Please respond to this message at your earilest convenience. Please send all responses to . Please be sure to include your network's registered AS number in any and all communications with us regarding the open proxy list given above. If there is a better or more appropriate e-mail address to which we should direct future messages regarding serious network security issues involving your network, please be sure to include that e-mail address in your reply to us. Thank you for your cooperation. Regards, Administrator Monkeys.Com === Verio's SLAPP against Monkeys.com === http://www.DolphinWave.org/spam/verio-demand.ps === And the result of this legal threat from Verio against the blocklist === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: rfg@monkeys.com (Ronald F. Guilmette) Newsgroups: news.admin.net-abuse.email Subject: ANNOUNCE: Policy change for formmail.relays.monkeys.com Date: Thu, 27 Jun 2002 06:52:06 -0000 Organization: Posted via Supernews, http://www.supernews.com Message-ID: X-Complaints-To: newsabuse@supernews.com Lines: 29 Xref: uni-berlin.de news.admin.net-abuse.email:1730757 Beginning at midnight tonight, Wed June 26, 2002, for legal and technical reasons that I will describe in detail at a later time, no further processing of removal requests for the Monkeys.Com FormMail Spam Sources List (formmail.relays.monkeys.com) will be processed. Additions to the list, based on evidence, will continue to be made as in the past. After tonight, all requests to have IP addresses removed from the FormMail Spam Sources List will be declined, and all owners or users of those addresses will be directed instead to change the IP addreses of their servers if they wish to avoid the possible negative consequences of having their current mail server IP addresses listed. I sincerly regret that I will no longer be able to process removal requests for the FormMail Spam Sources List, but a combination of legal reasons (which I will also elaborate on in the near future) and personal time constraints now make that impossible. All sites currently using the FormMail Spam Sources List should seriously consider the implications of this policy change, and should make adjustments to their use of the list as they deem appropriate. Regards, rfg === Verio's Hostmaster says not to send complaints to them, but to === === abuse@verio.net instead. And abuse@verio.net just ignores them === From wrjames.remove@kudzucountry.com Tue Jan 29 16:09:03 2002 Path: uni-berlin.de!fu-berlin.de!feeder.qis.net!feed2.news.rcn.net!rcn!newsfeed1.earthlink.net!newsfeed2.earthlink.net!newsfeed.earthlink.net!news.mindspring.net!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: verio response. Date: Tue, 29 Jan 2002 07:25:21 -0600 Organization: MindSpring Enterprises Lines: 158 Message-ID: References: <3c564de8.813143829@news.earthlink.net> Reply-To: wrjames.remove@kudzucountry.com NNTP-Posting-Host: 43.d8.86.47 Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Server-Date: 29 Jan 2002 13:21:45 GMT Cancel-Lock: sha1:fY8G5XAYcBGfMkG394NH1+WgwiE= X-Newsreader: Forte Agent 1.8/32.548 X-NFilter: 1.2.0 Xref: uni-berlin.de news.admin.net-abuse.email:1585106 On Tue, 29 Jan 2002 07:43:02 GMT, marvin.glenn@no.valid.domain (Marvin Glenn, ASNN) wrote: >-----BEGIN PGP SIGNED MESSAGE----- > >I think I would've responded with something to the effect of: > >"If your abuse department did its job, I wouldn't need to send these >reports to all the addresses I have for Verio." > >Though they probably would've just plonked my address. I had that >happen to me from a large ISP in '96. Thank [god/$DEITY/us] (tinu) >for MAPS and SPEWS. Hard to plonk that. Here's the whole exchange: ====================================================== On Mon, 28 Jan 2002 17:54:32 -0800, you wrote: > >William, > >abuse@verio.net is the department within Verio that handles spam >complaints. When has that ever happened? They've never handled spam complaints before! Ignoring or deleting, doesn't qualify as handling. Has something changed in the last few hours? >Sending your complaints to other departments within >Verio will NOT expedite them. Neither does sending complaints to abuse@verio.net . >If you choose to ignore this information, then your complaints will >never reach the proper department that can facilitate your requests. > >Hostmaster OK. How will I know the difference? Will someone email me and actually tell me it was never read instead of just deleting it unread? Please let me know. This is interesting. Of hundreds of spam complaints regarding hundreds of spammers, I've never even had a reply until yours suggesting that if I don't do as you suggest then nothing will be any different. Doesn't that seem a little odd to you? William R. James > >In message , Wm James writes: >> >>There is no need for you to allow your spammers to keep crapping in my >>box either, but you keep doing it. >> >>When you stop ignoring complaints sent to abuse@verio.net then I'll >>send them to abuse@verio.net. >> >>Fair enough? >> >>William R. James >> >> >> >>On Mon, 28 Jan 2002 16:42:54 -0800, you wrote: >> >>>Please send future spam complaints to abuse@verio.net. There is no >>>need to cc all the verio addresses that you have. Thank you, >>> >>>Hostmaster >>> >>> >>>In message <3lrb5u4fsg8f1q1bnqdlhfrrvf7tvnrkg4@4ax.com>, Wm James writes: >>>>More garbage! >>>> >>>>Same spam, same spammer, same IP, same everything. >>>> >>>> >>>>Spammer's pages: >>>>www.listkast.com >>>>http://www.qksrv.net/click-1014390-10581 >>>>https://www.cihost.com/?zone=products/limited_time_offer_signup&id=listkast.com >>>>https://www.paypal.com/affil/pal=ER8Y84GAL8L8N >>>> >>>>Peddles for: >>>>http://servedby.advertwizard.com/plugin/clickthru.phtml?60905|41729|2|18732|//www.mailingci >>rc >>>>ulars.com >>>>www.advertwizard.com >>>>www.mailingcirculars.com >>>> >>>>Spammer's drop boxes: >>>>advertise@listkast.com >>>>bart.bobrowski@shaw.ca >>>> >>>>Spam sent from: >>>>207.150.80.229 = verio.net >>>> sent through: 212.163.8.99 >>>> = BT Telecomunicaciones >>>> >>>> >>>> >>>>On Sun, 27 Jan 2002 22:33:47 -0700, "pedro" wrote: >>>> >>>>>Received: (qmail 95340 invoked from network); 28 Jan 2002 19:23:13 -0000 >>>>>Received: from unknown (HELO elara.antalis.es) (212.163.8.99) >>>>> by www.hostay.net with SMTP; 28 Jan 2002 19:23:13 -0000 >>>>>Received: from hotmail.com (207.150.80.229 [207.150.80.229]) by elara.antalis.es with SMTP >> ( >>>>Microsoft Exchange Internet Mail Service Version 5.5.2650.21) >>>>> id DADR3LFR; Mon, 28 Jan 2002 06:35:39 +0100 >>>>>From: "pedro" >>>>>To: >>>>>Subject: Email Lists >>>>>Sender: "pedro" >>>>>Mime-Version: 1.0 >>>>>Content-Type: text/html; charset="ISO-8859-1" >>>>>Date: Sun, 27 Jan 2002 22:33:47 -0700 >>>>>Reply-To: "pedro" >>>>>Content-Transfer-Encoding: 8bit >>>>>Message-Id: >>>>>X-AntiAbuse: This header was added to track abuse, please include it with any abuse report >>>>>X-AntiAbuse: Primary Hostname - sh2.1-sh.com >>>>>X-AntiAbuse: Original Domain - besna.org >>>>>X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] >>>>>X-AntiAbuse: Sender Address Domain - hotmail.com >>>>> >>>> >>>>Attached: >>>> >>>> >>>> >>>>Untitled Document >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >>>> >> >> === Another Hostmaster@Verio's reply to send complaints to abuse@ (/dev/nul) === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!newsfeed.novia.net.MISMATCH!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Verio replies.. well... sort of... Date: 28 Jun 2002 16:54:16 -0500 Lines: 110 Message-ID: <4mmphuk8osnfhgtcu3o99dklvk91hsi0s2@4ax.com> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:LTr7F9RgaFprOAnTHcFafYo+V60= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1732101 Well, at least one address there gets the emails. Not that they want it or do anything with it... ========================================================== To: wrjames@spamreaper.org Subject: Re: [IP Eng Req #10103] [EMAIL] Keep track of what your kids are doing online! OLk From: Hostmaster Date: Fri, 28 Jun 2002 09:22:06 -0700 Cc: hostmaster@verio.net abuse@verio.net is the proper department to send these reports to. Although you may not get a direct response from them, they do work on every request sent to them. hostmaster@verio.net can not help you in any way with your abuse issue. Hostmaster In message , Wm James writes: > >When there is some evidence that abuse@verio.net actually gets read, >sure. > >So far, you are the only indication I've EVER seen tat anyone at verio >has ever read a complaint. > >Many of verio's customers are whining daily to >news.admin.net-abuse.email about their emails bouncing. They can't >get an answer out of you either. What should I tell them? Why is >verio continung to ignore all complaints regarding various blatent >habitual abusers and selling IPs which you know are blocked to >innocent suckers? > >If you give me an answer, I'll pass it on. > >William R. James > > > >On Thu, 27 Jun 2002 09:20:00 -0700, you wrote: > >>In message , Wm James writes: >> >>please send abuse reports to abuse@verio.net, >> >>thank you, >> >>- hostmaster >> >>>Posted to usenet >>> >>> >>>Spammer's pages: >>>http://9wa@211.154.135.67/user0204/index.asp?Afft=M15 >>> This means you connect using normal web http and authentication >>>info 9wa to host 211.154.135.67 and fetch /user0204/index.asp?Afft=M15 >>> The URL is accessible as >>>http://211.154.135.67/user0204/index.asp?Afft=M15 (login as 9wa if >>>needed) and is hosted by 211.154.135.67 >>> >>> >>>Spammer's drop boxes: >>>ilan@interlink-marketing.com >>>hostmaster@easyspace.com >>> >>>Spam sent from: >>>161.58.168.148 >>>= interlink-marketing.net >>>= verio >>> interlink-marketing.net resolves to 161.58.168.148 >>> www.interlink-marketing.net resolves to 161.58.168.148 >>> Mail for interlink-marketing.net is handled by >>>interlink-marketing.net (10) 161.58.168.148 >>> >>> >>> >>>On Wed, 26 Jun 2002 19:48:49 -0600 (MDT), alwayzhard007@aol.com () >>>wrote: >>> >>>>Received: (qmail 5443 invoked from network); 27 Jun 2002 01:43:46 -0000 >>>>Received: from interlink-marketing.net (161.58.168.148) >>>> by www.hostay.net with SMTP; 27 Jun 2002 01:43:46 -0000 >>>>Received: (imarket@localhost) by interlink-marketing.net (8.11.6) id g5R1mnS0 >>>0186; Wed, 26 Jun 2002 19:48:49 -0600 (MDT) >>>>Date: Wed, 26 Jun 2002 19:48:49 -0600 (MDT) >>>>Message-Id: <200206270148.g5R1mnS00186@interlink-marketing.net> >>>>To: >>>>From: alwayzhard007@aol.com () >>>>Subject: Keep track of what your kids are doing online! >>> OLk >>>>X-AntiAbuse: This header was added to track abuse, please include it with any >>> abuse report >>>>X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0] >>>>X-AntiAbuse: Sender Address Domain - interlink-marketing.net >>>> >>>>Below is the result of your feedback form. It was submitted by >>>> (alwayzhard007@aol.com) on Wednesday, June 26, 2002 at 19:48:49 >>>>--------------------------------------------------------------------------- >>>> >>>>.: >>>> >>>>FIND OUT WHO THEY ARE CHATTING/EMAILING WITH ALL THOSE HOURS! === And about the Verio's so-called customers' support. An (ex-)customer speaks === Path: uni-berlin.de!fu-berlin.de!nautilus.eusc.inter.net!news.ticon.net !newsfeeder.mylinuxisp.com!nntp1.hal-pc.org!dfw-feed.news.verio.net !phl-feed.news.verio.net!nntp2.tagonline.com!not-for-mail From: werdnaandrew@moc.sysgattagsys.com (Andrew Gideon) Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS - Needed Advice on getting unlisted Date: 31 May 2002 20:23:52 GMT Organization: TAG Online Inc. Lines: 53 Message-ID: References: <676e24bc.0205301738.3841e57e@posting.google.com> <676e24bc.0205310130.d3fc1bd@posting.google.com> NNTP-Posting-Host: cake.int.tagonline.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: muffin.int.tagonline.com 1022876632 4624 192.168.2.35 (31 May 2002 20:23:52 GMT) X-Complaints-To: news@news.tagonline.com NNTP-Posting-Date: 31 May 2002 20:23:52 GMT X-Newsreader: knews 1.0b.1 Xref: uni-berlin.de news.admin.net-abuse.email:1702507 In article <676e24bc.0205310130.d3fc1bd@posting.google.com>, raj@lauhala.com (Roger Jacobs) writes: > I may have to move, although I have been happy with verio for years. I was a happy client of a pre-Verio New York Net. But since Verio bought it - and more so since the NYNet owner left Verio - things have been sliding fast. It's not just the spam, although that's part of the overall theme. We'd two locations connected to Verio circuits, both exchanging BGP feeds. One was full, the other partial. Verio used to send 0/0. But when they moved our circuits from Cisco routers at their end to Junipers, they stopped. They didn't mention this change to us either; we had to discover it for ourselves. When I asked that this be fixed, I received a runaround which ended up with "our IP Engineering Group says 'no'". That is, Verio no longer sends a default route with a partial BGP feed. We're supposed to use a different default-network, and simply accept the fact that - with multiple upstreams - we can have routing loops. More, since the owner left NYNet, I can no longer talk to any engineer at Verio. I can only pass messages through "technical support people" that ask questions like "how do I spell BGP?". Finally, tickets appear to be closed on a schedule that has no relationship to whether or not the issue is resolved. I'm of the opinion that someone's bonus is based on closed tickets. Otherwise, why create new ones instead of reopening the old? So we've been replacing Verio circuits. When we sent in a cancel order, we received a nice note which asked if there was anything they could do to keep the business, and which claimed that the author's top priority was customer satisfaction. I wrote the above to this person, but in more detail. I closed with my impression that all these issues - spam, lack of technical contact, unwillingness to satisfy basic customer requests - all spoke of a company that cares not at all about customers. The reply I received was "you will be contacted". Needless to say, I'm still waiting. For what are you waiting? Leave. But do explain why. Perhaps enough departures - with explanations - will move them. [Even the abuse desk people have told me that they cannot do anything, and that I should contact sales.] - Andrew === Another customer shows that Verio is all "black" === From: RoastedBillyGoates@hotmail.com (Roasted Billy-Goates never reads email sent to him. Post to the group.) Newsgroups: news.admin.net-abuse.email Subject: Verio is black - incontrovertible proof; what next? Date: 6 May 2002 16:50:47 -0700 Organization: http://groups.google.com/ Lines: 397 Message-ID: <8c57314e.0205061550.3577408@posting.google.com> NNTP-Posting-Host: 12.236.109.6 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1020729047 23122 127.0.0.1 (6 May 2002 23:50:47 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 6 May 2002 23:50:47 GMT Posting this on behalf of an aquaintance. To: drg@verio.net, abuse@verio.com Date: Mon, 6 May 2002 14:57:58 -0700 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, Darren. I'm still waiting forr a response to my email sent 4/22 at 2:28PM PST, which you confirmed receiving in an email dated 4/23/02 at 2:04 PM. This email follows up on the email I sent 4/26/2002 12:39 PM, the email I sent 26 Apr 2002 10:07:32 -0700, which you confirmed receiving in an email dated 4/26/02, also at 2:04 PM the email I sent 23 Apr 2002 18:39:22 -0700, the email I sent 23 Apr 2002 13:37:10 -0700, and another voicemail, all asking you to respond to the same email, with the same set of issues. These emails were mostly sent with hushmail, so I have digitally signed third party evidence that they were sent...and your own confirmation that my email was received. I also sent some of them to ceo@verio.com, and to verio.com@bitch-list.net, which forwards to the addresses of much of Verio's top management*, as well as all the standard addresses to send abuse messages to. No responses were received. Thus, based on the lack of a response, despite confirmed receipt of the emails, and ample time to respond, I'm led to the only logical conclusion: there is a systematic failure at verio to deal in any appropriate way with customers that are spammers. Any clueful person who reads this email must come to the absolutely clear, unavoidable conclusion that verio is actively and knowingly hosting spammers in violation of its own AUP. IMNSHO, the only reasons Verio has been responding to me up to this point are that I'm a Verio customer, and that I have been EXTREMELY DILIGENT AND INSISTENT that you do so. It has taken the nearly thirty (30) emails I've sent to get this far. None of my emails to abuse@verio.com have ever garnered any (non-automated) response; it was only when Verio support contacted you on my behalf that you started responding. I asked you to answer several questions, and resolve 4 abuse issues, which Verio has been aware of for between two weeks and 9 months, and make some changes to your AUP. None have been answered. None have been resolved. None were made. I ask you once again to answer the questions, and resolve the issues, and make the changes. Also, if I have ever misquoted Verio, its policies or network status or anything you have said in any way, in any of my emails to Verio, please let me know immediately; to date, you have not claimed that I have. Z: You are still hosting Grunt, who is still hosting (as of 4/28) dvds4adults (e.g. at http://www.internetcybermarketing.com/Merchant/merchant.mv?Screen=SFNT&Store_Code=dvd.) As I have established in my previous emails to you, Verio has been aware of this issue since 8/6/01. A: 128.121.24.0/24 IP range of Verio needs to be shut down: (still up and active as of 5/6, hosting the spamvertised sites) http://groups.google.com/groups?hl=en&safe=off&threadm=200204171826.02636%402002.dolphinwave.org&rnum=7&prev=/groups%3Fhl%3Den%26safe%3Doff%26as_drrb%3Dq%26q%3Dverio%2Bgroup%253Anews.admin.net-abuse.*%26as_qdr%3Dw%26btnG%3DGoogle%2BSearch B: Verio could send a letter out to iserver folks saying the security hole *requires* that customers close any open relays and at the same time state the necessary mods that need to be done to fix the FormMail problem. http://groups.google.com/groups?hl=en&safe=off&threadm=aacf586.0204150153.2c6810e1%40posting.google.com&rnum=2&prev=/groups%3Fq%3Dverio%2Bgroup:news.admin.net-abuse.*%26hl%3Den%26safe%3Doff%26as_qdr%3Dw%26selm%3Daacf586.0204150153.2c6810e1%2540posting.google.com%26rnum%3D2 (No response.) C: axincapital.com, AKA washington.myonlinerealtor.com, AKA 161.58.240.126 needs nuking (Still up and active and on Verio 5/6/02 at 161.58.240.126.) http://groups.google.com/groups?hl=en&safe=off&threadm=d0.25ecc03d.29f1b937%40aol.com&rnum=1&prev=/groups%3Fhl%3Den%26safe%3Doff%26as_drrb%3Dq%26q%3Dverio%2Bgroup%253Anews.admin.net-abuse.*%26as_qdr%3Dw%26btnG%3DGoogle%2BSearch The questions asked included the following, plus a few other questions I have omitted, but still want you to answer. iv) Do you sometimes take only ineffective or no action when a valid complaint is sent to abuse@verio.com that informs you of a customer's spamming? ++ v) Do you sometimes take only ineffective or no action when a valid complaint is sent to abuse@verio.com that informs you of a customer's customer spamming? ++ vi) You said that management has instituted a set of guidelines that the abuse department must follow, unless directed by Management. Are you willing to share those guidelines with me? Did you investigate why you DID NOT cut off *Grunt* in a situation that you have indicated would lead to that action? What were the results of said investigation? I said > > [Because] you allowed dvds4adults in your IP space for over 6 months, > > several servers have chosen to block mail from ALL of Verio's IPs, > > including the IP of my mail server, hence blocking my mail. And I > > suspect more will be doing so soon, because they see that Verio is > > harboring spammers. What is going wrong? > You said: > I think that answer is obvious. You said that you are frequently frustrated and hence going grey, because management regularly overrides the abuse department's decision to terminate a customer. I asked you to confirm that your team has been largely de-clawed by management.++ - --------------begin footnotes and appendices----------------------- ++ As you have had six separate opportunities to answer questions iv) and v) with 'no's, but instead provided only evasive responses, I think I can safely assume that the answers to these questions are "YES". *verio.com@bitch-list.net is: abuse@verio.net , abuse@veriohosting.com , abuse@verio-hosting.com , hostmaster@verio.net , domainadmin@verio.net , vipar@verio.net , admin@vwh.net , hostmaster@vwh.net , hostmaster@verio-hosting.com , veriohostmaster@verio.net , registrar@verio.net , support@viaverio.com , sales@verio.net , reseller@verio.net , csm@clientservices.verio.net , oop@clientservices.verio.net , oop@verio.net , ceo@verio.net , jcordero@verio.net, dschneider@verio.net , dschunk@verio.net , aandreoli@verio.net , jjaschke@verio.net , jhamrick@verio.net , mpeloquin@verio.net , yito@verio.net , sbrophy@verio.net , mbulder@verio.net , cdonelson@verio.net , pfritzinger@verio.net , lgeorge@verio.net , mcstewart@verio.net , iehringer@verio.net - --------------begin email evidence; end footnotes----------------------- I began trying to have verio take action to resolve these issues when I sent verio email on 3/27/02 in which I said : > Hi. It appears that webcom is not doing enough to stop spammers. > > According to > http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=209.1.28.141, > my (your) SMTP server has been added to two blacklists. > Please look into the policies of these blacklists and do what > is necessary to get off them. > > As a customer (and antispam activist) I expect webcom to do > everything necessary to keep blacklist operators happy, so > that my legitimate mail gets thru. I also included an important invitation email that I had sent to a friend with a juno online account that bounced because of spam sent by other Verio customers to juno. A couple days later, after not receiving any response, I wrote in part: > Sent: Friday, March 29, 2002 3:34 PM > To: abuse@verio.net; Geoff Millikan/John > Senkier/Josh Pavlovich/Aaron Redshaw; ceo@verio.net > Subject: wcm-melvex Worried about my email > > > Hello. Is this true? As a verio/webcom customer, I'm > concerned that your action/inaction is going to cause my > email to not be delivered. > > Your AUP says that you may take action against spammers. Is > it your policy to sometimes not do so? It appears so. > Please be specific. I think your AUP needs to be changed to > be less spammer-friendly. You should indicate that prompt > action will be taken against TOS violators. You should not > tolerate spammers. I enclosed the allegations made on usenet regarding abuse issue A:, in the email above ***re. Grunt Work and 209.189.73/24 - DAMON HAS BEEN AWARE OF THIS ISSUE SINCE 8/6/01.*** according to Chris O'Brien - http://groups.google.com/groups?selm=3ca2220f%240%249550%24724ebb72%40reader2.ash.ops.us.uu.net&output=gplain . Also, note all the To: addressees of the email above. ceo@verio.net DOES go to the office of the president, and there ARE people who read it and respond, but don't take effective action. It has been my experience that they only respond to email in which ceo@verio.net is the ONLY addressee; I suggest you heed this information if you are mailing ceo@verio.net. I asked you to explain how you would respond to abuse complaints from non-customers, after having been told by you (in form mail): > Please be advised that Verio can only address abuse issues for customers. Ryan Charles Cave replied (falsely, as this history proves): We most definately take action against domains which are advertised in UCE, regardless of the origon of the email. You repeatedly asked for complete headers of the spam I was complaining about, even though I repeatedly explained that I wasn't complaining about an individual spam, so I sent you an example spam - with complete headers :one regarding abuse issue A:, above. (I expressed my surprise that someone like you, who had been handling abuse at Verio for several years, would show a complete lack of understanding about spam, and my belief that you were being intentionally obtuse.) You falsely claimed that the issue had been resolved, even though the spammer was still hosting his web store on your network, and I pointed this out, but the web store is still up on your network. Emails were sent: (Sent dates copied directly from the mail headers (except for the last few, which were transcribed), sometimes with direct quotes.) Sent: Monday, March 18, 2002 2:02 PM Sent: Friday, March 29, 2002 3:34 PM Sent: Sunday, March 31, 2002 2:32 PM Sent: Sunday, March 31, 2002 10:22 PM Sent: Monday, April 01, 2002 5:25 PM Sent: Tuesday, April 02, 2002 8:52 AM Sent: Tuesday, April 02, 2002 11:35 AM Sent: Tuesday, April 02, 2002 11:47 AM Sent: Wednesday, April 10, 2002 11:37 AM Sent: Thursday, April 11, 2002 2:34 PM Sent: Thursday, April 18, 2002 5:05 PM Sent: Thursday, April 18, 2002 5:47 PM > To: 'Darren Grabowski' > Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/24 > > > I seem to have hit a brick wall. > I'd like to explain what I have planned if Verio continues to > be unresponsive: > > 1)I have complained more than once to ceo@verio.com, which is > the official address of the CEO (and spoken with his > assistant Theresa Thornton, who reads his email), and I am a > customer, and still no action has been taken. > > 2)I have put together a long list of important email > addresses at webcom and verio and elsewhere that I will be > informing of Verio's spam stance, including, but not limited > to, a number of verio's prized employees. I can use > advanced techniques, such as the ones the spammers you host > use, to ensure that you cannot block these emails. > > 3)I will be posting, non-anonymously, to several newsgroups, > including NANAE, as I mentioned before, with full details, > showing the lengths I've been to in trying to promote > responsible action. I will be following up on any postings > to said newsgroups. Sent: Thursday, April 18, 2002 10:21:36 AM (from hushmail) Sent: Friday, April 19, 2002 10:17 AM Sent: Friday, April 19, 2002 1:01 PM Sent: Friday, April 19, 2002 2:58 PM Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/2 > Darren Grabowski is quoted as saying: > > Not all of the decisions to cut off a > > spammer are made by my team. > > Can you elaborate on that? Who else makes the decisions? > What is the process? > > > > > darren > > -- > > Darren Grabowski drg@verio.net > > Team Lead - NTT/VERIO Security & Abuse http://www.verio.net > > office: 214.290.8680 fax: 214.800.7771 > > "Carpe Diem Baby" - J. Hetfield Darren has been with Verio abuse for several years. Sent: Sunday, April 21, 2002 5:52 PM > From: Darren Grabowski [mailto:drg@verio.net] > > Sent: Saturday, April 20, 2002 10:27 AM > > There are times when we move to terminate a customer, and it is halted > > by a manager/director/V.P. in another department. We do not have > > the final say in who gets terminated in all cases. > Thank you. I imagine that being as anti-spam as you claim to be, this would sometimes be very frustrating. (In a later reply, you replied that this frustrated you to the extent that it was making your hair turn white.) > > Unfortunately you get to see it from the outside. I have found it to > > be my experience that no abuse team has absolute authority in dealing > > with spammers. > I can't think of any legitimate reason for that to be the case. > Certainly, Verio is in the business of maximizing its profits, not being a saintly company. I'm trying to convince Verio management of, and ensuring that, being spam-tolerant is extremely inconsistent with profit maximization. Make sense? > > We do not discuss actions we take against our > > customers, spammer or not. > I imagine that often this is expedient and sometimes a good idea, but can't see any reason for it to be a blanket rule. What's wrong with a response that says 'thank you, the issue has been dealt with'? > Or even, why not respond : 'thank you, the issue has been dealt with by [sending a {first | last } chance warning | termination of the customer's service ] ' or 'this does not relate to a Verio customer'? > It wouldn't be hard to, in most cases, send out one of a few informative, but standard responses. It doesn't pose any legal difficulties. > > If you're ever in Dallas, let me know and I can arrange > > for you to meet with my team. Sent: Date: Mon, 22 Apr 2002 12:30:16 -0700 (from hushmail) Sent: Monday, April 22, 2002 2:28 PM > Darren Grabowski is quoted as saying: > > We have a set of guidelines that we must follow, so a termination > > is not always the action we take. Our actions are either > > dictated by our guidelines or by Managements direction. > > Hmm... Are you willing to share those guidelines with me? [regarding your not responding to complaints to abuse@verio.com] > > These are the rules that were recommend by legal, and part of our > > guidelines. > > Think there's any point taking it up with them (e.g. Carla -cdonelson@verio.net )? > (Makes it easier for Verio to do nothing while pretending to > be responsible.) And the follow-ups to that email requesting a response: the email I sent 4/26/2002 12:39 PM, the email I sent 26 Apr 2002 10:07:32 -0700, (which you confirmed receiving in an email dated 4/26/02 at 2:04 PM) Sent: Friday, April 26, 2002 10:08 AM To: 'Darren Grabowski' Cc: 'ceo@verio.com'; 'Shelli Christy' Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/24 wcm-melvex I still haven't heard from you. What's up? I see that none of the issues I've brought up have been resolved; all the services were still up. Verio management has NOT decided that, as I said "being spam-tolerant is extremely inconsistent with profit maximization." I'm starting to react, but I still hope to hear from you. Sent: Tuesday, April 23, 2002 6:39 PM (from hushmail) the email I sent 23 Apr 2002 13:37:10 -0700, (from hushmail) and another voicemail, all asking you to respond to the same set of issues. - --------------end footnotes and appendices----------------------- Hush provide the worlds most secure, easy to use online applications - which solution is right for you? HushMail Secure Email http://www.hushmail.com/ HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/ Hush Business - security for your Business http://www.hush.com/ Hush Enterprise - Secure Solutions for your Enterprise http://www.hush.com/ Looking for a good deal on a domain name? http://www.hush.com/partners/offers.cgi?id=domainpeople -----BEGIN PGP SIGNATURE----- Version: Hush 2.1 wlsEARECABsFAjzW/JEUHG1lbHZleUBodXNobWFpbC5jb20ACgkQjslZoD9Nz65YGQCb B7butR7HLsKl/hVshRTLKtaOHMMAnjSBlMlTV3kYpi4IXGABRX+nyeug =VQ10 -----END PGP SIGNATURE----- Sorry about the hush advertising above; I can't delete it without rendering the PGP signature invalid. I have email addresses of some 3,000 verio customers. I want to let them know what verio is up to. Anyone got a copy of one a those direct-to-mx spamming programs I can use? Somone got one in order to be better able to counteract 'em! Please let me know. I'm not about to pay for one and I want to ensure that webcom can't block the emails. I'm also looking for someone to grant me a free strongly spam-filtered email and web hosting account. Use: for fairly agressive, but legal anti-spam activities that might prompt retaliation. E.g. o publicizing the most effective spam-free tactics o getting IANA to refuse to grant, or even revoke spammer IP address assignments o effecting citizen's arrests of verio and other spam haven officers and employees for committing a public offense and felony theft of service, o discussing, and even advocating, but not performing retaliatory actions Until I have such an account, to contact us, see the last paragraph, below. If you want to use this message in a SPEWS or ROSKO case or other RBL nomination, UDP or IDP nomination, go for it. Use it as evidence in a felony theft of service, junk fax, or spam suit against verio and/or its co-consipirators. Please feel free but keep it intact. WE have NOT done any of this; please feel free!!! Take up the baton!!! We'd like to thank Chris O'Brien, Paul Vixie, all the folks running RBL blacklists, combat.uxn.com, SpamAssassin developers, the folks behind bitch-list.net, spamlaws.com, spamcop.net, spamfaq.net, spamhaus.org, rosko, BrightMail, Erik Warmelink (compared to whom I'm pro-spam), Phil Zimmerman for PGP, Hush for Hushmail (even if it is problematic), and everyone else trying to stop spam, including those providing financial support to people trying to create a spam-free 'net. Email to me without "this is not spam" in the subject is directed straight to the trash unread by automatic filters. Even then, I don't check it often. If you'd like to contact me or my acquaintance, reply to this post with another post. Obviously, verio knows who he is, but he doesn't want to make his name publicly known. We WOULD very much like to hear from you. Post a reply here, to N.A.N-A.E. HOWEVER, If you don't have anything constructive to say, please don't say anything at all. Trolls will not be fed. If you insist on wanting to email my friend, you can get his email address by correcting the obvious typo in the first sentence of this email, and verifying the PGP signature. === Verio management forbids terminating their spammers === Path: uni-berlin.de!12-238-109-183.client.attbi.COM!not-for-mail From: "Karl-Henry Martinsson" Newsgroups: news.admin.net-abuse.email Subject: Re: BITCH-LIST --> additional names for Verio Date: Wed, 12 Jun 2002 00:31:43 -0400 Lines: 26 Message-ID: References: <02xN8.22422$xc2.2800632976@newssvr10.news.prodigy.com> NNTP-Posting-Host: 12-238-109-183.client.attbi.com (12.238.109.183) X-Trace: fu-berlin.de 1023852512 4663022 12.238.109.183 (16 [62184]) X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Xref: uni-berlin.de news.admin.net-abuse.email:1716632 "Jay Stuler" wrote in message news:ae6d1a$ihi$1@charm.magnus.acs.ohio-state.edu... > > wrote in message > news:02xN8.22422$xc2.2800632976@newssvr10.news.prodigy.com... > > A few additional names for verio net: Peter Allen pallen@verio.net or > > That address does not exist and has not existed for some time. > damond@verio.net should work, though. At least it did about 6 months ago. I also talked to Damon on the phone, so I know he exists. He confirmed that Verio are aware of their spammers, but "management" does not want to disconnect them, and abuse is not allowed to... Damons supposedly works for their sorry excuse for an abuse department. If I would not have promised Damon (who claim to lurk here in nanae but is not allowed to post, again by order of "management") not to give out his direct phone number, I would do that. But I gave him my word. /KHM PS. Damon's last name is Daugherty, and I got through to him by calling the main Verio number in Colorado... That is not giving out his phone number, is it? :-) === Verio president's office will not shut down Postmaster General spammers === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!panix!panix2.panix.com!not-for-mail From: kludge@panix.com (Scott Dorsey) Newsgroups: news.admin.net-abuse.email Subject: Re: Intlsteel.com (161.58.160.120) being blocked... request for removal Date: 27 Jun 2002 19:45:20 -0400 Organization: Former users of Netcom shell (1989-2000) Lines: 42 Message-ID: References: <8k5nhu074u09u899lei5lrp1g7as9cdmcq@4ax.com> NNTP-Posting-Host: panix2.panix.com X-Trace: reader2.panix.com 1025221477 14590 166.84.1.2 (27 Jun 2002 23:44:37 GMT) X-Complaints-To: abuse@panix.com NNTP-Posting-Date: Thu, 27 Jun 2002 23:44:37 +0000 (UTC) Xref: uni-berlin.de news.admin.net-abuse.email:1731339 On 26 Jun 2002 14:51:34 -0700, drbrianh@attbi.com (Brian Harris) wrote: > >We currently leased some space off-site with Verio to host our email >solution. All seemed to be working fine until I started seeing relay >denied messages. As a result of searching, the SPEWS list is the only >list I can find with our IP address on it. I understand that our IP >address was in a range of addresses formerly utilized by >POSTMASTERGENERAL.COM . Could someone point me in the right direction >of the process(es) needed to remove our IP address from this list? I >would greatly be appreciative. Which list? The problem is that postmastergeneral spammed so hard and so long that just about every large site put all of their address space into local blocking lists. If you were just on something like SPEWS, that would be comparatively easy to get off of. All that needs to happen to get off of SPEWS is for the spam to stop. But getting out of the local blocks is nearly impossible because there are literally thousands of them. The folks who run them usually don't have any aging scheme, so nothing gets removed unless you talk to the guy that runs the list at that site, and with thousands of sites you can spend the rest of your life doing this. Verio won't shut postmastergeneral down, at least that's what the president's office told me when I talked with them two years ago. They just keep moving them around to evade the blocking lists. It is entirely Verio's fault that you have a problem; they are selling you a bad product. Demand to be moved to clean address space because what they are giving you is NOT what you are paying for. I am still getting spam from postmastergeneral, by the way, and I am continuing to add new Verio netblocks to my local blocking list as I discover more spam coming from them. --scott -- "C'est un Nagra. C'est suisse, et tres, tres precis." === Verio knows about their spammers and blocking - watches NANAE for posts about them === Received: (from dolphin@localhost) by mail.dolphinwave.org (8.11.6/8.11.6) id g5P8SgW02060; Tue, 25 Jun 2002 11:28:42 +0300 To: usenet-jun+nanae@2002.dolphinwave.org Message-Id: Posted-To: news.admin.net-abuse.email From: Dolphin Subject: Re: Redemption for IP's References: Organization: Private person Sender: Alexander Sheremet X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 Date: Tue, 25 Jun 2002 11:28:42 +0300 X-Loop: dev.null@dolphinwave.org Status: R X-Status: N On 24 Jun 2002 06:54:34 GMT Dolphin wrote in message : > On Sun, 23 Jun 2002 22:24:03 -0700 trebor@sirius.com.no.more > wrote in message : >> "klivingston" wrote: >> >>>I was given several IP's by my ISP that appeared have been reported and or >>>used for spamming at some point. > > >> However, and here's where you need to pay attention, if the IPs are >> listed because your ISP failed to respond quickly to reports of spamming >> customers, it's a whole different deal. If this is the case, you're much >> better off finding a different ISP. > > And to help you to make a decision, you can read just what a piece of SNIP > your provider is: > > http://www.DolphinWave.org/spam/verio.txt (85kB) > > Verio doesn't terminate any spammer, lies (even to their customers), lies > again, forwards spam complaints to their spammers, sends cartooney threats > to blocklist maintainers... You name it, they do it. All of Verio is blocked > here until their management will be fired (preferring - literally, so nobody > will by any accident go to another ISP). > > Dolphin. So, Verio, will you do something about your spammers according to your Acceptable Use Policy that you so like to quote in your auto-ignores, or you will just sit there, swallowing all the $41t that people report you flowing from your servers, and doing nothing, just lurking here? You *did* read about that $41t, didn't you? dagobah.noc.verio.net - - [24/Jun/2002:20:08:32 +0300] "GET /spam/verio.txt HTTP/1.0" 200 87368 "http://groups.google.com/groups?hl=en&lr=&ie=UTF-8 &frame=right&th=f6e977f2f1cd7c7b&seekm= slrnahdgh3.92m.usenet-jun%2Bnanae%40orca.dolphinwave.org#link1" "Mozilla/4.79 [en] (X11; U; Linux 2.4.9-21 i686)" Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === More of NANAE watching, following the link of one of their customer's === === complaint on being blocked, and reading replies of people about Verio === dagobah.noc.verio.net - - [26/Jul/2002:20:38:14 +0300] "GET /spam/verio.txt HTTP/1.0" 200 123786 "http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=4a82d67ae709d120&seekm=aOY%258.66004%24Yb1.71373%40sea-read.news.verio.net#link1" "Mozilla/4.79 [en] (X11; U; Linux 2.4.9-21 i686)" === As well as their parent company, NTT, knows about the Verio spam problem === NTT was looking for the arcstarmobile@ntt.com e-mail address, mentioned in Google, and found my Verio spam file: centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:27 +0300] "GET /spam/verio.txt HTTP/1.1" 200 118388 "http://www.google.co.jp/search?q=arcstarmobile@ntt.com&ie=UTF-8&oe=UTF-8&hl=ja&lr=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" Then they've decided to look at the title page of mine (without reading the Verio file): centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:37 +0300] "GET / HTTP/1.1" 200 4852 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:38 +0300] "GET /Background/bg01.jpg HTTP/1.1" 200 1241 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /Background/bg01.jpg HTTP/1.1" 200 1241 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /sandy.gif HTTP/1.1" 200 4182 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /Dolphin-Ring/webring2.gif HTTP/1.1" 200 3105 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /logo.jpg HTTP/1.1" 200 3373 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /logo.jpg HTTP/1.1" 200 3373 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /sandy.gif HTTP/1.1" 200 4182 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /update.gif HTTP/1.1" 200 973 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:42 +0300] "GET /Dolphin-Ring/dolfring.gif HTTP/1.1" 200 22829 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" Now they take a look at my whole /spam/ archives: centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /spam/ HTTP/1.1" 200 19580 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/blank.gif HTTP/1.1" 200 148 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/folder.gif HTTP/1.1" 200 225 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/back.gif HTTP/1.1" 200 216 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:56 +0300] "GET /icons/text.gif HTTP/1.1" 200 229 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" quadra.noc.ntt.co.jp - - [17/Jul/2002:04:40:30 +0300] "GET /favicon.ico HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" And now they decide to get that Verio file again, getting it from the cache (to read?): quadra.noc.ntt.co.jp - - [18/Jul/2002:08:13:07 +0300] "GET /spam/verio.txt HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)" === NTT looks for sex/porn messages related to them, archived on Google === silver.rdh.ecl.ntt.co.jp - - [03/Jul/2002:16:56:24 +0300] "GET /spam/verio.txt HTTP/1.0" 200 91608 "http://www.google.co.jp/search?q=ntt.co.jp+2002+Jun+sex&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)" silver.rdh.ecl.ntt.co.jp - - [03/Jul/2002:16:58:19 +0300] "GET /spam/verio.txt HTTP/1.0" 200 114968 "http://www.google.co.jp/search?q=ntt.co.jp+2002+Jun+sex&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)" classic.noc.ntt.co.jp - - [04/Jul/2002:02:50:11 +0300] "GET /spam/verio.txt HTTP/1.1" 200 114968 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; T312461)" silver.rdh.ecl.ntt.co.jp - - [04/Jul/2002:15:41:21 +0300] "GET /spam/verio.txt HTTP/1.0" 304 - "http://www.google.co.jp/search?q=ntt.co.jp+porn&hl=ja&lr=&ie=UTF-8&inlang=ja&start=10&sa=N" "Mozilla/4.79 (Macintosh; U; PPC)" silver.rdh.ecl.ntt.co.jp - - [19/Jul/2002:16:35:46 +0300] "GET /spam/verio.txt HTTP/1.0" 200 33208 "http://www.google.co.jp/search?q=NTT.co.jp+sex+porn&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)" === "We need to do all that we can do to keep our current bill paying customers." === === Verio on the FuckedCompany.com === === http://www.fuckedcompany.com/extras/verio6_email.cfm === To Verio employees ----- Original Message ----- CONFIDENTIAL - FOR INTERNAL DISTRIBUTION ONLY MEMO TO: All Associates FROM: Justin Jaschke, Chief Executive Officer, and Alain Andreoli, President and Chief Operating Officer DATE: June 21, 2002 SUBJECT: Company Update As we near the end of the second quarter, we wanted to provide you with an update on our progress this year and our current outlook on the company and the market in general. We have made huge strides thus far in implementing our business plan, particularly in executing our restructuring initiatives and reducing our costs and cash burn rates. In our meetings last week with NTT in Tokyo, both Mr. Suzuki, President and CEO of NTT Communications, and the new President designate of NTT Holdings, Mr. Wada, expressed their appreciation for the efforts put forth and significant progress made on this front and reiterated the importance of Verio?s role as the core element in NTT?s global IP strategy. We do, however, continue to struggle to ramp-up revenues and must continue to deal with the very serious downturn in the Telecom industry in general. Our number one priority going forward is to recapture revenue growth, even against this difficult industry backdrop, while continuing to manage our expenses and cash consumption. YEAR-TO-DATE RESULTS Our first quarter and year-to-date financial results are as follows: We are ahead of plan on contribution margin, EBITDA, capital expenditures and cash usage. During 2002, you have done an outstanding job of executing the restructuring and cost reduction initiatives and have consistently and significantly reduced month-after-month operating expense. Moreover, over the last year the company has made huge strides in key industry indicators such as: EBITDA - 71% improvement from ($20.8) million in June 2001 to ($6.0) million in May 2002. Revenue per Associate - 55% improvement from $96,600 in June 2001 to $149,400 in May 2002. It is also worth noting that the combined Web Hosting businesses are now positive at the contribution margin level and nearing EBITDA profitability after allocation of centralized expenses and corporate overhead. THANK YOU for pulling together as one team to make this happen. Without a doubt, these are nothing short of remarkable results achieved while enduring the perfect economic storm. PRIORITY NUMBER ONE: REVENUE GROWTH Revenue - The Key Concern The major area of concern, as indicated in the financial results, is the gap between actual and planned revenues that has opened up in April and May. The budget has a revenue ramp-up starting in the second quarter and throughout the remainder of the year. Current projections indicate we may have a revenue shortfall because the revenue trend has yet to turn up. We know all of you are working hard to drive increased revenues and are running into weak market demand, accelerating price competition and an overall sluggish economy. The potential revenue shortfall requires us to monitor our progress closely, evaluate our results and look for further improvements and refinements to our approach which may include further reductions in staff in limited situations and additional partnering and outsourcing solutions to drive scale and share funding. General Industry Conditions We continue to experience a severe downturn in the Telecommunications industry in general and the Internet space in particular. Industry sources indicate that overall demand in the U.S., for both web hosting and IP access services, declined slightly in the first quarter and continues to be very soft. The general industry shakeout continues as we have recently seen Teleglobe, KPN/Qwest and XO Communications file for bankruptcy, Intel withdraw from the web hosting business (breaks our hearts) and Loudcloud sell their web hosting business to EDS at a fire sale price. Even the largest competitors in the industry, such as Worldcom, Qwest and Sprint have had their debt downgraded to near-junk bond status. Industry pricing has become intensely competitive as overcapacity persists and competitors act irrationally in their desperate attempts to survive. The bad news is that the industry drought continues, the rains are yet to come, and we must continue to manage our business in these extreme desert conditions. The good news is that we have continued to improve our financial position and business operations in this environment, have the solid backing of NTT and are positioned as the safe choice in this sea of uncertainty, and stand to benefit from the continued demise of our competitors. All these shakeouts spell opportunity for Verio if we are able to capitalize. Programs Driving Revenue Growth Our number one priority for the remainder of the year is revenue growth. We are confident the plans that are in place and are being executed are moving the company in the right direction, and we are seeing some early signs of progress in sales activity, pipelines and in some areas, bookings. Our top-level priorities across the business aimed at driving revenue growth are as follows: Optimize our sales model. We need to continue to fine-tune our new BU-oriented sales model and clearly define our go-to-market approach. This includes sales management responsibilities, sales staffing and training, customer targeting and pricing and proposal management. We expect to see consistent improvement in our sales productivity. Indirect channel development. Across all BU?s we need to get greater production and leverage out of our indirect channel partners and continue to develop new partners. We are launching new channel programs in each BU, have an increased focus on this area, and expect to significantly increase the relative contribution of the indirect channels to our sales. Marketing, branding and lead generation strategy. We are focusing here on continuing to build the NTT/Verio global IP services brand and more effectively generate sales leads. We have launched, with NTT Com?s support, a global brand advertising campaign and are trying to increase our brand exposure while ensuring a consistent and positive image. We are also continuing to optimize our web site for lead generation and are experimenting with other lead generation sources such as outsourced telemarketing. We are also pursuing specific ?switching programs? aimed at capturing customers who want to leave less stable competitors. Product improvement and product roadmap. We are continuing to focus on improving our core products and services while selectively adding features and functionality to differentiate our services. Knockout I and II was launched in the Enterprise Hosting area, in both the U.S. and Europe, giving us very competitive service ?packages? for low to mid-range dedicated hosting customers. We are continuing the development of the next generation SME hosting platform, Signature. More competitive local loop pricing and services have been rolled out by the Broadband Team in a number of our access markets. The Operational Excellence Group, along with the BU?s, are working to clean up the product configuration process and systems resulting in getting our products quicker to market. We must continue to drive product and service improvements. Given our budgetary constraints, there is a need to be focused and selective and leverage partners wherever possible. Leverage NTT affiliates and channels. A number of programs are being pursued to provide services to various NTT business units and affiliates and expect to drive increasing growth from this source. We are also seeing an increasing number of large corporate account opportunities being brought to us from NTT sales channels, including NTT America and the NTT Solutions group in Tokyo. Specific ?major account solutions teams? are being put together to pursue and support these opportunities in conjunction with NTT. Competitive Edge: Customer Satisfaction and Retention In addition to the programs to drive new sales, we must continue to focus on preserving and protecting our existing customers and current revenue streams. More than ever, keen focus on customer service and satisfaction are indispensable. We need to do all that we can do to keep our current bill paying customers. Superior customer service can and will give us a competitive advantage. A recent enterprise user survey conducted by America?s Network, painted a picture of an industry of mediocrity in customer service and quality - not terrible, just ordinary. The good news is that the opportunity has never been better for us to retain customers if we can master the challenges and deliver superior customer service. Churn is trending in the right direction, but it is still too high. There have been some very positive results, in both Enterprise and Broadband, from proactive customer contact programs that have improved customer satisfaction and loyalty. Both corporate and BU churn task forces have been formed along with the cross-BU Sales Activation Cycle (SAC) Team focused on identifying root causes for churn and implementing programs to eliminate those causes and increase customer loyalty. We also continue to experience much too high a level of credits and adjustments, significantly reducing our revenues each month. This is, to a large extent, due to SAC process errors in activating and deactivating customers. While many of these adjustments are revenue neutral (i.e. an over billing in a prior month is adjusted out in a subsequent month), the impact on customer satisfaction and ultimately churn is significant. Continue to commit yourselves to driving process improvements and improving quality in our operations to eliminate these errors. Align your activities with these priorities on the revenue growth side and help drive the acceleration of revenue growth as quickly as possible. What Else Do We Need From You? Ideas. Leaders from each BU met in Denver two weeks ago to assess our sales and marketing efforts, to question why we weren?t seeing sales ramp more quickly and to generate additional actions to accelerate growth. A number of promising action items were identified which each of theBU?s are pursuing. We need and want more. If you have ideas on how to accelerate revenue growth, reduce cost, eliminate barriers to success or enhance our competitive position, we want to hear from you. Please send your thoughts to VerioIdeas@verio.net. Ongoing cost savings and cash management. We need to continue to operate with a ?desert environment? mentality, carefully managing expenses and cash usage and looking for additional opportunities for improvement. Significant additional sources of cash for the second half of the year (such as sale of closed data centers, capital leasing, further network optimization) have been identified that we will be pursuing to make up for potential revenue shortfalls. Notwithstanding, we need you to do your part and continue to be watchful of expenses. Collectively, you have contributed significantly by decreasing expenses in travel, telephone and general operating expenses within your areas of control and influence. Continue to be very vigilant and insure that any money spent is truly necessary and contributes to the bottomline. Moreover, continue to limit your purchases of equipment, use of consultants/contractors or adding a new hire/replacing positions to only those situations where you absolutely ?must have this year.? All others should be postponed. If you have questions about whether your expense situation falls within the ?must have this year? category, please contact your SLT member or financial director for your BU or department. In addition, if you know of an area of expense that needs further attention, please contact your SLT member to discuss. NTT COMMITMENT TO VERIO Notwithstanding the challenges we face, we are fortunate to have NTT Communications? unwavering support. In fact, in his message to customers on June 1, 2002, Mr. Maasanobu Suzuki, President and CEO, stated: ?Despite these global economic uncertainties, however, I stand firmly by our corporate vision of becoming a ?Global IP Company.? The need for unified global services that are reliable and stable is greater than ever.? As evidence of continued progress in this direction, the ratio between revenue from data/IP and voice services, a primary benchmark of NTT Com?s ongoing commitment to become a Global IP Company, reached 1.0, up from .7 in the first half of fiscal year 2002. Verio remains at the core of NTT Com?s strategy to transition itself from a domestic voice services company to a leading global IP and data solutions provider. THANK YOU FOR YOUR CONTINUED COMMITMENT It has been most rewarding to see the significant improvement you have helped drive in our business in these most difficult of times. Your continued commitment and resolve to succeed are overwhelming. Thank you, again, for all that you have accomplished. We know that we have asked much of you and are again asking for even more on the revenue side of our business. We firmly believe that our perseverance will pay off and that the survivors of this industry shakeout will be well rewarded. As we have done in the past, we will keep you updated when we have relevant information to share. Thank you for your ongoing support. Justin and Alain === Verio's position on spam === Path: uni-berlin.de!fu-berlin.de!eusc.inter.net!news.tele.dk!small.news.tele.dk !news.dizum.com!sewer-output!mail2news From: Anonymous Comments: This message did not originate from the Sender address above. It was remailed automatically by anonymizing remailer software. Please report problems or inappropriate use to the remailer administrator at . X-No-Archive: Yes Newsgroups: news.admin.net-abuse.email Subject: Verio on spam Message-ID: Date: Wed, 11 Sep 2002 20:16:10 +0200 (CEST) Mail-To-News-Contact: abuse@dizum.com Organization: mail2news@dizum.com Lines: 10 Xref: uni-berlin.de news.admin.net-abuse.email:1801540 After repeated complaints about one of their spammers I placed a call to Verio. Upon connection with some english-as-a-second- language tech I tell them that one of their customers is spamming me I am asked "how do you know that you are being spammed?". I ask for his supervisor and some lady comes on and, after telling her that I want her customer to stop spamming me she tells me "since you are not a verio customer there is nothing we can do." === Verio picks up the spammer just terminated for spamming from another ISP === From throwaway1101@hotmail.com Thu Sep 12 22:33:48 2002 Path: uni-berlin.de!015.a.001.gsf.iprimus.net.AU!not-for-mail From: Joe Blowe Newsgroups: news.admin.net-abuse.email Subject: Verio, the spammer's friend Date: Fri, 13 Sep 2002 04:15:39 +1000 Organization: ... Lines: 63 Message-ID: <3D80D9CB.D3E142DA@hotmail.com> NNTP-Posting-Host: 015.a.001.gsf.iprimus.net.au (210.50.154.15) Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Trace: fu-berlin.de 1031854487 292559 210.50.154.15 (16 [99621]) X-Mailer: Mozilla 4.76 [en] (Win95; U) X-Accept-Language: en Xref: uni-berlin.de news.admin.net-abuse.email:1802133 Not quite 24 hours ago, white-hat HostCentric terminated this spammer discussed in http://groups.google.com/groups?selm=3D7F8B93.35804371@hotmail.com and appearing in http://groups.google.com/groups?selm=F156vlUQ9cAgjHXwKHv00002080@hotmail.com I thought it was the end of itm at least for a while. Then, I just got this turd: Received: from yahoo.com ([211.140.121.53]) by mc2-f24.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600); Thu, 12 Sep 2002 07:01:41 -0700 Received: from q4.quickslow.com ([27.85.242.54]) by mta85.snfc21.pibi.net with local; Thu, 12 Sep 2002 17:01:27 +0300 Received: from mta85.snfc21.pibi.net ([105.211.194.109]) by mta85.snfc21.pibi.net with NNFMP; Thu, 12 Sep 2002 20:00:35 -0600 Reply-To: "Lonely Married" Message-ID: <003b72e74c4e$5384a1d2$7da73eb1@xqnktf> From: "Lonely Married" To: Subject: Married and Lonely people are hoping for someone to save them! 0989zxHg2-473rnER0512ECoI-24 Date: Thu, 12 Sep 2002 20:42:04 -0700 MiME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 8bit X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Internet Mail Service (5.5.2650.21) Importance: Normal Return-Path: alonemarried7181v01@yahoo.com X-OriginalArrivalTime: 12 Sep 2002 14:01:42.0656 (UTC) FILETIME=[EC3EC000:01C25A64] ... and, the URLs are now pointing to: You guessed it. http://198.66.213.210/marriedbutlonely/ = VERIO www.marriedbutalwayslonely.com = VERIO. [rant] So spammers: don't worry about losing your hosting; Verio will be glad to host your bilge. Nothing is taboo at Verio -- porn, beastiality, MMF, pyramid scams, real estate scams, 419'ers, printer ink, golfballs, sect religions, chickenboner Don Johnston wannabes from Florida, child rape, drugs for sale, guns for hire... y'all welcome at Verio. What's more -- you can even rape open relays to send 20 million spams and Verio will turn a blind eye! Verio would also be happy to host the El-Quada "How to be a scumbag terrorist: the online instruction manual" site and never terminating it 'cause after all, Osama is a good paying customer..... [/rant] God; I need a coffee... And Verio really needs a bitch listing. === Talking on the phone with Verio "tech support for e-mail" === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com !newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: verio on the phone (attn: SPEWS) Date: 16 Oct 2002 17:27:24 -0500 Lines: 36 Message-ID: Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:b+ZUmTugSo8OtekQN6xnUKNC8xw= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1837885 Called, went through the nonsence phone menues to "tech support for email". Got a moron on the phone who thinks: A) Spam isn't illegal and so isn't abuse. B) "DOS attack" only applies to pings. C) 1200 unsolicited emails from the same sender in one day isn't a DOS attack, "it's just email, so not a cause for termination". D) cashassistance.com isn't their customer. E) 128.121.126.220 is a name server and no email can come from it. F) Of the following addresses, only abuse@verio.net exists: aad@verio.net,aandreoli@verio.net,abuse@ntt.com,abuse@OCN.AD.JP,accounts@verio.c o.uk,acquisitions@verio.net,asteinback@verio.net,barbg@verio.net,billing@verio. net,cdonelson@verio.net,CEO@verio.net,channel@verio.co.uk,Chemicalarc@ntt.com,c hris@verio.net,competition@verio.co.uk,consulting@verio.net,copyright@verio.net ,cwk@verio.net,dedicated_support@verio.co.uk,delliott@verio.net,dns-billing@VER IO.NET,DomainAdmin@verio.net,domreguk@verio.co.uk,drowlands@verio.net,dschneide r@verio.net,dschunk@verio.net,eduda@verio.net,enterprise@verio.co.uk,enterprise _support@verio.co.uk,eps@ntt.com,evivacqua@ctcomm.com,gdenison@verio.net,gkelly @verio.net,grisha@verio.net,hostmaster@NTT.COM,hostmaster@verio.net,hostmaster@ VERIO.NET,iehringer@verio.net,info@ntt.net,info@verio.co.uk,info@verio-advanced .co.uk,jadams@verio.net,jamodio@verio.net,jay@ntt.net,jcordero@verio.net,jhamri ck@verio.net,jheasley@verio.net,jobs@verio.net,lisa.ko@ntt.com,lphipps@VERIO.NE T,lyric@verio.net,marketing@verio.co.uk mbulder@verio.net,mcstewart@verio.net,mpeloquin@verio.net,next@verio.net,oop@ver io.net,pfritzinger@verio.net,postmaster@ntt.com,postmaster@OCN.AD.JP,reseller@v erio.net,sales@verio-hosting.com,sbrophy@verio.net,service-manager@viaverio.com ,John.Sullivan@ketchum.com,johnson.liu@ntt.com,jtreuting@verio.net,kamro@verio. net,k.hayamizu@NTT.COM,user-info@ntt.com,VerioIdeas@verio.net,vipar@verio.net,v ipar@VERIO.NET,vps_support@verio.co.uk,vsilva@verio.net,klsmith@verio.net,legal @verio.net,legal4@verio.net,lgeorge@verio.net,detected.spam@ketchum.com,shared_ support@verio.co.uk,snawabi@verio.net,sob@verio.net,sthomas@noc.verio.net,suppo rt@verio.net,warpinfo@verio.net,webbox@ntt.com,www-admin@www.ntt.com,ymasatani@ verio.net tracert 128.121.126.220 ... 13 129.250.31.111 3094ms 3445ms 3004ms TTL: 0 (ge-2-1.r00.mlpsca01.us.wh.verio.net ok) 14 192.67.241.142 3004ms 3355ms 2914ms TTL: 0 (ge-26.a0254d.mlpsca01.us.wh.verio.net ok) 15 128.121.126.2203004ms 3265ms 2835ms TTL: 52 (cashassistance.com ok) Even that failed to even remotely suggest to him that cashassistance.com was a verio customer or that cashassistance.com had anything to do with the IP. Anyway, he said he couldn't close any accounts, had no authority, and he apparently didn't know anyone who did. Where do they find these idiots? Should anyone want to offer him an education, the number is 1-800-GET-VERIO or 1-800-438-8374 William R. James === Verio is STILL spam-friendly and ignores complaints === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene!newscene !novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: Spews update S1611 Date: 18 Oct 2002 23:44:17 -0500 Lines: 48 Message-ID: References: <3DB08A00.B3121AD6@verio.net> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:p/kZUPAYV7NYWeLe6IWijiwTdsQ= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1839370 On Fri, 18 Oct 2002 17:24:00 -0500, Darren Grabowski wrote: >The following Server Arts customers have been >terminated for AUP violations: >extrememailing.us and marketsvc.net Riiight! For AUP violations! Sure, that's the ticket! What doews that translate to anyway? "They didn't pay the bill."? "Their check bounced."? "They found an unblocked IP with another scumbag host."? "They called verio support and found out it doesn't exist."? All I know for certian is that verio AUP is about as meaningless as Iraq elections. >Server Arts is a customer in good standing. >Please remove the following blocks: It is my hope that no verio IP will be unblocked EVER! What about cashassistance.com ? Verio has ignored at least 50 complaints over the past two weeks, hung up on me twice, and lied to me at least a dozen times. Other scumbags who verio still harbors and ignores complaints for: the6habits.com hudsonezine.com postrun.com 128.121.126.220 (whatever scumbag who keeps spamming from there) makeitbig.tux.nu = redirection.iscool.net DynastyServers.com SelfReplicator.com affiliSOFT.com 128.121.245.51 (whatever other scumbag who keeps spamming from there) e-bizness.arecool.net greatway.arecool.net arecool.net (narrow it down) webvisions.com alturl.com smartmall.biz icrservices.net ebrain.com mailer-unix-host.com Verio has no business inhabiting the same internet as decent people or even the same planet. William R. James === My reply === Path: uni-berlin.de!cust-62-219-88-98.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Spews update S1611 Date: 19 Oct 2002 10:35:23 GMT Organization: Private person Lines: 31 Sender: Alexander Sheremet Message-ID: References: <3DB08A00.B3121AD6@verio.net> NNTP-Posting-Host: cust-62-219-88-98.cust.bezeqint.net (62.219.88.98) X-Trace: fu-berlin.de 1035023723 26688003 62.219.88.98 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1839441 On 18 Oct 2002 23:44:17 -0500 Wm James wrote in message : > On Fri, 18 Oct 2002 17:24:00 -0500, Darren Grabowski > wrote: > >>The following Server Arts customers have been >>terminated for AUP violations: >>extrememailing.us and marketsvc.net > > Riiight! For AUP violations! Sure, that's the ticket! What doews > that translate to anyway? "They didn't pay the bill."? "Their check > bounced."? http://www.verio.net/company/policies/aup.cfm | Other Activities -- Engaging in activities, whether lawful or unlawful, | that Verio determines to be harmful to its subscribers, operations, | reputation, goodwill, or customer relations. Refusing to pay the bill or giving checks that bounce sure fits to the Verio AUP's violation. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Verio sales executives have said 'to hell with the AUP' === Path: uni-berlin.de!fu-berlin.de!nautilus.eusc.inter.net!eusc.inter.net !psinet-eu-nl!linford From: Steve Linford Newsgroups: news.admin.net-abuse.email Subject: Re: Check out this VERIO scumbag spammer's disclaimer Organization: The Spamhaus Project References: <580x9.4396$5u4.13701@news-server.bigpond.net.au> User-Agent: MT-NewsWatcher/3.1 (PPC) X-PGP-Fingerprint: 5B78 8C67 BC8A 2E52 0972 E15A 757F 88F1 Lines: 14 Message-ID: Date: Sun, 03 Nov 2002 18:00:02 +0000 NNTP-Posting-Host: 193.115.218.20 X-Complaints-To: abuse@uk.psi.com X-Trace: psinet-eu-nl 1036346402 193.115.218.20 (Sun, 03 Nov 2002 18:00:02 GMT) NNTP-Posting-Date: Sun, 03 Nov 2002 18:00:02 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1850154 In article <580x9.4396$5u4.13701@news-server.bigpond.net.au>, TheMartian wrote: > I would setup a autoforwarder to bounce all crap from this spammer to verio > abuse. It's a little more complicated than that, Verio Abuse are currently being prevented by management from enforcing the AUP. Verio are in trouble and the sales executives have said 'to hell with the AUP'. -- Steve Linford The Spamhaus Project http://www.spamhaus.org === And some more of Verio liars === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com !newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: Check out this VERIO scumbag spammer's disclaimer Date: 3 Nov 2002 22:21:11 -0600 Lines: 26 Message-ID: References: <580x9.4396$5u4.13701@news-server.bigpond.net.au> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:mmEY2oTXpwIdPtN4O74v/x+Rf1M= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1850405 On Mon, 04 Nov 2002 00:19:00 GMT, TheMartian wrote: >After a long war with a spammer "Steve Linford" wrote: > >> In article <580x9.4396$5u4.13701@news-server.bigpond.net.au>, >> TheMartian wrote: >> >>> I would setup a autoforwarder to bounce all crap from this spammer to >>> verio abuse. >> >> It's a little more complicated than that, Verio Abuse are currently >> being prevented by management from enforcing the AUP. Verio are in >> trouble and the sales executives have said 'to hell with the AUP'. > >outch, did not know about that one > >sales droids must not understand that they are not going to have much of >a business when all of their IP are blocked. The "techs" I spoke to on the phone a week or so ago claimed they weren't aware that anyone was blocking them. That only proves they are liars as well as thieves. :) William R. James === My reply and the proof of Verio lying about that statement === Path: uni-berlin.de!cust-62-219-88-94.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: Check out this VERIO scumbag spammer's disclaimer Date: 5 Nov 2002 16:38:31 GMT Organization: Private person Lines: 22 Sender: Alexander Sheremet Message-ID: References: <580x9.4396$5u4.13701@news-server.bigpond.net.au> NNTP-Posting-Host: cust-62-219-88-94.cust.bezeqint.net (62.219.88.94) X-Trace: fu-berlin.de 1036514311 8201954 62.219.88.94 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1851279 On 3 Nov 2002 22:21:11 -0600 Wm James wrote in message : > The "techs" I spoke to on the phone a week or so ago claimed they > weren't aware that anyone was blocking them. That only proves they are > liars as well as thieves. :) > > William R. James They sure are lying, cause they were reading my verio files, themselves, and know very well that at least some people do block the whole Verio. And here is the proof that Verio does watch NANAE for being blocked: Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === And Verio's corporate mail relays are blocked by the Spamhaus SBL now === === http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5013 === *Ref: SBL5013* *129.250.38.0/25** is listed on the Spamhaus Block List (SBL)* Nov 1 2002 - 20:10hrs GMT *Verio, Inc. Corporate Mail Relays* This SBL listing of Verio, Inc. corporate resources for Knowingly Providing Spam Support Services, is made with sadness on the part of the Spamhaus Project team because we know Verio has an extremely good Abuse Team and an excellent Acceptable Use Policy. We are certain Verio's spam problems are caused by greed-driven executives overriding the Abuse team and making a mockery of Verio's Acceptable Use Policy. Things have gone seriously wrong at Verio. Verio is in management crisis and Verio's Sales management has made an unwise decision to generate additional cash by purposefully selling connectivity to well-known spam gangs enabling blatant spam operations to operate from the Verio network. A number of hard-core notorious spam gangs run by spammers with criminal records for fraud or theft are now hosted knowingly by Verio, therefore the volumes of Verio-hosted spam have increased dramatically. Gangs including "US Health Labs" and "Cyrunner" (running two separate fake ISPs "UNIPXNET" and "IXXNET" off Verio with fraudulent registrations designed to misdirect spam complaints) are flooding the Internet non-stop in spam for "pre-teen-sex", "make-penis-fast", viagra, loans and mortgage scams. Verio's broadband business unit's president is believed to have personally approved the sale of 100+ high-bandwidth lines to US Health Labs, knowingly for spam purposes. These are sales made knowing that US Health Labs, run by professional spammers Mike Cunningham and Andrew Amend, are a spam gang whose sole business and sole use of Verio's network is for the relentless and illegal spamming of millions of U.S. Citizens. Another long-term professional spam operation, IMG Direct run by Steve Hardigree and Frank Bernal moved to Verio on 1 November after being thrown off Sprint. Another spam operation, Gordon Lantz, like the others thrown off almost all major U.S. networks, is about to go live on Verio having been approved and scheduled for installation. With increasing alarm, the Spamhaus Project has watched spammers moving to Verio due to Verio Sales Managers knowingly doing business with notorious 'porn & pills' spam gangs. Spamhaus believes that Verio's CEO is ordering the Abuse department to disregard the AUP and that is a situation that, as well as illuminating a disastrous state of affairs for Verio customers and shareholders, is unacceptable to us. This SBL listing of Verio's Corporate Mail Relays is intended to not impede the normal communications of Verio customers, but to concentrate boycott action on Verio executives. Executives who appear willing to supply Spam Support Services foregoing ethics and integrity in return for promises of larger line purchases from spam operations. Email from Verio Corporate Mail Relays is currently being refused by 98 Million international SBL users. If you are currently experiencing mail difficluties due to this listing, please contact your Verio account manager/Verio Customer Support now. A Verio executive needs to contact Spamhaus. SBL Listings of spam gangs hosted by Verio Verio spam complaints (current issues) The 'Cyrunner' spam gang (aka "UNIPXNET" and "IXXNET") The 'US Health Labs' spam gang To have this listing removed from the SBL, contact the Spamhaus Project quoting the reference *SBL5013*, and let us know what you have done to fix the problem. If the reason for the listing has been fixed we will normally immediately remove the listing from the SBL. The SBL is an international anti-spam system maintained by The Spamhaus Project and used by Internet networks to protect users from spam sources and spam services. The SBL lists only IP addresses - not domains or addresses. If you are unable to send email due to the SBL listing above, please contact your Internet Service Provider now and point them to this page - your ISP needs to contact us to resolve the issue. UXN Spam Combat <../index.lasso> === People were calling Verio about it === Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net !sea-read.news.verio.net.POSTED!not-for-mail From: "Paul Franson" Newsgroups: news.admin.net-abuse.email Subject: Contact with Verio Office of the President... Lines: 21 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2720.3000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: Date: Wed, 06 Nov 2002 17:43:35 GMT NNTP-Posting-Host: 206.184.3.205 X-Complaints-To: abuse@verio.net X-Trace: sea-read.news.verio.net 1036604615 206.184.3.205 (Wed, 06 Nov 2002 17:43:35 GMT) NNTP-Posting-Date: Wed, 06 Nov 2002 17:43:35 GMT Organization: Verio Xref: uni-berlin.de news.admin.net-abuse.email:1852094 Sent a sh*t-o-gram this morning to a bunch of folks on the Verio manangement team about Steve Linford's credible (as is everything I've ever heard come out of Steve) allegations in http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5013. Just got a call from a gentleman from the Verio Office of the President in Dallas to gather some info. I told him that Verio's rep among the spam-fighting community was hideous but starting to get a little better because of Darrin's work. What Steve had fleshed out was not only a 180 in that progress, but would cause me to pull everything I have from Verio if it was 1) true, and 2) not mitigated pretty fast. He said he was unaware of most of the stuff in the entry, but had heard of US Health (not a good sign) and that they were formulating a formal response. His next call was to Darrin who was out of town in a meeting. More to follow as it comes in... PF === Verio Abuse desk shuts down one site, keeps 15 (original post) === Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net !dfw-read.news.verio.net.POSTED!not-for-mail Message-ID: <3DCC63ED.FE75C9FB@verio.net> From: Darren Grabowski X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: SPEWS updates from Verio Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 16 Date: Fri, 08 Nov 2002 19:25:01 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1036805083 129.250.49.192 (Sat, 09 Nov 2002 01:24:43 GMT) NNTP-Posting-Date: Sat, 09 Nov 2002 01:24:43 GMT Organization: NTT/Verio Xref: uni-berlin.de news.admin.net-abuse.email:1853975 S2040 Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk have now been removed, I'm guessing someone missed it. S1384 We have not received any complaints on the two domains listed since July of this year. I know if some folks have received spam from them recently you'll let me know. -- Darren Grabowski Verio Security & Abuse Team === People reply === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS updates from Verio Date: 8 Nov 2002 20:59:09 -0600 Lines: 66 Message-ID: References: <3DCC63ED.FE75C9FB@verio.net> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:bbewWXbRPKrJkE8j3sDFkUN0gG4= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1854030 On Fri, 08 Nov 2002 19:25:01 -0600, Darren Grabowski wrote: >From: Darren Grabowski >X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686) >X-Accept-Language: en >MIME-Version: 1.0 >Newsgroups: news.admin.net-abuse.email >Subject: SPEWS updates from Verio >Content-Type: text/plain; charset=us-ascii >Content-Transfer-Encoding: 7bit >Lines: 16 >Date: Fri, 08 Nov 2002 19:25:01 -0600 >NNTP-Posting-Host: 129.250.49.192 >X-Complaints-To: abuse@verio.net >X-Trace: dfw-read.news.verio.net 1036805083 129.250.49.192 (Sat, 09 Nov 2002 01:24:43 GMT) >NNTP-Posting-Date: Sat, 09 Nov 2002 01:24:43 GMT >Organization: NTT/Verio >Xref: newscene.com news.admin.net-abuse.email:1811890 > >S2040 > >Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk >have now been removed, I'm guessing someone missed >it. > >S1384 > >We have not received any complaints on the two >domains listed since July of this year. I know if >some folks have received spam from them recently >you'll let me know. > >-- >Darren Grabowski >Verio Security & Abuse Team cashassistance.com is still active. www.6habits.com is still active. hudsonezine.com is still active. postrun.com is still active. makeitbig.tux.nu is still active. redirection.iscool.net is still active. DynastyServers.com is still active. netdomination.com is still active. SelfReplicator.com is still active. www.affiliSOFT.com is still active. ispforrent.com is still active. webtools2010.com is still active. theispguide.com is still active. ALL of those have been reported to verio for habitual abuse and all complaints have been totally ignored as usual. Also, I have mentioned them here, and you obviously don't have to guts to even address them. Verio is still TOTALLY ignoring complaints. Until that changes, go crawl back under your rock and stop trying to make people think they are enforcing the AUP by posting domains of the bums who didn't pay the bill. No one here is fooled. Go tell your boss in the sales dept that it aint gonna work. William R. James === My reply === Path: uni-berlin.de!cust-62-219-88-94.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS updates from Verio Date: 9 Nov 2002 19:14:41 GMT Organization: Private person Lines: 58 Sender: Alexander Sheremet Message-ID: References: <3DCC63ED.FE75C9FB@verio.net> NNTP-Posting-Host: cust-62-219-88-94.cust.bezeqint.net (62.219.88.94) X-Trace: fu-berlin.de 1036869281 11264870 62.219.88.94 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1854369 On 8 Nov 2002 20:59:09 -0600 Wm James wrote in message : > On Fri, 08 Nov 2002 19:25:01 -0600, Darren Grabowski >>S2040 >> >>Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk >>have now been removed, I'm guessing someone missed >>it. >> >>S1384 >> >>We have not received any complaints on the two >>domains listed since July of this year. I know if >>some folks have received spam from them recently >>you'll let me know. >> >>-- >>Darren Grabowski >>Verio Security & Abuse Team And you didn't terminate them back in July, when you *did* receive complaints exactly why? Cause Verio wanted you to keep them as customers, and just wait till the heat goes down? > cashassistance.com is still active. > www.6habits.com is still active. > hudsonezine.com is still active. > postrun.com is still active. > makeitbig.tux.nu is still active. > redirection.iscool.net is still active. > DynastyServers.com is still active. > netdomination.com is still active. > SelfReplicator.com is still active. > www.affiliSOFT.com is still active. > ispforrent.com is still active. > webtools2010.com is still active. > theispguide.com is still active. > > ALL of those have been reported to verio for habitual abuse and all > complaints have been totally ignored as usual. Also, I have mentioned > them here, and you obviously don't have to guts to even address them. Which makes their Abuse desk work to be how effective? Less than 7%?! Interesting, if they are being paid the same percentage of their salaries, or Verio pays it reverse-proportional, 100%-7%? Less sites you shut down - bigger salary you get? Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Verio is "well aware about other issues" === === (but the "issues" are still up online) === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com!sjc-peer.news.verio.net!news.verio.net!dfw-read.news.verio.net.POSTED!not-for-mail Message-ID: <3DDD2176.DE48058B@verio.net> From: Darren Grabowski X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: FYI SPEWS S594 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 103 Date: Thu, 21 Nov 2002 12:09:58 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1037902308 129.250.49.192 (Thu, 21 Nov 2002 18:11:48 GMT) NNTP-Posting-Date: Thu, 21 Nov 2002 18:11:48 GMT Organization: NTT/Verio Xref: uni-berlin.de news.admin.net-abuse.email:1861646 We have terminated US Health Labs for aup violations. My team and I are also well aware of the other issues. The following netblocks were assigned to USHL: 198.64.0.0 /28 198.64.0.16 /28 198.64.0.32 /28 198.64.1.64 /28 198.64.1.80 /28 198.64.2.0 /28 198.64.2.112 /28 198.64.2.208 /28 198.64.2.224 /28 198.64.2.32 /28 198.64.2.48 /28 198.64.2.64 /28 198.64.2.80 /28 198.64.2.96 /28 204.2.56.144 /28 204.2.73.0 /28 204.233.38.0 /28 204.233.38.112 /28 204.233.38.128 /28 204.233.38.144 /28 204.233.38.16 /28 204.233.38.160 /28 204.233.38.176 /28 204.233.38.192 /28 204.233.38.208 /28 204.233.38.224 /28 204.233.38.240 /28 204.233.38.32 /28 204.233.38.48 /28 204.233.38.64 /28 204.233.38.80 /28 204.233.38.96 /28 207.150.143.144 /28 207.150.143.160 /28 207.150.143.192 /28 207.150.143.208 /28 198.64.0.112 /28 198.64.0.128 /28 198.64.0.144 /28 198.64.0.160 /28 198.64.0.160 /28 198.64.0.176 /28 198.64.0.176 /28 198.64.0.192 /28 198.64.0.192 /28 198.64.0.208 /28 198.64.0.208 /28 198.64.0.224 /28 198.64.0.240 /28 198.64.0.48 /28 198.64.0.64 /28 198.64.0.80 /28 198.64.0.96 /28 198.64.1.0 /28 198.64.1.112 /28 198.64.1.128 /28 198.64.1.144 /28 198.64.1.16 /28 198.64.1.160 /28 198.64.1.176 /28 198.64.1.192 /28 198.64.1.208 /28 198.64.1.224 /28 198.64.1.240 /28 198.64.1.32 /28 198.64.1.48 /28 198.64.1.96 /28 198.64.2.128 /28 198.64.2.144 /28 198.64.2.16 /28 198.64.2.160 /28 198.64.2.176 /28 198.64.2.192 /28 204.2.55.176 /28 204.2.51.224 /28 204.2.55.144 /28 204.2.73.128 /28 204.2.73.144 /28 204.2.73.160 /28 204.2.73.176 /28 204.2.73.192 /28 204.2.73.208 /28 204.2.73.224 /28 204.2.73.32 /28 157.238.182.16 /28 157.238.182.32 /28 157.238.182.64 /28 157.238.182.80 /28 157.238.182.96 /28 198.87.130.112 /28 198.87.130.128 /28 198.87.130.144 /28 198.87.130.160 /28 198.87.130.96 /28 -- Darren Grabowski Verio Security & Abuse Team === My reply === Path: uni-berlin.de!cust-62-219-88-44.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: FYI SPEWS S594 Date: 21 Nov 2002 19:10:50 GMT Organization: Private person Lines: 17 Sender: Alexander Sheremet Message-ID: References: <3DDD2176.DE48058B@verio.net> NNTP-Posting-Host: cust-62-219-88-44.cust.bezeqint.net (62.219.88.44) X-Trace: fu-berlin.de 1037905850 19814904 62.219.88.44 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1861688 On Thu, 21 Nov 2002 12:09:58 -0600 Darren Grabowski wrote in message <3DDD2176.DE48058B@verio.net>: > We have terminated US Health Labs for aup > violations. My team and I are also well aware of > the other issues. We are well aware that you are well aware of the other issues. Your actions (or lack of) is what matters, not your awareness. Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Bogus termination report to NANAE === Message-ID: <3E2C4192.2030602@verio.net> From: Darren Grabowski User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: S2298 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 11 Date: Mon, 20 Jan 2003 12:36:02 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1043087780 129.250.49.192 (Mon, 20 Jan 2003 18:36:20 GMT) NNTP-Posting-Date: Mon, 20 Jan 2003 18:36:20 GMT Organization: NTT/Verio IP-Hosts has been terminated by our customer, and Verio has reclaimed the IP's assigned to IP Hosts. 1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) 1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com) darren -- Darren Grabowski Verio Security & Abuse Team === Reply === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com !newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com!telocity-west !DIRECTV!sn-xit-03!sn-xit-06!sn-post-01!supernews.com!news.supernews.com !news.rrclark.net!nobody From: spammers_lie@rrclark.net (Rich Clark, aka Rev Egg Plant, ULC) Newsgroups: news.admin.net-abuse.email Subject: Re: S2298 Date: Tue, 21 Jan 2003 06:37:38 -0500 Organization: Fubar Inc Message-ID: References: <3E2C4192.2030602@verio.net> User-Agent: slrn/0.9.7.1 (Linux) X-Complaints-To: abuse@supernews.com Lines: 21 Xref: uni-berlin.de news.admin.net-abuse.email:1903851 In article <3E2C4192.2030602@verio.net>, Darren Grabowski wrote: > IP-Hosts has been terminated by our customer, and Verio has > reclaimed the IP's assigned to IP Hosts. > > 1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) > 1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com) Darren, This is the most facetious thing I've seen you post in a long time. A recheck at 06:35 21 Jan 03 reveals that not only are they not terminated, they are still answering up on port 25 of 199.239.133.3. Why are they still connected in spite of what you posted above? Rich -- ... it would appear that the general public is embracing the concept of spam as "unsolicited, viral advertising", an evolutionary development in the etymology of the word. -- George Crissman, NANAE, 12/1/02 TINLC Unit #2309 Death to all spammer accounts. WWSB? === Verio's responce === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu !newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com !sjc-peer.news.verio.net!news.verio.net!dfw-read.news.verio.net.POSTED !not-for-mail Message-ID: <3E2D67E2.4080404@verio.net> From: Darren Grabowski User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: Re: S2298 References: <3E2C4192.2030602@verio.net> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 27 Date: Tue, 21 Jan 2003 09:31:46 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1043163124 129.250.49.192 (Tue, 21 Jan 2003 15:32:04 GMT) NNTP-Posting-Date: Tue, 21 Jan 2003 15:32:04 GMT Organization: NTT/Verio Xref: uni-berlin.de news.admin.net-abuse.email:1903983 Rich Clark, aka Rev Egg Plant, ULC wrote: > In article <3E2C4192.2030602@verio.net>, Darren Grabowski wrote: > >>IP-Hosts has been terminated by our customer, and Verio has >>reclaimed the IP's assigned to IP Hosts. >> >>1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) >>1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com) > > > Darren, > > This is the most facetious thing I've seen you post in a long time. A > recheck at 06:35 21 Jan 03 reveals that not only are they not > terminated, they are still answering up on port 25 of 199.239.133.3. > > Why are they still connected in spite of what you posted above? I'm looking into why the IP's were still routing, in the meantime I've made sure IP Hosts were down. The IP's in the 199.239.132.0 - 199.239.135.255 range have been routed to null0. darren -- Darren Grabowski Verio Security & Abuse Team === Other replies - 1 === Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!cyclone.swbell.net !newsfeed1.easynews.com!easynews.com!easynews!novia!newscene.com!newscene!novia !novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: S2298 Date: 20 Jan 2003 16:34:28 -0600 Lines: 41 Message-ID: References: <3E2C4192.2030602@verio.net> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:z+slImbxGbnrNuq4GDDQATle9KM= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1903445 On Mon, 20 Jan 2003 12:36:02 -0600, Darren Grabowski wrote: >IP-Hosts has been terminated by our customer, and Verio has >reclaimed the IP's assigned to IP Hosts. > >1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) >1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com) > >darren Your crinimal harrassing flood spammers cashassistance.com is still there, bozo. Try posting a real termination instead of your bounced check list. And what about these? You still want to ignore them, huh? linkcounter.com the6habits.com cigarfrat.com tempdomainname.com THEISPGUIDE.COM hudsonezine.com postrun.com makeitbig.tux.nu redirection.iscool.net DynastyServers.com netdomination.com SelfReplicator.com affiliSOFT.com ispforrent.com WEBTOOLS2010.COM mydomainwiz.com arecool.net iscool.net Rot with your pimps, Derwood. Tell them no one is buying the crap you are shoveling. William R. James === Other replies - 2 === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!nntp.kreonet.re.kr !news-xfer.nuri.net!sn-xit-03!sn-xit-01!sn-post-01!supernews.com !corp.supernews.com!not-for-mail From: rule3@LinxNet.com (Jim Seymour) Newsgroups: news.admin.net-abuse.email Subject: Re: S2298 Date: Tue, 21 Jan 2003 01:24:20 -0000 Organization: tino Message-ID: Mime-Version: 1.0 Sender: jseymour@LinxNet.com X-Newsreader: knews 1.0b.1 References: <3E2C4192.2030602@verio.net> Content-Type: text/plain; charset=us-ascii X-Complaints-To: abuse@supernews.com Lines: 71 Xref: uni-berlin.de news.admin.net-abuse.email:1903590 In article , "Terry H. Gilsenan" writes: > On Tue, 21 Jan 2003 04:36:02 +1000, Darren Grabowski wrote: > >> IP-Hosts has been terminated by our customer, and Verio has reclaimed >> the IP's assigned to IP Hosts. >> >> 1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) 1, >> 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com) >> >> darren >> -- >> Darren Grabowski >> Verio Security & Abuse Team > > Crap, > > All still there, and answering. > > try it yourself: > > telnet mail.ip-hosts.com 25 > > See if it says helo.... Indeed it does... Script started on Mon 20 Jan 2003 08:17:20 PM EST $ telnet mail.ip-hosts.com 25 Trying 199.239.133.3... Connected to mail.ip-hosts.com. Escape character is '^]'. 220 ns1.ip-hosts.com ESMTP Sendmail 8.11.6/8.11.6; Tue, 21 Jan 2003 09:18:58 -0500 quit 221 2.0.0 ns1.ip-hosts.com closing connection Connection closed by foreign host. $ host mail.ip-hosts.com mail.ip-hosts.com A 199.239.133.3 $ whois 199.239.133.3 OrgName: Verio, Inc. OrgID: VRIO NetRange: 199.236.0.0 - 199.239.255.255 CIDR: 199.236.0.0/14 NetName: VRIO-199-236 NetHandle: NET-199-236-0-0-1 Parent: NET-199-0-0-0-0 NetType: Direct Allocation NameServer: NS0.VERIO.NET NameServer: NS1.VERIO.NET NameServer: NS2.VERIO.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE [remainder snipped] $ exit script done on Mon 20 Jan 2003 08:18:03 PM EST Eight hours later and still goin'. Some "termination," eh? Regards, Jim -- Jim Seymour | "Some of the lies are so strange it WARNING: The "From:" address is a | makes you wonder about the spammer's spam trap. DON'T USE IT! Use: | sanity." jseymour@LinxNet.com | - Ed Foster, "The Gripe Line" 6/24/02 === And another followup from Verio === Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net !dfw-read.news.verio.net.POSTED!not-for-mail Message-ID: <3E2EF2C1.6030302@verio.net> From: Darren Grabowski User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: SPEWS S2298 - Revisited Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 13 Date: Wed, 22 Jan 2003 13:36:33 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1043264210 129.250.49.192 (Wed, 22 Jan 2003 19:36:50 GMT) NNTP-Posting-Date: Wed, 22 Jan 2003 19:36:50 GMT Organization: NTT/Verio Xref: uni-berlin.de news.admin.net-abuse.email:1905046 Spews, Yesterday morning I made sure that the IP's assigned to IP Hosts were down by placing a null route on the router they connected to. When I originally announced they were down, I didn't double check the 199.239.133.0/24 range myself. Please remove the blocks. Thank you. darren -- Darren Grabowski Verio Security & Abuse Team === Yet, ip-hosts.com is STILL on Verio === Path: uni-berlin.de!fu-berlin.de!uni-erlangen.de!elvis.franken.de !chico.franken.de!news.franken.de!news.nl.linux.org!humbolt.nl.linux.org !surfnet.nl!rug.nl!erik.selwerd.nl!nobody From: erik@flits102-126.flits.rug.nl (Erik Warmelink) Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S2298 - Revisited Date: Thu, 23 Jan 2003 22:20:09 +0100 Organization: Eric Conspiracy Secret Labs Lines: 38 Message-ID: <9amp0b.61u.ln@erik.selwerd.nl> References: <3E2EF2C1.6030302@verio.net> NNTP-Posting-Host: flits102-126.flits.rug.nl Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: info.service.rug.nl 1043357335 28003 129.125.102.126 (23 Jan 2003 21:28:55 GMT) X-Complaints-To: newsmaster@rug.nl NNTP-Posting-Date: Thu, 23 Jan 2003 21:28:55 +0000 (UTC) X-Newsreader: knews 1.0b.1 X-Eric-Conspiracy: There is no conspiracy Xref: uni-berlin.de news.admin.net-abuse.email:1906194 In article <3E2EF2C1.6030302@verio.net>, Darren Grabowski writes: > Yesterday morning I made sure that the IP's assigned to IP > Hosts were down by placing a null route on the router they > connected to. When I originally announced they were down, I > didn't double check the 199.239.133.0/24 range myself. The cheque didn't really bounce? Did the spammers renew their pink contract? Someone lied to you and told ip-hosts was disconnected? > Please remove the blocks. Thank you. Please remove all spammers (like 128.242.102.0/24, who keep trying to spam my users). O, by the way: $ traceroute 69.6.0.8 | traceroute to 69.6.0.8 (69.6.0.8), 30 hops max, 40 byte packets [snip] | 9 p1-0-3-0.r01.frnkge02.de.bb.verio.net (129.250.9.5) 14.858 ms | 10 p4-0-1-0.r01.amstnl02.nl.bb.verio.net (129.250.2.85) 16.621 ms | 11 p4-0-1-0.r80.nwrknj01.us.bb.verio.net (129.250.2.222) 99.954 ms | 12 p4-1-3-0.r01.nwrknj01.us.bb.verio.net (129.250.5.41) 99.814 ms | 13 p16-1-1-1.r21.nycmny01.us.bb.verio.net (129.250.5.13) 99.945 ms | 14 p16-1-0-1.r21.asbnva01.us.bb.verio.net (129.250.5.99) 106.786 ms | 15 p64-0-0-0.r20.asbnva01.us.bb.verio.net (129.250.2.34) 107.899 ms | 16 p16-3-0-0.r00.stngva01.us.bb.verio.net (129.250.2.74) 109.589 ms | 17 p16-0-0-0.r02.stngva01.us.bb.verio.net (129.250.5.15) 108.603 ms | 18 p4-1-0-0.r00.miamfl01.us.bb.verio.net (129.250.2.110) 133.519 ms | 19 ge-1-1.a03.miamfl01.us.ra.verio.net (129.250.26.199) 782.474 ms | 20 fa-3-1.a03.miamfl01.us.ce.verio.net (157.238.179.154) 134.518 ms | 21 69.6.0.18 (69.6.0.18) 134.472 ms | 22 ip-hosts.com (69.6.0.8) 134.695 ms -- erik@selwerd.nl === And yet another lie from Verio === Message-ID: <3E319E86.1080505@verio.net> From: Darren Grabowski User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01 X-Accept-Language: en-us, en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: SPEWS S1573 Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit Lines: 10 Date: Fri, 24 Jan 2003 14:13:58 -0600 NNTP-Posting-Host: 129.250.49.192 X-Complaints-To: abuse@verio.net X-Trace: dfw-read.news.verio.net 1043439255 129.250.49.192 (Fri, 24 Jan 2003 20:14:15 GMT) NNTP-Posting-Date: Fri, 24 Jan 2003 20:14:15 GMT Organization: NTT/Verio X9 Integrated has been terminated for AUP violations. 1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio) 1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us) darren -- Darren Grabowski Verio Security & Abuse Team === Reply === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sjc70.webusenet.com !news.webusenet.com!sn-xit-02!sn-xit-06!sn-xit-01!sn-post-01!supernews.com !corp.supernews.com!not-for-mail From: NoLegs Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S1573 [Attn: SPEWS X9 Integrated still up] Followup-To: news.admin.net-abuse.email Date: Fri, 24 Jan 2003 23:57:04 -0500 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <47643voca39cm4vmfhvsq8ggl15v6mlv67@4ax.com> References: <3E319E86.1080505@verio.net> X-Newsreader: Forte Agent 1.91/32.564 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 83 Xref: uni-berlin.de news.admin.net-abuse.email:1907344 On Fri, 24 Jan 2003 14:13:58 -0600, Darren Grabowski wrote: >X9 Integrated has been terminated for AUP violations. > >1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio) >1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us) > >darren X9 Integrated is still there! You did not remove them! Regards, NoLegs 11 196 ms 210 ms 195 ms p16-2-0-0.r01.dllstx01.us.bb.verio.net [129.250. 3.29] 12 206 ms 200 ms 210 ms p4-1-0-0.r01.kscymo02.us.bb.verio.net [129.250.4 .38] 13 186 ms 210 ms 230 ms ge-1-1-0.a00.kscymo02.us.ra.verio.net [129.250.2 5.98] 14 386 ms 410 ms 395 ms ge-1-1.a02.kscymo02.us.ra.verio.net [129.250.25. 84] 15 210 ms 220 ms 220 ms fa-2-5.a02.kscymo02.us.ce.verio.net [128.242.0.2 54] 16 250 ms 280 ms 220 ms x9i.com [128.242.160.16] Registrant: X9 Integrated Domain Management 3111 Wyandotte Suite 202 Kansas City, Missouri 64111 US 816-935-6933 45745@whois.gkg.net Administrative Contact: X9 Integrated Domain Management 3111 Wyandotte Suite 202 Kansas City, Missouri 64111 US 816-935-6933 45745@whois.gkg.net Technical Contact: X9 Integrated Domain Management 3111 Wyandotte Suite 202 Kansas City, Missouri 64111 US 816-935-6933 45745@whois.gkg.net Billing Contact X9 Integrated Domain Management 3111 Wyandotte Suite 202 Kansas City, Missouri 64111 US 816-935-6933 45745@whois.gkg.net Registrar..: gkg.net (http://register.gkg.net/) Domain Name: X9I.COM Created on..............: 19-NOV-2002 Expires on..............: 19-NOV-2003 Record last updated on..: 09-DEC-2002 Domain servers in listed order: NS1.X9I.COM 128.242.160.10 NS2.X9I.COM 128.242.160.11 === My reply === Path: uni-berlin.de!cust-62-219-88-92.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S1573 Date: 25 Jan 2003 13:09:07 GMT Organization: Private person Lines: 53 Sender: Alexander Sheremet Message-ID: References: <3E319E86.1080505@verio.net> NNTP-Posting-Host: cust-62-219-88-92.cust.bezeqint.net (62.219.88.92) X-Trace: fu-berlin.de 1043500147 30813904 62.219.88.92 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1907468 In message <3E319E86.1080505@verio.net> Darren Grabowski wrote: > > X9 Integrated has been terminated for AUP violations. > > 1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio) > 1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us) > > darren > -- > Darren Grabowski > Verio Security & Abuse Team So, Darren, screwed again, the second time in just one week? $ host x9i.com x9i.com has address 128.242.160.16 $ wget -S -O - x9i.com --15:02:56-- http://x9i.com/ => `-' Resolving x9i.com... done. Connecting to x9i.com[128.242.160.16]:80... connected. HTTP request sent, awaiting response... 1 HTTP/1.0 200 OK 2 Date: Sat, 25 Jan 2003 12:58:21 GMT 3 Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0 PHP/4.2.3 FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b 4 Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT 5 ETag: "1ff0b-3c1e-3e1f03fc" 6 Accept-Ranges: bytes 7 Content-Length: 15390 8 Content-Type: text/html 9 Age: 464 10 X-Cache: HIT from proxy.interal.co.il 11 Connection: keep-alive X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers, Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller Hosting Plans, Reseller Dedicated Server Plans, Budget Hosting <...> X9 Integrated is still happily alive on the same Verio IP, 16+ hours since the claimed "termination". Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === Sam Spade confirms, the site is still alive === === http://samspade.org/t/safe?u=http%3A%2F%2Fx9i.com === GET / HTTP/1.1 Host: x9i.com Connection: close Read 8192 bytes from host x9i.com, path / HTTP/1.1 200 OK Date: Sat, 25 Jan 2003 13:26:05 GMT Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0 PHP/4.2.3 FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT ETag: "1ff0b-3c1e-3e1f03fc" Accept-Ranges: bytes Content-Length: 15390 Connection: close Content-Type: text/html X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers, Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller Hosting Plans, Reseller Dedicated Server Plans, Budget Hosting <...> === Explanation of this situation with X9 Integrated, by the new owner === Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!cyclone.mw.ipsvc.net !news.mw.ipsvc.net!cyclone.kc.rr.com!cyclone3.kc.rr.com!news3.kc.rr.com !twister.rdc-kc.rr.com.POSTED!53ab2750!not-for-mail From: "brian" Newsgroups: news.admin.net-abuse.email References: <3E319E86.1080505@verio.net> Subject: Re: SPEWS S1573 Lines: 133 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Message-ID: Date: Sat, 25 Jan 2003 19:05:24 GMT NNTP-Posting-Host: 24.166.183.136 X-Complaints-To: abuse@rr.com X-Trace: twister.rdc-kc.rr.com 1043521524 24.166.183.136 (Sat, 25 Jan 2003 13:05:24 CST) NNTP-Posting-Date: Sat, 25 Jan 2003 13:05:24 CST Xref: uni-berlin.de news.admin.net-abuse.email:1907603 Darren has in fact removed the X9 Verio Circuit yesterday as of 2:10PM CST. Allow me to explain what has happened.. Frank the owner of X9I last week sold the assets of his company to me due to a divorce he is facing with his wife. With the assets came his customer base more or less, which I had a small grasp on. but then again this was an asset acquisition and I did not count on all the customers to stay due to poor customer service they had experienced. Come to find out X9I has been hosting a Spam provider known as IOHOSTING.US and IOMARKETING.US(input output marketing/hosting). I have spent most of this week becoming familiar with the customer base and had in fact talked to Rusty the owner of IO many times over the phone and was under the impression he was a just a Virtual Hosting provider. Thursday night at around 9PM I received an email Darren had sent prior that day saying that X9I's circuit would be revoked Friday at 2:00 PM CST due to AUP violations. Of course I jumped all over this because I was not aware of any such violations.. But it seems there were some 1200 complaints received recently and Frank the old owner of X9I had never paid much attention to Verio and other groups when they sent abuse complaints.. I can only assume he was trying to milk his spammer account and figured everyone would go away given time. With Darren's assistance I had identified who the spammer was (IOHOSTING) by the IP's in his abuse complaints : 128.242.160.103 128.242.160.108 128.242.160.113 128.242.160.115 128.242.160.114 128.242.160.110 I immediately turned off IO's Ethernet port and sent Rusty the owner an email saying his service had been terminated permanently at about 11:30 AM CST. I then proceeded to talk with Darren to see if I could salvage the circuit as I was not done moving customers over to my Verio line and reassigning IP's to their machines, and having the line shut down over a weekend would more or less put me out of business. He explained that he could not do this because of the situation, so of course like any provider I tried looking for other possible solutions. Knowing once the X9i circuit was canceled his IP range would become free I contacted the Verio Engineers in charge of my circuit to see if I could obtain the IPs. I received the OK that I could obtain his IP's and shortly after Darren shut off his circuit Midwest Internet Services acquired one of two of X9's /24 ip blocks which became routed to me : Midwest Internet (NETBLK-A012-128-242-160-0) A012-128-242-160-0 128.242.160.0 - 128.242.160.255 Verio, Inc. - Midwest (NETBLK-VRIO-128-242-160) VRIO-128-242-160 128.242.160.0 - 128.242.167.255 Let me state for the record that if I had known about the abuse complaints I would have shut off IOhosting prior to Friday, but I simply did not. When trying to sell your hosting provider one of the last things I could see being mentioned to me is that the IP range is listed on spews and that there is a good possibility that the circuit will be turned off soon. Darren has done his job in turning off the Circuit and also in getting the spammers off Verios network. I however have only taken over the IP block for a short period so that I can migrate customers to my block and rid myself of this problem. The IP's being in use by another provider should NOT be taken in any way that Verio is simply moving around spammers. A simple dig would reveal that IOhosting and any of their other domains have moved to another network not at all associated with my company and or Verio. I hope that this will suffice in answering everyone's questions, and hope that it will also stop the attacks on Darren's professionalism. If there are still remaining questions, I will do my best to answer them. Regards, Brian "Dolphin" wrote in message news:slrnb3531q.631.usenet-Jan+nanae@orca.dolphinwave.org... > In message <3E319E86.1080505@verio.net> Darren Grabowski wrote: > > > > > X9 Integrated has been terminated for AUP violations. > > > > 1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio) > > 1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us) > > > > darren > > -- > > Darren Grabowski > > Verio Security & Abuse Team > > So, Darren, screwed again, the second time in just one week? > > $ host x9i.com > x9i.com has address 128.242.160.16 > > $ wget -S -O - x9i.com > --15:02:56-- http://x9i.com/ > => `-' > Resolving x9i.com... done. > Connecting to x9i.com[128.242.160.16]:80... connected. > HTTP request sent, awaiting response... > 1 HTTP/1.0 200 OK > 2 Date: Sat, 25 Jan 2003 12:58:21 GMT > 3 Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0 PHP/4.2.3 FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b > 4 Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT > 5 ETag: "1ff0b-3c1e-3e1f03fc" > 6 Accept-Ranges: bytes > 7 Content-Length: 15390 > 8 Content-Type: text/html > 9 Age: 464 > 10 X-Cache: HIT from proxy.interal.co.il > 11 Connection: keep-alive > > > > X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers, > Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller Hosting > Plans, Reseller Dedicated Server Plans, Budget Hosting > <...> > > X9 Integrated is still happily alive on the same Verio IP, 16+ hours since > the claimed "termination". > > Dolphin. > > -- > URL: http://www.DolphinWave.org > Mail: on the web page (no spam) > ICQ: 6615461 === And Verio still ignores their spammers === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed2.easynews.com !newsfeed1.easynews.com!easynews.com!easynews!novia!newscene.com!newscene.com !newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: More verio Date: 14 Feb 2003 12:58:17 -0600 Lines: 68 Message-ID: Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:OGNv3WOP64NsJ/iZeGtxHY00zOs= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1921707 (posted to news.admin.net-abuse.email) Spam sent from: 129.250.225.27 (globalmedia.org / Verio) http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=globalmedia.o rg&btnG=Google+Search peddling a cesspool of spammers: www.freepass.com 129.250.225.52 (Looooong history of abuse, verio still ignoring complaint) See: http://groups.google.com/groups?q=freepass.com&hl=en&lr=&safe=off&btnG=Google+Se arch&site=groups www.sexgallery.com 66.230.208.20 www.pornvideos.com 129.250.225.31 Spam also included nonverio scum: clickcash.webpower.com 205.246.203.36 www.globalpotd.com 66.230.208.20 www.blackonwhite.com 216.130.197.246 (Dynamic Pipe \Pythonvideo) www.herbalo.com 209.134.35.63 www.asianlust.net 209.203.164.89 www.extremepenetration.net 200.24.156.211 www.adultrevenueservice.com 216.127.42.60 Full details in .sightings. Spam headers: ==================================================== Return-path: Envelope-to: removed Delivery-date: Fri, 14 Feb 2003 04:56:53 -0500 Received: from stmp3.globalmedia.org ([129.250.225.27]) by paris.dnsrouter.com with esmtp (Exim 3.36 #1) id 18jcaT-0007Xy-00 for removed; Fri, 14 Feb 2003 04:56:53 -0500 Received: from localhost (localhost.globalmedia.org [127.0.0.1]) by stmp3.globalmedia.org (Postfix) with SMTP id 513BC82503 for ; Fri, 14 Feb 2003 04:57:02 -0500 (EST) Subject: khok - Black on White action...get your Free password now! ueqs tmrb To: removed From: F R E E P A S S cyjxkkokq MIME-Version: 1.0 Content-type: text/html; charset="iso-8859-1" Comment: If you do not recall requesting this email, Comment: please accept our apologies and visit Comment: http://www.freepass.com/php-bin/unsubscribe.php?id=89660c1f26g04eb2 for immediate removal. Comment: 8930c1f66804eb2.16a36h351c X-Mailer: Microsoft Outlook, Build 10.0.2627 Message-Id: <20030213095702.513BC82603@stmp3.globalmedia.org> Date: Fri, 14 Feb 2003 04:57:02 -0500 (EST) ================================================================ Notes about the above spam: It appears to have a random "from", presumably changing with each email, perhaps just periodically. It has hashbusting random codes to attempt to bypass filters. I never requested it, of course. Any idiot want to claim it's not spam? William R. James === Verio still is clueless - forwards complaints to spammers === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-01 !sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: George Crissman Newsgroups: news.admin.net-abuse.email Subject: Does Verio Get It? Date: Thu, 20 Feb 2003 14:51:42 -0800 Organization: Please remove BIKINI to send email. Thank you. Message-ID: <9rma5v02bmjrq2t29g1b170ljurg1abh44@4ax.com> X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-Complaints-To: abuse@supernews.com Lines: 24 Xref: uni-berlin.de news.admin.net-abuse.email:1925551 The answer, unfortunately, is: no. ============= The Complaint =================== Attn: Verio De > Received: from mail08b.verio.de (mail08b.verio.de [213.198.55.87]) Please stop your spammer. Thank you. ============== The Response =================== Hello Mr. Crissman, many thanks for your mail. We informed our customer. Best Regards, Verio Support Team ================= Ahrrrr ====================== George Crissman DHS Club: The Club Built On Spam URL: http://www.theclubbuiltonspam.com Got News about DHS Club activities? stradsBIKINI@excite.com (Remove BIKINI to reply) === Verio plans to stop their spam-support? === Newsgroups: news.admin.net-abuse.email Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!news2.euro.net!uunet !ash.uu.net!xyzzy!nntp From: "R. Scott" Subject: I think maybe someday Verio will be a good guy. X-Nntp-Posting-Host: e131585.nw.nos.boeing.com Content-Type: text/plain; charset=us-ascii Message-ID: <3E566513.8107F182@yahoo.com> Sender: nntp@news.boeing.com (Boeing NNTP News Access) Content-Transfer-Encoding: 7bit Organization: Im NOT!!! X-Accept-Language: en Mime-Version: 1.0 Date: Fri, 21 Feb 2003 17:42:43 GMT X-Mailer: Mozilla 4.73 [en]C-CCK-MCD Boeing Kit (Windows NT 5.0; U) Lines: 15 Xref: uni-berlin.de news.admin.net-abuse.email:1926234 From an Insider I know personally and trust. NO, I wont reveal the source, but again, I consider him trustworthy. It may take a little time, you cant turn a super tanker around fast either. [QUOTE] Yeah, XXXXXX, we know. We are in the process of a major initiative in regards to spammers. To that end, we have changed our AUP, we are reviewing customer accounts for spammers and we are paying more attention to new accounts. This is a big issue and it's being addressed. [\QUOTE] Lets hope they are successful. === My reply === Path: uni-berlin.de!cust-62-219-88-50.cust.bezeqint.NET!not-for-mail From: Dolphin Newsgroups: news.admin.net-abuse.email Subject: Re: I think maybe someday Verio will be a good guy. Date: 21 Feb 2003 19:21:27 GMT Organization: Private person Lines: 51 Sender: Alexander Sheremet Message-ID: References: <3E566513.8107F182@yahoo.com> NNTP-Posting-Host: cust-62-219-88-50.cust.bezeqint.net (62.219.88.50) X-Trace: fu-berlin.de 1045855287 52158310 62.219.88.50 (16 [104765]) X-SPEWS: I am not X-newsgroup: news.admin.net-abuse.email X-PGP-key: 0xAAE2A579 X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133 FA87 000B 0FB6 AAE2 A579 User-Agent: slrn/0.9.7.4 (Linux) Xref: uni-berlin.de news.admin.net-abuse.email:1926350 On Fri, 21 Feb 2003 17:42:43 GMT R. Scott wrote in message <3E566513.8107F182@yahoo.com>: > From an Insider I know personally and trust. NO, I wont reveal the > source, but again, I consider him trustworthy. It may take a little > time, you cant turn a super tanker around fast either. > > [QUOTE] > Yeah, XXXXXX, we know. We are in the process of a major initiative in > regards to spammers. Yeah, like they were clueless and just found out that spamming is bad. Suure. I little bit way too late. > To that end, we have changed our AUP, What? They had a very good AUP, they didn't have to change anything there. They had to *ENFORCE* it, and that it. The only thing they had to change is their upper management. I highly doubt that I will ever think of Verio anything else than "THE spamhaus", as long as their pro-spam management is still sitting there. > we are > reviewing customer accounts for spammers and we are paying more > attention to new accounts. The time will tell, but I don't look at the watches for Verio anylonger. > This is a big issue and it's being addressed. It was a big issue a year+ ago. Now, when Verio is blocklisted to the hell and back, it's not an issue for the rest of the Internet anylonger. They are welcome to follow AGIS, the path they've knowingly choosed long time ago. > [\QUOTE] > > > Lets hope they are successful. Their success or failure does not bother those who gave up on them. They reape the results. http://www.DolphinWave.org/spam/verio.txt Dolphin. -- URL: http://www.DolphinWave.org Mail: on the web page (no spam) ICQ: 6615461 === What people think about it - 1 === Path: uni-berlin.de!fu-berlin.de!fr.usenet-edu.net!usenet-edu.net!teaser.fr !easynet-quince!easynet.net!easynet-post1!not-for-mail From: "Captain Flack" Newsgroups: news.admin.net-abuse.email References: <3E566513.8107F182@yahoo.com> <3E567400.DA97FB1C@yah00.c0m> Subject: Re: I think maybe someday Verio will be a good guy. Date: Fri, 21 Feb 2003 18:52:25 -0000 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Lines: 33 Message-ID: <3e5675e0$0$11986$afc38c87@news.easynet.co.uk> Organization: [posted via Easynet UK] NNTP-Posting-Host: 212.135.252.149 X-Trace: DXC==F;dMS7hTB=AXlcS4lE[A:_ZPoGbHe5W3nelX@LH>DP8W:QXT4nM30: Xref: uni-berlin.de news.admin.net-abuse.email:1926298 "Jon Newton" wrote in message news:3E567400.DA97FB1C@yah00.c0m... > > > "R. Scott" wrote: > > > > From an Insider I know personally and trust. NO, I wont reveal the > > source, but again, I consider him trustworthy. It may take a little > > time, you cant turn a super tanker around fast either. > > > > [QUOTE] > > Yeah, XXXXXX, we know. We are in the process of a major initiative in > > regards to spammers. To that end, we have changed our AUP, we are > > reviewing customer accounts for spammers and we are paying more > > attention to new accounts. > > > > This is a big issue and it's being addressed. > > [\QUOTE] > > > > Lets hope they are successful. > > Fuck Verio! > > They will have to pay me before I remove them from our blocks. Well said. Said so much more concisely than I managed. -- Support Trumpton's Striking Firemen One day there will be a real fire and we'll need them www.toonhound.com/trumpton-2.jpg === What people think about it - 2 === Path: uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!feed.news.nacamar.de !easynet-quince!easynet.net!easynet-post1!not-for-mail From: Newsgroups: news.admin.net-abuse.email References: <3E566513.8107F182@yahoo.com> Subject: Re: I think maybe someday Verio will be a good guy. Date: Fri, 21 Feb 2003 18:48:53 -0000 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Lines: 26 Message-ID: <3e56750c$0$12012$afc38c87@news.easynet.co.uk> Organization: [posted via Easynet UK] NNTP-Posting-Host: 212.135.252.149 X-Trace: DXC=;QKcg:I@8^;_lGKIeCHY=:FnQJVd5@jR3nelX@LH>DP8W:QXT4nM30: Xref: uni-berlin.de news.admin.net-abuse.email:1926307 "R. Scott" wrote in message news:3E566513.8107F182@yahoo.com... > From an Insider I know personally and trust. NO, I wont reveal the > source, but again, I consider him trustworthy. It may take a little > time, you cant turn a super tanker around fast either. > > [QUOTE] > Yeah, XXXXXX, we know. We are in the process of a major initiative in > regards to spammers. To that end, we have changed our AUP, we are > reviewing customer accounts for spammers and we are paying more > attention to new accounts. > > This is a big issue and it's being addressed. > [\QUOTE] > > > Lets hope they are successful. I lose count of how many times Verio have said "yeah we lied last time but this time our cleanup is for real". Last time I looked they were still upstreaming wholesalebandwidth spamhaus and a whole bundle of others. Personally I wish this supertanker would sink because it ain't going to turn round. === What people think about it - 3 === Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!newsfeed.stueberl.de !peernews3.colt.net!colt.net!easynet-quince!easynet.net!easynet-post1 !not-for-mail From: "Captain Flack" Newsgroups: news.admin.net-abuse.email References: <3E566513.8107F182@yahoo.com> Subject: Re: I think maybe someday Verio will be a good guy. Date: Fri, 21 Feb 2003 18:43:04 -0000 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Lines: 35 Message-ID: <3e5673af$0$12000$afc38c87@news.easynet.co.uk> Organization: [posted via Easynet UK] NNTP-Posting-Host: 212.135.252.149 X-Trace: DXC=5GN:cFhN5;`3P3k^0Z0ZPa\0F8Qd[dGL`nelX@LH>DPhW:QXT4nM30j Xref: uni-berlin.de news.admin.net-abuse.email:1926278 "R. Scott" wrote in message news:3E566513.8107F182@yahoo.com... > From an Insider I know personally and trust. NO, I wont reveal the > source, but again, I consider him trustworthy. It may take a little > time, you cant turn a super tanker around fast either. > > [QUOTE] > Yeah, XXXXXX, we know. We are in the process of a major initiative in > regards to spammers. To that end, we have changed our AUP, we are > reviewing customer accounts for spammers and we are paying more > attention to new accounts. > > This is a big issue and it's being addressed. > [\QUOTE] > > > Lets hope they are successful. Verio's reputation is so dire that they are in more private block lists than any other network. So badly blocked that blackholes.us has to put a nice clear link on the site because so many Verio customers are having their mail bounced by admins that use it. Don't trust anyone at Verio that tells you they're cleaning up. Why should this time be any different to the last 10? The world will be a better place when Verio disappears for ever. -- Support Trumpton's Striking Firemen One day there will be a real fire and we'll need them www.toonhound.com/trumpton-2.jpg === Verio lies to their customer about their SPEWS listing === Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: wcetc@webcreationsetc.com (Web Creations Etc.) Newsgroups: news.admin.net-abuse.email Subject: Spews Admin Please Read Date: 21 Feb 2003 10:43:07 -0800 Organization: http://groups.google.com/ Lines: 8 Message-ID: <30e5908f.0302211043.4ec76418@posting.google.com> NNTP-Posting-Host: 66.1.35.26 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1045852987 10352 127.0.0.1 (21 Feb 2003 18:43:07 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 21 Feb 2003 18:43:07 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1926273 Recently I found out that our server ip address was listed in Spews as relaying spam emails. I talked to Verio and they said that I had a form program in my cgi bin that was allowing this relaying to occur. This form program now only authorizes our domain to use it. This has also been fixed on our other servers. Please remove us from your list. Dee Jay Skinner Automatit Inc. === Reply === Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!cyclone.mw.ipsvc.net !news.mw.ipsvc.net!cyclone.kc.rr.com!news-west.rr.com!cyclone.austin.rr.com !twister.austin.rr.com.POSTED!53ab2750!not-for-mail From: Steve M -remove despam before rr for reply- Newsgroups: news.admin.net-abuse.email Subject: Re: Spews Admin Please Read Message-ID: Cancel-Lock: sha1:P9wfDrfCQxAs/fw51ygNFZY8JXg= References: <30e5908f.0302211043.4ec76418@posting.google.com> X-Newsreader: Forte Free Agent 1.93/32.576 English (American) MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.0 Lines: 43 Date: Fri, 21 Feb 2003 19:17:50 GMT NNTP-Posting-Host: 67.10.69.116 X-Complaints-To: abuse@rr.com X-Trace: twister.austin.rr.com 1045855070 67.10.69.116 (Fri, 21 Feb 2003 13:17:50 CST) NNTP-Posting-Date: Fri, 21 Feb 2003 13:17:50 CST Organization: Road Runner - Texas Xref: uni-berlin.de news.admin.net-abuse.email:1926342 On 21 Feb 2003 10:43:07 -0800, wcetc@webcreationsetc.com (Web Creations Etc.) wrote: >Recently I found out that our server ip address was listed in Spews as >relaying spam emails. I talked to Verio and they said that I had a >form program in my cgi bin that was allowing this relaying to occur. >This form program now only authorizes our domain to use it. This has >also been fixed on our other servers. Please remove us from your list. > Regarding my previous message, here is the ip address that needs > to be removed from the Spews list. > 128.121.215.228 > Dee Jay Skinner > Automatit Inc. Dee Jay, Verio lied to you. Your SPEWS listing has nothing to do with your form program. Verio itself is listed, not you. Did you actually see the SPEWS "evidence" file for your IP? http://www.spews.org/html/S2317.html Your IP actually belongs to Verio, and is included in this SPEWS listing: 1, 128.121.215.242, herbalmeds.org 1, 128.121.215.128/25, Verio (herbalmeds.org) This usually happens when the ISP (here Verio) ignores repeated complaints about a spammer (here herbalmeds.org) and then SPEWS expands the listing to include nearby IP's. From what I have seen, SPEWS does not punch holes for individuals who are not spammers. You're not going to like this, but you need to either (a) convince Verio to drop herbalmeds.org, (b) send outgoing email through somebody else, (c) drop Verio, or (d) live with it. Steven === Attorney General complaints is the only way to get Verio to do something === Path: uni-berlin.de!fu-berlin.de!cox.net!cyclone1.gnilink.net !ngpeer.news.aol.com!audrey-m2.news.aol.com!not-for-mail Lines: 31 X-Admin: news@aol.com From: reinbeaux@aol.comnospam (Washington State Resident) Newsgroups: news.admin.net-abuse.email Date: 22 Feb 2003 01:03:33 GMT References: Organization: AOL http://www.aol.com Subject: Re: Fscking Verio.Net Message-ID: <20030221200333.15386.00000064@mb-cr.aol.com> Xref: uni-berlin.de news.admin.net-abuse.email:1926635 Verio has recently had many Washington State AG complaints filed against them. From the personal responses back from Verio after I let them know I filed complaints against them, I take it they do NOT like AG complaints very much - filing AG complaints against them has been VERY affective for me (lots quicker than with ATT, Sprint, and Qwest) List of State and several countries AGs: http://www.fraud.org/info/links.htm Colorado AG: http://www.ago.state.co.us/ attorney.general@state.co.us Attorney General 1525 Sherman St. 7th floor Denver, CO 80203 (303)866-4500 FAX: (303)866-5691 Consumer Complaint Line - in Denver and Out of State - 303-866-5189 Consumer Complaint Line - Outside of Denver but in Colorado - 1-800-222-4444 Nancy http://members.aol.com/reinbeaux (a Washington State Resident) spams billed $500. each in accordance with Chapter 19 RCW (AOL members: DO not CC / I have aol.com blocked) Founding Member Of P.A.S.S. (P.eople A.gainst S.tupid S.pammers) === Verio makes agreements with spammers not to boot them === Path: uni-berlin.de!fu-berlin.de!feed.news.nacamar.de!easynet-quince!easynet.net !easynet-post2!not-for-mail From: Newsgroups: news.admin.net-abuse.email References: Subject: Re: wholesalebandwidth updates? Date: Tue, 25 Feb 2003 11:17:55 -0000 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1106 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106 Lines: 66 Message-ID: <3e5b5163$0$19301$afc38c87@news.easynet.co.uk> Organization: [posted via Easynet UK] NNTP-Posting-Host: 212.135.252.149 X-Trace: DXC=L]@2@5:IXci138G66CA^i`[CITXL[mUOmnelX@LH>DPhW:QXT4nM30j Xref: uni-berlin.de news.admin.net-abuse.email:1928417 wrote in message news:DQz6a.4687$Bb2.670067738@newssvr10.news.prodigy.com... > A somewhat related side story about WHOLESALEBANDWIDTH > Sometime in December, I called them about a serious issue from my office. > They were hosting a company selling generic viagra, and their client was > spamming my work address at Pfizer (for those of you who are not aware, > Pfizer is the mfg and patent holder of Viagra).. > > When I did get thru to their main line, It was answered very > unprofessionally by someone who sounded like they were in their early > twenties, who inturn passed off the phone to another twenty-something > non-professional. > I explained why I was calling, and connecting them with a Pfizer Attorney > was fun (hearing the panic thru the receiver was great). > > However, from the whole experience.. I concluded WHOLESALEBANDWITH is the > typical stereo-type spam-supporting operation. > A Spews block would be appropriate to any ISP that supports them, although > I notice that their clients typically spam from a china isp. > > Here is something else that is funny: > their DNS is screwed up... you cannot go to their website > (www.wholesalebandwidth.com , which the dns has been screwed up for > months).. > You need to go to the IP address: http://69.6.0.3/ > try reading their link to the AUP/TOS -- it 404s since their DNS does not > work... > to read it you need to goto: http://69.6.0.3/terms/ia/ > > Just another point to show rule#2, and backup my impression of their > "Professionalism"... > > dB The DBA > > btw: a quote from WHOLESALEBANDWIDTH's AUP > " > a.. WholesaleBandwidth has a zero tolerance policy for Spam, and may at its > discretion participate in any of several anti-Spam services, including RBL > offered by "mail-abuse.org". Customer shall establish its own anti-Spam > policies. > ... > INDIRECT OR ATTEMPTED VIOLATIONS OF THIS POLICY, AND ACTUAL OR ATTEMPTED > VIOLATIONS BY A THIRD PARTY ON BEHALF OF CUSTOMER OR A CUSTOMER'S END USER, > SHALL BE CONSIDERED VIOLATIONS OF THE POLICY BY SUCH CUSTOMER OR END USER. > " > > funny.... I wonder where they copied the weasel words, 'cause they did not > think them up themselves. > Yes I gave them a call too. Just got some guy who sounded like the kid with the squeaky voice who works in the burger bar on the simpsons. He assured me he couldn't put me through to the "senior" executives of the company though he did later admit that there is only 3 people at the company, and they work in the same office (trailer)? Apparently he stated with some certainly that Verio would not boot them. That they have some form of agreement with Verio. He refused to elaborate when I mentioned the term pink contract. === Verio's ongoing spam-support === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com !newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail From: Wm James Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S2119 S2257 S1369 Date: 24 Feb 2003 22:17:10 -0600 Lines: 78 Message-ID: References: <3E5A70CD.6040809@verio.net> Reply-To: wrjames.remove@spamreaper.org Cancel-Lock: sha1:R2YpDGRA8RbP1aJAc1nCYnR4Kb4= X-Newsreader: Forte Agent 1.8/32.548 MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit X-NFilter: 1.2.1-b1 Xref: uni-berlin.de news.admin.net-abuse.email:1928301 On Mon, 24 Feb 2003 13:21:49 -0600, Darren Grabowski wrote: >Jaze Webservices (iscool.net) has been terminated >for AUP violations. > >S2119 - Merchantcentral > >Merchantcentral has been terminated for AUP >violations. Swips are coming down shortly, the >interface is down/down. > >1, 130.94.244.129, >fa1-0-vlan2.7204VXR-gw.bct.mcisi.net / currentmail.com >1, 130.94.244.141, www.currentmail.com >1, 130.94.244.238, >1-1-238.customer.bct.cmailinc.com (Dead?) >1, 130.94.244.224/27, currentmail / mcisi.net (Verio) >1, 130.94.244.128/25, currentmail / mcisi.net (Verio) >1, 130.94.244.0/23, Verio (currentmail / mcisi.net) >1, 130.94.244.0/23, Verio (currentmail / mcisi.net) > >S2257 - cheaptrips > >Cheaptrips was terminated a couple weeks ago or so. > >2, 128.121.96.112, cheaptrips.com / >mail.cheaptrips.com / aircourier.org (dead?) >2, 128.121.96.0/25, Verio (cheaptrips.com / >aircourier.org) > >S1369 - Paul Boes > >This was terminated a couple weeks ago or so. > >2, 129.250.226.16 - 129.250.226.31, Paul Boes / >Digital Exposure / detourhosting.net (Verio) >2, 161.58.238.247, Paul Boes / Digital Exposure / >dgxinc.com / bulksupport.com / boesconsulting.net >/ netconstruction.net >2, 161.58.238.0/24, Paul Boes / Digital Exposure / >dgxinc.com (Verio) (dead) > > >darren Bounced checks again Bozo? What about the spammers you still harbor and protect after many months of ignoring complaints? : CashAssistance.com 128.121.126.220 Still active SmallBizAds.com 128.121.126.220 Still active 8point.com 130.94.247.6 Still active compu-terra.com 161.58.154.77 Still active the6habits.com 161.58.151.84 Still active cigarfrat.com 192.220.111.208 Still active THEISPGUIDE.COM 204.2.35.38 Still active postrun.com 128.121.126.220 Still active makeitbig.tux.nu 168.143.168.162 Still active redirection.iscool.net 168.143.168.161 Still active netdomination.com 209.207.250.251 Still active WEBTOOLS2010.COM 209.207.250.250 Still active arecool.net 168.143.168.161 Still active iscool.net 168.143.168.161 Still active freepass.com 129.250.225.52 Still active Now for verio's criminal spammers who peddle porn to children... pornvideos.com 129.250.225.31 Still active www.sexgallery.com 129.250.225.49 Still active And recently moved from 66.230.208.20 to 129.250.225.49 obviously to get around blocking. Mighty friendly of you to assist your spammers like that, you pathetic lying spam whore. Go crawl back under your rock. William R. James === Other people report the on-going spam-suppor from Verio === Path: uni-berlin.de!fu-berlin.de!cox.net!cyclone1.gnilink.net!wn12feed !worldnet.att.net!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail Message-ID: <3E65F68C.650127AF@excite.com> From: Buster Organization: none X-Mailer: Mozilla 4.75 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 Newsgroups: news.admin.net-abuse.email Subject: What happened to Verio cleaning up their act? Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Lines: 26 Date: Wed, 05 Mar 2003 13:05:26 GMT NNTP-Posting-Host: 12.85.167.164 X-Complaints-To: abuse@worldnet.att.net X-Trace: bgtnsc05-news.ops.worldnet.att.net 1046869526 12.85.167.164 (Wed, 05 Mar 2003 13:05:26 GMT) NNTP-Posting-Date: Wed, 05 Mar 2003 13:05:26 GMT Xref: uni-berlin.de news.admin.net-abuse.email:1933137 I am currently being hammered 3-4 times a day from Verio hosted spamhaus Magic-Inbox.com, with no action from Verio to date, so I went back to the beginning of February to see how well they handled my previous complaints on other spammers. Out of dozens I complained about, only one (herbalmeds.org) was shut down and sightings showed they were able to spam for nearly two months (from December 21 through February 18th) before Verio did anything. Some of the worst offenders I complained about that are still on Verio and their history in sightings (just February/March): http://taxsaleconsultant.com - 3/4, 3/3, 3/2, 3/1, 2/25, 2/21, 2/20, 2/18, 2/16, 2/15, 2/11, 2/10, 2/9, 2/6, 2/5, 2/3, 2/2, 2/1 optinlistservices.com - 3/4, 3/3, 3/2, 2/28, 2/27, 2/26, 2/25, 2/23, 2/22, 2/21, 2/20, 2/19, 2/18, 2/14, 2/12, 2/10, 2/1 trysales.com - 3/1, 2/22, 2/18, 2/13, 2/10, 2/8, 2/7, 2/6, 2/5, 2/4, 2/2, 2/1 And now verio has picked up the prolific Norton spammer: http://www.antiviruspros.net/mmm7.htm Perhaps I'm just an extremist, but this doesn't appear to be the record of someone who is trying to clean up their act... === Verio also continues to host the known password and credit card === === stealers === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!feed3.newsreader.com !newsreader.com!ngpeer.news.aol.com!audrey-m2.news.aol.com!not-for-mail Lines: 8 X-Admin: news@aol.com From: ncalmichl@aol.comspamnott (NCalMichl) Newsgroups: news.admin.net-abuse.email Date: 05 Mar 2003 16:48:38 GMT References: <3E65F68C.650127AF@excite.com> Organization: AOL http://www.aol.com Subject: Re: What happened to Verio cleaning up their act? Message-ID: <20030305114838.27940.00000078@mb-fk.aol.com> Xref: uni-berlin.de news.admin.net-abuse.email:1933216 From another thread, note that Verio is currently hosting an AOL password "phisher" at: http://207.67.219.78/0x28xll348x2048x3394/x01x23x09x95.x01 (Note that due to some spammer techno-tricks, the page may only read properly when accessed _from_ AOL). I believe that Verio has hosted quite a few AOL password phisher pages lately. === And other spammers === Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!sjc70.webusenet.com !news.webusenet.com!sn-xit-02!sn-xit-04!sn-xit-06!sn-post-01!supernews.com !corp.supernews.com!not-for-mail From: Tom Betz Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S2459 Another Verio Update Date: Thu, 20 Mar 2003 15:30:47 -0000 Organization: Anything Message-ID: References: <3E78EBE7.9090707@verio.net> User-Agent: Xnews/05.08.12 X-Complaints-To: abuse@supernews.com Lines: 60 Xref: uni-berlin.de news.admin.net-abuse.email:1944512 Wm James wrote in news:k8ki7v0kket8tlko49jd69vr9kir3hom4m@4ax.com: > On Wed, 19 Mar 2003 16:15:03 -0600, Darren Grabowski > wrote: > >>catalogmax has been terminated. >> >>1, 161.58.197.101, catalogmax.net >>1, 161.58.197.0/25, Verio (catalogmax.net) >>1, 198.66.199.34, catalogmax.biz / catalogmax.net >>1, 198.66.199.0/26, Verio (catalogmax.biz / >>catalogmax.net) >>1, 161.58.148.41, webmail.catalogmax.biz >>(www1119.verio-web.com) >>1, 161.58.148.0/26, Verio (webmail.catalogmax.biz) >> >>darren > > > However, the following checks apparently didn't bounce so verio is > still ignoring all complaints: > > CashAssistance.com 128.121.126.220 Still active > SmallBizAds.com 128.121.126.220 Still active > 8point.com 130.94.247.6 Still active > compu-terra.com 161.58.154.77 Still active > the6habits.com 161.58.151.84 Still active > cigarfrat.com 192.220.111.208 Still active > THEISPGUIDE.COM 204.2.35.38 Still active > postrun.com 128.121.126.220 Still active > makeitbig.tux.nu 168.143.168.162 Still active > redirection.iscool.net 168.143.168.161 Still active > netdomination.com 209.207.250.251 Still active > WEBTOOLS2010.COM 209.207.250.250 Still active > arecool.net 168.143.168.161 Still active > iscool.net 168.143.168.161 Still active > freepass.com 129.250.225.52 Still active > topikmail.com 216.167.127.240 Still active > topiksolutions.com 128.242.204.9 Still active > lawcomllc.com 216.40.33.117 Still active > deepdiscountdvd.com 198.65.147.192 Still active Not to mention: realmarket.com 192.220.92.11 Still active ... which has been spamming me daily for weeks, and about whom I have complained each time. > > Now for verio's criminal spammers who peddle porn to children... > > pornvideos.com 129.250.225.31 Still active > sexgallery.com 129.250.225.49 Still active > And recently moved from 66.230.208.20 to 129.250.225.49 obviously to > get around blocking. > > === And Verio listwashes for their spammers, reading reports in NANAE === === but will not terminate the spammers === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sn-xit-02!sn-xit-04 !sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: Tom Betz Newsgroups: news.admin.net-abuse.email Subject: Re: SPEWS S2459 Another Verio Update Date: Fri, 21 Mar 2003 21:37:34 -0000 Organization: Anything Message-ID: References: <3E78EBE7.9090707@verio.net> User-Agent: Xnews/05.08.12 X-Complaints-To: abuse@supernews.com Lines: 64 Xref: uni-berlin.de news.admin.net-abuse.email:1945539 Tom Betz wrote in news:Xns93446AF24E450greenriverordinance@216.168.3.44: > Not to mention: > > realmarket.com 192.220.92.11 Still active > > ... which has been spamming me daily for weeks, and about whom I have > complained each time. Thanks (not!) for the listwash, Darren: From bounce-message-1383937@lists.n-email.net Fri Mar 21 14:52:13 2003 Return-Path: X-Original-To: tbetz@cloud9.net Delivered-To: tbetz@cloud9.net Received: from localhost (localhost [127.0.0.1]) by russian-caravan.cloud9.net (Postfix) with ESMTP id 2A54DAA9B for ; Fri, 21 Mar 2003 14:52:13 -0500 (EST) Received: from russian-caravan.cloud9.net (localhost [127.0.0.1]) by localhost (VaMailArmor-2.0.1.7) id 08975-400F9460; Fri, 21 Mar 2003 14:52:13 -0500 Received: from lyris6.neighborhoodemail.com (lyris6.neighborhoodemail.com [63.79.72.90]) by russian-caravan.cloud9.net (Postfix) with SMTP id 97471AA94 for ; Fri, 21 Mar 2003 14:52:12 -0500 (EST) Message-Id: X-lyris-type: goodbye From: "Lyris ListManager" Reply-To: "Lyris ListManager" To: tbetz@cloud9.net Subject: You are unsubscribed from RealMarket Today! (HTML) Date: Fri, 21 Mar 2003 14:42:42 -0500 X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.7; VAE: 6.18.0.3; VDF: 6.18.0.18; host: russian-caravan.cloud9.net) Status: OR You have been unsubscribed from RealMarket Today! Your feedback is very important to us, so please take a moment to tell us what you think of RealMarket Today! by taking a one question survey - http://www.realmarket.com/survey/survey1.html Thank you - RealMarket (questions? - info@realmarket.com) [ end listwash ] Now you can start working on email8.net/email10.net who continue to spam me. === Verio refuses to accept complaints that don't provide the e-mail address === === for listwashing from their spammers' lists === Newsgroups: news.admin.net-abuse.email Subject: Re: Incorrect entry in spews.org From: Socks References: <637a4424.0303230754.24b44377@posting.google.com> Organization: Lumber Cartel Message-ID: User-Agent: Xnews/06.01.10 Date: Sun, 23 Mar 2003 13:10:47 -0700 NNTP-Posting-Host: 207.174.251.62 X-Trace: 23 Mar 2003 13:40:08 -0700, 207.174.251.62 Lines: 32 Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!bloom-beacon.mit.edu !news.colorado.edu!cs.colorado.edu!csnews!coop.net!news.coop.net !thoth.nilenet.com!nobody Xref: uni-berlin.de news.admin.net-abuse.email:1946395 Dolphin wrote in news:slrnb7s0lk.h8o.usenet-Mar+nanae@orca.dolphinwave.org: > On Sun, 23 Mar 2003 11:09:45 -0500 Bruce Pennypacker > > wrote in message : > > >>> Can someone please let me know how this error can be remedied. >> >> This IP is assigned to Verio, who is about as black as an ISP can >> get. They regularly host spammers and ignore spam complaints, so the >> best thing you can do is move to a new provider ASAP. > > > They do even worse. They cooperate with their spammers by actively > helping them to get rid of those complainers (helping them to "wash" > their spam lists from those who know how to complain), but keeping > the spammers connected, despite on numerous complaints. For example: > http://groups.google.com/groups?selm=Xns9345A9218ADC7greenriverordinanc > e%40216.168.3.44 (note: Darren is the abuse person of Vario, who posts > here sometimes, and obviously reads replies, too). I can personally vouch for that. Because I refuse to tell them what email address their spam came in on, so that they can help their spammers listwash, they won't accept spam complaints from me. Fine. With the exception of my spamtraps, I won't accept traffic from them. -- Bomb Texas - - - They have oil too === No comments === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-04 !sn-xit-06!sn-post-01!supernews.com!news.supernews.com!not-for-mail From: adam brower Newsgroups: news.admin.net-abuse.email Subject: verio consults spamhaus??? Date: Wed, 26 Mar 2003 16:21:30 -0600 Organization: mypoem.com Message-ID: <3E8227EB.AD119B9C@faceville.com> Reply-To: adam@faceville.com X-Mailer: Mozilla 4.77C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC) X-Accept-Language: en,zh,zh-CN MIME-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Content-Transfer-Encoding: 8bit X-Complaints-To: abuse@supernews.com Lines: 67 Xref: uni-berlin.de news.admin.net-abuse.email:1948615 this just in from verio, presented without comment. ++++++++++++++ As a valued business partner and reseller of Verio products, it?s important to share with you what we are doing internally to address the issue of spam being sent over the Verio network. First and foremost, we want to give you confidence that Verio is diligently working on this issue. Verio does not advocate doing business with spammers. In fact, our Acceptable Use Policy (?AUP?) prohibits using the Verio network to send spam. You can view the Verio AUP at: http://verio.com/company/policies/aup.cfm. For additional information on ways that you can further combat spam, please visit the Reseller Backroom at: https://reseller.securesites.com/marketing/library/spam/spamfighting.html We are working aggressively to remove spammers from our network. We are also facilitating relationships and communication with the anti-spam community and the owners of the blacklists. Through these efforts, Verio has been able to accelerate the termination of customers that violate our AUP and successfully remove Verio IP?s from blacklists. Since last November, we have terminated more than 130 spammers. Terminating spammers is an ongoing challenge as many known spammers are continuously changing their company name in an effort to conceal their true identity. Through due diligence, education, process changes, and training of Verio?s sales force, we are working to eliminate the spam that is being sent over our network. Listed below are changes we have implemented to combat the ever increasing industry-wide issue: a. Using www.Spamhaus.org to provide our sales force, partners, and resellers with a list of known spammers as a tool to screen out prospects in the pre-sales process. b. Making a list of customers previously terminated for violating our AUP available to all sales representatives. c. Screening all prospects during the credit review process for any history of spamming. d. Screening all contracts against the list of known spammers at time of order entry and at time of provisioning. e. Providing sales representatives, partners and resellers with a list of pre-sales questions designed to aid them in screening out those in the spam business during the pre-sales process. In addition, when we receive a complaint that an existing Verio customer has sent spam, we follow a 3 step process that is listed below: a. Issue a warning to the customer and solicit feedback; b. Educate the customer at which time we ascertain if the customer has adopted sound opt-in list practices or are willing to do so; and c. If we continue to receive complaints, terminate the relationship. Please send any questions that you have about this initiative to your Reseller Account Manager. We hope you recognize that we take this issue seriously. As always, your input and suggestions are greatly appreciated. Best wishes, Doug Schneider President SME Hosting NTT/VERIO === More of Verio harboring blatant spammers and ignoring complaints === Path: uni-berlin.de!fu-berlin.de!gail.ripco.com!news-feed.riddles.org.uk !sn-xit-03!sn-xit-04!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com !not-for-mail From: Tom Betz Newsgroups: news.admin.net-abuse.email Subject: Re: Verio update SPEWS S2523 S2152 Date: Sat, 26 Apr 2003 16:52:30 -0000 Organization: Some Message-ID: References: <3EA9A8BF.4050900@verio.net> User-Agent: Xnews/06.02.16 X-Face: #^=oh~^r5AV^#I3^*+(VAGoCzyvK%%w\/HM"[t&a)rHXo#NR3Z\,"/?_htmx~~gG.>v~+.I|P%it\y FS~TxS($@5b8?Rn]z3N]~!6XL9A&2T}I,]-T/8wH~ Ye X-Complaints-To: abuse@supernews.com Lines: 11 Xref: uni-berlin.de news.admin.net-abuse.email:1969885 Quoth Darren Grabowski in news:3EA9A8BF.4050900@verio.net: > Nitronet has been terminated for AUP violations. And the email8.net/email10.net/21stcenturyalert.com/21stcenturyoptions.com/ 30daysfree.com/data55.net spam consortium continues to spam me twice every weekday, as it has done for months, and the pink contract just keeps on pinking along, despite every single spam being reported to you. Shameful. === And still no action from Verio on their spammers for MONTHS! === Path: uni-berlin.de!fu-berlin.de!news.tele.dk!news.tele.dk!small.news.tele.dk !newsfeed.icl.net!newsfeed.fjserv.net!news.netkonect.net !dnews0.news.legend.net.uk!not-for-mail From: Ian Jennings Newsgroups: news.admin.net-abuse.email Subject: Did I see Verio in here? Date: 8 May 2003 15:24:11 +0100 Organization: Microware Data Services Ltd Lines: 22 Message-ID: NNTP-Posting-Host: news.legend.co.uk X-Trace: news.netkonect.net 1052403855 11892 212.41.160.119 (8 May 2003 14:24:15 GMT) X-Complaints-To: usenet@news.netkonect.net NNTP-Posting-Date: Thu, 8 May 2003 14:24:15 +0000 (UTC) User-Agent: Xnews/5.04.25 X-Original-NNTP-Posting-Host: easy.go-legend.net X-Original-Trace: 8 May 2003 15:24:11 +0100, easy.go-legend.net Xref: uni-berlin.de news.admin.net-abuse.email:1979897 Hi all, I *thought* I saw someone from Verio in here asking for mercy on some of their blocks. Just received a turdlet spamvertising http://207.156.216.57/tools/zx.html which I first bitched to Verio about on 26th March!! It's *still* alive and kicking. Long may they rot. Penis enlargment pills? Pah! I've been taking them for months and I still can't get my cock any bigger than 10 or 11". -- ************************************************************ Ian Jennings Microware Data Services This post is made entirely from recycled ones and noughts ************************************************************ === Another proof for the same spammer === Path: uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!peernews3.colt.net !colt.net!easynet-thlon3!easynet.net!easynet-post1!not-for-mail From: Newsgroups: news.admin.net-abuse.email References: Subject: Re: Did I see Verio in here? Date: Thu, 8 May 2003 17:32:40 +0100 X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Lines: 30 Message-ID: <3eba86b1$0$20850$afc38c87@news.easynet.co.uk> Organization: [posted via Easynet UK] NNTP-Posting-Host: 212.135.252.149 X-Trace: DXC=I[MWdIJcUQ@jGg]L48[_lG\0F8Qd[dGL@nelX@LH>DPHW:QXT4nM30J Xref: uni-berlin.de news.admin.net-abuse.email:1980025 "Ian Jennings" wrote in message news:Xns93759C93EFA00ijmicrowaredatacouk@212.41.160.119... > Hi all, > > I *thought* I saw someone from Verio in here asking for mercy on some of > their blocks. > > Just received a turdlet spamvertising http://207.156.216.57/tools/zx.html > which I first bitched to Verio about on 26th March!! It's *still* alive and > kicking. > > Long may they rot. > > Penis enlargment pills? Pah! I've been taking them for months and I still > can't get my cock any bigger than 10 or 11". > > > -- > ************************************************************ > Ian Jennings > Microware Data Services > > This post is made entirely from recycled ones and noughts > ************************************************************ Me too, the very same, sent it off to Darren at Verio. Lets hope their check bounces next month. === Replies === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.cis.ohio-state.edu !nntp.service.ohio-state.edu!not-for-mail From: "Jay Stuler" Newsgroups: news.admin.net-abuse.email Subject: Re: Did I see Verio in here? Date: Thu, 8 May 2003 12:58:55 -0400 Organization: Ohio State University Lines: 17 Sender: stuler.1@dhcp065-024-140-061.columbus.rr.com Message-ID: References: <3eba86b1$0$20850$afc38c87@news.easynet.co.uk> NNTP-Posting-Host: dhcp065-024-140-061.columbus.rr.com X-Trace: charm.magnus.acs.ohio-state.edu 1052412868 4211 65.24.140.61 (8 May 2003 16:54:28 GMT) X-Complaints-To: abuse@osu.edu NNTP-Posting-Date: 8 May 2003 16:54:28 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1158 X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165 Xref: uni-berlin.de news.admin.net-abuse.email:1980058 wrote in message news:3eba86b1$0$20850$afc38c87@news.easynet.co.uk... *snip* > > Me too, the very same, sent it off to Darren at Verio. Lets hope their check > bounces next month. If they get listed in SPEWS, then Verio will trade them with another ISP for one of their spammers. That's how it works - shuffle the spammers around like baseball teams trading players. No interruption in pay, minimal interruption for "legitimate" customers. Swapping spammers is the new pink contract. === Even domain registrars kill spammers' domains faster than Verio! === === http://spews.org/html/S2638.html === lowlowmortgagequotes |-------------------- 2, 128.121.124.187, lowlowmortgagequotes.com / "pandam.tempdomainname.com" (dead) 2, 128.121.124.128/25, verio.net (lowlowmortgagequotes.com) 0, 128.121.110.0 - 128.121.138.255, verio.net (lowlowmortgagequotes.com) ---------------------| Spamming. Host refuses to act on reports of abuse. UPDATE: Even DOTSTER kills the domain faster than Verio (secure.net) the site!!! ====================================================================== http://www.lowestratesaround.net/index.php?a=richpoo http://128.121.124.187/mrt/index.php?a=richpoo http://www.lowlowmortgagequotes.com/index.php => http://128.121.124.187/mrt ====================================================================== Julio Remirez 9987 Southwood Dr. Dallas, TX 75424 US Registrar: DOTSTER Domain Name: LOWLOWMORTGAGEQUOTES.COM Created on: 01-MAY-03 Expires on: 01-MAY-04 Last Updated on: 01-MAY-03 Administrative, Technical Contact: Remirez, Julio jremirez@yahoo.com 9987 Southwood Dr. Dallas, TX 75424 US 361 887 8969 Domain servers in listed order: NS1.NAMERESOLVE.COM NS2.NAMERESOLVE.COM NS3.NAMERESOLVE.COM NS4.NAMERESOLVE.COM Last Updated on: 12-MAY-03 Domain servers in listed order: NS1.SPAMSHUTDOWN.COM (Dotster kill) NS2.SPAMSHUTDOWN.COM ====================================================================== Received: from 204-117-69-248-dsl.etv.net (204-117-69-248-dsl.etv.net [204.117.69.248]) by []; Sat, 3 May 2003 12:52:54 -0700 (PDT) Received: from [97.5.23.162] by 204-117-69-248-dsl.etv.net with ESMTP id 31966618; Sat, 03 May 2003 20:50:47 +0000 Message-ID: From: "Feel Better" To: [] Subject: get that girl or guy you always wanted Date: Sat, 03 May 03 20:50:47 GMT X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.00.2919.6700 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="C7CB.35F4DC5"

Free Mortgage Quote!
There are over 89,000 mortgage companies in the U.S., which means the process of finding the best loan for you can be a very difficult one.Let us do the hard work for you!
Simply spend 2 minutes filling out a short form, press the submit button, and we take it from there... finding the best deals possible, and getting the lenders to contact you! It's short, it's simple, it's free, and it will save you thousands of dollars!
Click here for your free quote
If you would believe you received this email in error, or never subscribed to Great Weekly Offers you may unsubscribe by Clicking Here.

====================================================================== === Verio forwards all the complaints data to their spammers === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: lloyd.frombriz@caramail.com (Lloyd From Brisbane) Newsgroups: news.admin.net-abuse.email Subject: Verio sends your ID to the spammer Date: 23 Jul 2003 21:30:19 -0700 Organization: http://groups.google.com/ Lines: 17 Message-ID: <62b55418.0307232030.445e3444@posting.google.com> NNTP-Posting-Host: 152.98.224.135 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1059021020 25525 127.0.0.1 (24 Jul 2003 04:30:20 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 24 Jul 2003 04:30:20 GMT Xref: uni-berlin.de news.admin.net-abuse.email:2032838 So I get spammed, and report the spam to verio. And report. And report. Finally a human replies and I have to post some evidence on the web because it's a bitmap, and Verio's system automatically deletes attachments. I *ask* them to copy the bitmap & use it as they like, but DO NOT GIVE THE URL TO THE SPAMMER. What happens? Revenge spam within 48 hours, although to their credit, after A MONTH the spammer's website is finally dead. My own bloody webpage cut & pasted right into a turdlet... It took two tries to get an explanation out of verio (cci'ng legal@ seems to help)...and what did they say? "We use information sent to us, according to our own discretion to aid us in enforcing our AUP. The site is currently not hosted with us." So NEVER give anything to Verio that can be used by a spammer...they pass it right along. LFB. === Verio keeps their proxy-hijacking spammers despite on complaints === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed2.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!sn-xit-02!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail From: rfg@monkeys.com (Ronald F. Guilmette) Newsgroups: news.admin.net-abuse.email Subject: Meet The Bullet-Proof Proxy Hijacking Licht Brothers - Daniel and Ernst Date: Fri, 25 Jul 2003 08:18:54 -0000 Organization: Posted via Supernews, http://www.supernews.com Message-ID: X-Complaints-To: abuse@supernews.com Lines: 111 Xref: uni-berlin.de news.admin.net-abuse.email:2033605 About three weeks ago I reported to Verio abuse that I had picked up clear evidence of really MASSIVE criminal open proxy hijacking activity originating from the following four IP addresses on Verio's network: 161.58.176.134 161.58.176.138 161.58.176.145 161.58.176.154 According to Verio's rwhois server, these all are assigned to one Daniel Licht of Fleetwood, Pennsylvania: .. network:IP-Network-Block:161.58.176.138 - 161.58.176.138 network:Org-Name:Daniel Licht network:Street-Address:12 West Pine St network:City:Fleetwood network:State:PA network:Postal-Code:19522 network:Country-Code:US .. Now, today, I have been compiling a list of the Top 40 most prolific open proxy hijackers on the net at the present time. And what do I find? Well, among other things, I find the following three IPs that have been spewing big-time over the past 48 hours from dialtoneinternet.net, in Florida. (I already told dialtoneinternet.net about these criminals over three weeks ago, but they haven't done squat about that report, apparently.) 69.0.231.42 ns.5centdeposit.com 69.0.231.114 ns.ernstlicht.com 69.0.231.120 ns5.mojoent.com These are the *only* three IP addresses that are spewing at the present time from dialtoneinternet's 69.0.231/24 block. Now, check the reverse DNS name on that middle one. Then check the WHOIS data for `ernstlicht.com': ===================================================================== Ernst Licht Embroidery and Imports (ERNSTLICHT-DOM) 347 Main Street, POBox 255 Oley, PA 19547 US Domain Name: ERNSTLICHT.COM Administrative Contact: Weidner, Denise (DW8381) licht@ENTER.NET Ernst Licht Embroidery and Imports 347 MAIN ST # 255 OLEY, PA 19547-8779 US (610) 987-3298 Technical Contact: Corsa, Larry (LC118) lcorsa@ENTER.NET 815 N 12TH ST ALLENTOWN, PA 18102-1318 US (610) 437-2221 fax: 123 123 1234 Record expires on 21-Jul-2009. Record created on 17-Oct-2002. Database last updated on 25-Jul-2003 03:30:44 EDT. Domain servers in listed order: DNS.ENTER.NET 63.65.0.2 NS2.ENTER.NET 63.65.0.3 ===================================================================== Well, well, well! So it seems that Ernst just lives about five miles south of Daniel there in Pennsylvania! (I know. I checked the map.) How nice! Brothers should stick together don't cha think? That's especially true if they are both involved in the exact same criminal activies. Remember, brothers who spam together stay together. Regards, rfg P.S. I'll bet that Daniel is really happy to be getting bulletproof hosting on Verio, and that Ernst is real happy to be getting bullet- proof hosting from dialtoneinternet.net. Both are still very busy, hijacking open proxies like crazy, and pumping out the spam, even as we speak, even though I reported both to their respective providers over three weeks ago. P.P.S. Ernst has a cute little web site, www.ernstlicht.com. How does one spell `spam' in Bavarian? P.P.P.S. The evidence suggests that the Spamming Licht Brothers either are, or are in league with whoever owns MOJOENT.COM. And the spamming that has been connected to THAT domain goes all of the way back to January 1999: http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=19990129101214.03043.00000405%40ngol02.aol.com&rnum=2 I really would like to get the Licht Brothers in the back room and under some hot lights and ask them a few pointed questions. Is anybody here physically near to this part of Pennsylvania? I'll give $75 bucks for an _authentic_ picture or either Licht brother, provided it is close enough to make out facial details, and not too grainy. === And Verio still ignores complaints, sending their usual lies === Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !postnews1.google.com!not-for-mail From: iebsk001@sneakemail.com (Spam Reporter) Newsgroups: news.admin.net-abuse.email Subject: Open response to Verio Date: 4 Sep 2003 06:29:31 -0700 Organization: http://groups.google.com/ Lines: 118 Message-ID: NNTP-Posting-Host: 68.23.215.31 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: posting.google.com 1062682173 13825 127.0.0.1 (4 Sep 2003 13:29:33 GMT) X-Complaints-To: groups-abuse@google.com NNTP-Posting-Date: 4 Sep 2003 13:29:33 GMT Xref: uni-berlin.de news.admin.net-abuse.email:2061709 Response is to a Verio drone for the spam complaint that is excerpted at the end of the message. I'm surprised I even got a response - maybe it's my personal bitchlist of about 150 Verio email address contacts finally wearing them down? > -----Original Message----- > From: Levent Oyken support@viaverio.com > Sent: Thursday, September 04, 2003 9:03 AM > To: x > Subject: Re: [IDS-5801810] UBE: WARNING - OFFICIAL NOTICE > > Dear Webmaster, > > Thank you for contacting the Abuse Department. > > We have received your complaint regarding unsolicited E-mail from > someone using our services. Be assured that the appropriate actions > (Warning, suspension or deletion) have been taken to resolve > this issue. We apologize for any inconvenience that this may > have caused you or your company. > > Why Bulk E-mail is Bad Business http://www.twowriters.net/spam.htm > > Best Regards, > > Account Abuse Which would explain why there is another spam report posted into NANAS just hours ago: http://groups.google.com/groups?selm=_xB5b.15693%24R32.531957%40news2.tin.it Which would explain why the website still connects just fine with or witthout the redirect. What action did you take? Why on earth is this website still up? Let's look at the reasons why it should be down: * There are four spam complaints in NANAS. Each posted complaint represents hundreds of complaints that were not posted, thousands of spams that were not complained about and tens of thousands of spams that were not delivered. * There are over 50 SpamCop reports. You would have received more of them if you accepted munged reports, and you would get more unmunged reports if you didn't have the reputation for sending complaints to your customers for listwashing. * All of the spam reports are from open proxies and relays. * The website employs a redirect that, given the above facts, is slimy as hell and you know it. Let's examine the reasons why you should keep this website up: * Their checks are still good. * Verio lies about taking action (you probably didn't even "warn" the spammers). * Verio provide spam support and doesn't care who knows it. * Verio are as bad as the spammers. You will continue to get spam reports shotgunned to every address I can find for your company and your mail will forever not be welcome on my servers as long as you refuse to actually address abuse issues. This reply is being posted to NANAE in the hopes that it will be used as evidence for the IDP that Verio so richly deserves. > ==== Excerpt from your message received 8/31/2003 10:24:23 EDT ==== > >ORIGIN: 220.124.102.2 > > ==> support@kornet.net, postmaster@kornet.net, abuse@kornet.net, > > spamrelay@certcc.or.kr, ip@ns.kornet.net > > > >URL: http://www.pc-man.biz [216.168.224.70 / > wf.networksolutions.com] > >==> pezoll@attglobal.net, abuse@networksolutions.com, > > privacy@networksolutions.com, noc@netsol.com, > > postmaster@networksolutions.com, postmaster@netsol.com > > > >URL REDIRECTS TO: http://www.manpc.com [198.66.213.69 / > ussa3.com] ==> > >wgalway@attglobal.net, speigee@attglobal.net, Verio Bitch-list > > > >X-Apparently-To: x via web80202.mail.yahoo.com; 31 Aug 2003 07:02:45 > >-0700 > >(PDT) > >X-YahooFilteredBulk: 220.124.102.2 > >Return-Path: > >Received: from yipvmc-ext.prodigy.net (EHLO yipvmc.prodigy.net) > >(207.115.63.30) > > by mta806.mail.yahoo.com with SMTP; 31 Aug 2003 07:02:45 > -0700 (PDT) > >X-Header-Overseas: Mail.from.Overseas.source.220.124.102.2 > >X-Header-NoReverseIP: IP.name.lookup.failed[220.124.102.2] > >X-Originating-IP: [220.124.102.2] > >Received: from 220.124.102.2 ([220.124.102.2]) > >by yipvmc.prodigy.net (8.12.9/8.12.3) with SMTP id h7VE2gCU574042 > >for ; Sun, 31 Aug 2003 10:02:43 -0400 > >Message-ID: <20030821896.27284.qmail@yahoo.com> > >Date: Sun, 31 Aug 2003 08:11:02 -0700 > >From: "PC-man" > >Subject: WARNING - OFFICIAL NOTICE > >To: > >MIME-Version: 1.0 > >Content-Type: text/html; charset=iso-8859-1 > > > >


>COLOR="#ff0000" SIZE=4 PTSIZE=11>Computer holding NOW looking for > >partners WORLDWIDE ! PTSIZE=10>
> >

> >
Want to do business with us?
> >
We are ready to offer you the best conditions of business. ... > === Verio moves their block-listed spammers to new IPs === Newsgroups: news.admin.net-abuse.blocklisting Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu !zorac!blocklisting.com!robomod!not-for-mail From: Claes T Subject: Re: Spews removal request Approved: NANAB Moderators Content-Type: text/plain; charset=us-ascii X-Newsreader: Forte Agent 1.9/32.560 X-Complaints-To: abuse@abc.se Sender: nanab@zorch.sf-bay.org (Scott Hazen Mueller) Nntp-Posting-Date: Thu, 20 Nov 2003 02:14:51 +0000 (UTC) Content-Transfer-Encoding: 7bit NNTP-Posting-Host: h30n5c1o299.bredband.skanova.com Organization: DoNotSpam, eventhough e-address IS valid Message-ID: References: X-Trace: oden.abc.se 1069294491 28070 217.211.246.30 (20 Nov 2003 02:14:51 GMT) Mime-Version: 1.0 Date: Thu, 20 Nov 2003 00:19:41 GMT X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting Lines: 41 Xref: uni-berlin.de news.admin.net-abuse.blocklisting:2641 S1358 On Wed, 19 Nov 2003 23:26:10 GMT, bimal_linux@yahoo.com (Bimal) wrote: >Few of our customers started complaining that they are not able to >receive mails from our mailserver. We recently shifted to the new n/w >and fond that our IP range (198.87.242.0 - 198.87.242.254) is blocked >by Spews few months back. We are not performing spamming and please >remove our IP from the black list. 1, 198.87.240.0 - 198.87.240.255, mach10hosting.com (genesisinvestmentcapital.com) (Verio) 0, 198.87.241.24, allpreapproved.com (dead) 2, 198.87.241.0 - 198.87.241.255, mach10hosting.com 2, 198.87.238.0 - 198.87.242.255, Verio (mach10hosting.com) Oh, seems like mach10hosting.com is still at Verio: Dig mach10hosting.com@ns2.mach10hosting.com (204.1.28.59) ... Authoritative Answer mach10hosting.com A (Address) 204.1.29.81 ns1.mach10hosting.com A (Address) 204.1.28.11 ns2.mach10hosting.com A (Address) 204.1.28.59 mail.mach10hosting.com A (Address) 204.1.28.201 (some snipped) *You* are not listed, Verio is. At the moment, it seems the IPs Verio let you use are listed just at "level2". Not many ar expected to block on level2-listings. If Verio keep this spammer as customer, the listing may well be changed to a level 1. You may want to talk to Verio before that happens, explaining you won't accept paying for spam-infested/listed IPs. You may want to ask Verio to provide you with new IPs each time the old IPs is listed. Or you may want to use/rent a mail relay outside Verio-space. I guess Verio won't be delisted until this spammer is booted from Verio (and not just moved around). I could be wrong. Claes T === Verio's so-called "SPEWS updates", pretending to remove spammers === Newsgroups: news.admin.net-abuse.blocklisting From: Darren Grabowski Subject: SPEWS - Another round of Verio updates Approved: NANAB Moderators Content-Type: text/plain; charset=us-ascii X-Complaints-To: abuse@verio.net User-Agent: KNode/0.7.2 Sender: nanab@zorch.sf-bay.org (Charlie Root) Nntp-Posting-Date: Wed, 10 Dec 2003 18:01:27 GMT NNTP-Posting-Host: 129.250.49.192 Content-Transfer-Encoding: 7Bit Organization: NTT/Verio Message-ID: X-Spamscanner: mailbox3.ucsd.edu (v1.4 Oct 30 2003 22:20:52, 0.4/5.0 2.60) X-Spam-Level: Level X-Trace: dfw-read.news.verio.net 1071079287 129.250.49.192 (Wed, 10 Dec 2003 18:01:27 GMT) Mime-Version: 1.0 X-Mailscanner: PASSED (v1.2.8 65651 hBAI1TlS084072 mailbox3.ucsd.edu) Date: Wed, 10 Dec 2003 16:02:51 GMT X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting Lines: 72 Spews, Here is another round of updates from Verio. S1014 - There have been no hits in .sightings since 2002 for both of these, plus these websites are no longer on these IP's. We have also not received complaints on these since 2002. 1, 198.65.242.185, streetline.com 1, 198.65.242.0/24, streetline.com (Verio) 1, 161.58.21.89, edebtcntr.com 1, 161.58.21.0/24, edebtcntr.com (Verio) S1053 - Server Arts has been doing a good job on keeping spammers off their network. I think it's safe to remove these. 1, 130.94.243.0 - 130.94.243.255, Server Arts 1, 130.94.247.0 - 130.94.247.255, Server Arts (given to another spam house) S1156 - I didn't see any hits in .sightings for jmsfood.com or 1-food-storage.com. In July they reported that they had a customer who did the spamming and they were terminated. 1, 128.121.221.201, jmsfood.com / 1-food-storage.com 1, 128.121.231.104, jmsfood.com / 1-food-storage.com S1168 - Part of this is dead. 1, 209.168.60.128/25, eroticamail / Aeroweb (dead?) S1312 - This is dead as well. 2, 198.63.28.0 - 198.63.28.255, nextgroup.net (RDAI.COM/verio.net) S1485 - I think Jack gave up on his journal. Well, on the .net, .com still works, but it is not on Verio. 1, 128.242.235.230, jacksjournal.net / mjwebdesigns.com 1, 128.242.235.228 - 128.242.235.231, jacksjournal.net / mjwebdesigns.com 2, 128.242.235.0 - 128.242.235.255, jacksjournal.net / mjwebdesigns.com (Verio) S1677 - Just a note, images2.laih.com is no longer on 128.242.107.114. 2, 128.242.107.114, images2.laih.com (Mirror Image) 2650 - This is dead. 1, 207.156.222.222, atldev.com (dead) S716 - Hotticker is no longer resolving. 2, 216.42.80.26, hotticker.com / io.netsville.com 2, 216.42.80.33, hotticker.com / colossus.netsville.com 2, 216.42.80.38, hotticker.com / jupiter.netsville.com S755 - This is dead. 2, 192.220.171.247, shopityourway.com (dead) S859 - This is dead. 1, 216.42.83.9, bargainmall2001.com (domain dead) 2, 216.42.83.0/25, bargainmall2001.com (Verio) S938 - These are dead as well. 2, 209.168.123.23, casinos-today.com (dead) -- Darren Grabowski Verio Security & Abuse Team === And what it really means: moving the spammers around === Newsgroups: news.admin.net-abuse.blocklisting Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu !zorac!blocklisting.com!robomod!not-for-mail From: Safari Subject: Re: SPEWS - Another round of Verio updates Approved: NANAB Moderators X-Complaints-To: abuse@mail.suomi.net User-Agent: slrn/0.9.8.0 (Linux) Reply-To: safari@linuxmail.orgies Cancel-Lock: sha1:B23sWpOd78GfW4vojLrLhlOPI4E= Sender: nanab@zorch.sf-bay.org (Charlie Root) NNTP-Posting-Host: adsl-82-141-70-99.kotinet.com Nntp-Posting-Date: Wed, 10 Dec 2003 22:42:45 +0000 (UTC) Content-Transfer-Encoding: 7BIT Organization: Oulun Puhelin Oyj - Baana Message-ID: References: X-Trace: plaza.suomi.net 1071096165 26800 82.141.70.99 (10 Dec 2003 22:42:45 GMT) Date: Thu, 11 Dec 2003 01:36:23 GMT X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting Lines: 154 Xref: uni-berlin.de news.admin.net-abuse.blocklisting:3112 On Wed, 10 Dec 2003 16:02:51 GMT, Darren Grabowski wrote: > Spews, > > Here is another round of updates from Verio. > > S1014 - There have been no hits in .sightings since 2002 for both of these, > plus these websites are no longer on these IP's. translation: you moved them to non-SPEWSed netblocks after spamrun finished and they got their own SPEWS record. > We have also not received complaints on these since 2002. translation: you are not terminating them because they pay the bill. > 1, 198.65.242.185, streetline.com $ host streetline.com streetline.com has address 64.7.93.27 webperception, verio, AS2914 $ lynx -dump http://streetline.com | head -n 5 Life insurance leads, debt leads, financial planning leads. __________ __________ Life insurance leads, debt leads, financial planning leads. [1][Life_lead_free.gif] > 1, 198.65.242.0/24, streetline.com (Verio) > 1, 161.58.21.89, edebtcntr.com $ host edebtcntr.com edebtcntr.com has address 199.239.231.240 [rwhois.verio.net] Verio Web Hosting - STNGVA01 (NETBLK-VRIO-199-239-231) VRIO-199-239-231 199.239.231.0 - 199.239.231.255 Verio Web Hosting - Sterling (NETBLK-W062-199-239-224) W062-199-239-224 199.239.224.0 - 199.239.255.255 Verio Inc. (NETBLK-VRIO-199-236) VRIO-199-236 199.236.0.0 - 199.239.255.255 $ w3m -dump http://edebtcntr.com/ | head -n 3 [logo] # Debt Consolidation | Identifying a debt Problem | FAQ > 1, 161.58.21.0/24, edebtcntr.com (Verio) ... > S1677 - Just a note, images2.laih.com is no longer on 128.242.107.114. > > 2, 128.242.107.114, images2.laih.com (Mirror Image) $ host images2.laih.com images2.laih.com is an alias for p.mii.instacontent.net. p.mii.instacontent.net has address 168.143.179.114 (and when querying from another place) $ host images2.laih.com images2.laih.com is a nickname for p.mii.instacontent.net p.mii.instacontent.net has address 81.22.34.114 p.mii.instacontent.net has address 81.22.34.114 [rwhois.verio.net] Mirror Image (NETBLK-C052-168-143-179-0) C052-168-143-179-0 168.143.179.0 - 168.143.179.255 Verio Data Centers - Sterling/Dulles (NETBLK-C052-168-143-176) C052-168-143-176 168.143.176.0 - 168.143.183.255 Verio Inc. (NETBLK-VRIO-168-143) VRIO-168-143 168.143.0.0 - 168.143.255.255 Searched Groups for group:news.admin.* images2.laih.com. Results 1 - 10 of about 163. Search took 2.61 seconds latest hit on Dec 4, 2003. $ wget http://images2.laih.com/creatives/stunt/SRC_550x550_top_100703.gif --23:51:46-- http://images2.laih.com/creatives/stunt/SRC_550x550_top_100703.gif => `SRC_550x550_top_100703.gif' Connecting to 127.0.0.1:3128... connected. Proxy request sent, awaiting response... 200 OK Length: 1,616 [image/gif] 100%[=================================================>] 1,616 --.--K/s 23:51:46 (15.41 MB/s) - `SRC_550x550_top_100703.gif' saved [1616/1616] ... > S938 - These are dead as well. > > 2, 209.168.123.23, casinos-today.com (dead) $ host windowscasino.com windowscasino.com has address 209.39.167.11 same IP as on 9 Dec 2002. http://groups.google.com/groups?selm=at35hl0fm7%40drn.newsguy.com&oe=UTF-8&outpu t=gplain [rwhois.verio.net] 1-800-HOSTING Services Inc. (NETBLK-NET-800HOSTING-2) NET-800HOSTING-2 209.39.166.0 - 209.39.167.255 Verio Data Centers - Dallas (NETBLK-C109-209-039-164) C109-209-039-164 209.39.164.0 - 209.39.167.255 Verio, Inc. - Dallas/Fort Worth (NETBLK-ONRAMP-BLK2) ONRAMP-BLK2 209.39.0.0 - 209.39.255.255 $ w3m -dump http://windowscasino.com/ --FRAME-- main fg Windows Casino - Online Casino Windows Casino, Online Casino Of The Year featuring over 193 casino games plus multiplayer poker and bingo HTML frames support is required to view this site. and as usual, non-SPEWSed spammers who pay the bill don't get terminated. http://groups.google.com/groups?selm=20030930001433.32027.qmail%40linuxmail.org& oe=UTF-8&output=gplain $ host www.genericviagra4u.com www.genericviagra4u.com has address 198.170.243.145 $ host www.pharmagenltd.com www.pharmagenltd.com is an alias for pharmagenltd.com. pharmagenltd.com has address 204.200.196.119 $ w3m -dump http://www.pharmagenltd.com/|head -n 5 Home | About Us | Contact Us | For Women | Chemical Assay Testimonials | Sildenafil Citrate | FAQs | # My Cart World Shipping | Order Now | $ w3m -dump http://www.genericviagra4u.com/ | head -n 5 Home | About Us | Contact Us | For Women | Chemical Assay Testimonials | Sildenafil Citrate | FAQs | World Shipping | Order Now | PHARMAGEN INTERNATIONAL Ltd. [vigre]WE Discount" the Price" -- Safari - y7pt9001@sneakemail.com.gov.invalid - Reply-To to reply (remove 'ies') "Really, I'm not out to destroy Microsoft. That will just be a completely unintentional side effect." - Linus Torvalds === Verio spams for their services, themselves === Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sjc1.usenetserver.com !news.usenetserver.com!border1.nntp.sjc.giganews.com!nntp.giganews.com !local1.nntp.sjc.giganews.com!nntp.netlojix.com!news.netlojix.com.POSTED !not-for-mail NNTP-Posting-Date: Fri, 30 Apr 2004 12:06:01 -0500 From: Jay Hennigan Organization: Disgruntled Postal Workers Against Gun Control Subject: Verio's Edward Brooks spams, lies about it... Date: Fri, 30 Apr 2004 10:05:37 -0700 User-Agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment of clarity.) Message-ID: Newsgroups: news.admin.net-abuse.email MIME-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Original-NNTP-Posting-Host: 207.71.234.101 X-Original-Trace: 30 Apr 2004 10:05:38 -0800, 207.71.234.101 Lines: 92 NNTP-Posting-Host: 205.254.224.3 X-Trace: sv3-xvJmMgtp5RSReU+rmiRN3TMz1TfdUNaniYzCPi6tUJqItsVln8zpdn8M0T7xZhHt7AcQ6NpgtMi UXQ0!4GxZYTMWK+DSkRnu2K1ANzAGelsvKSgRMh7mITlf1bqJZtI/0qb9rqcP1LsKt65zYHkgDhb9TJx s!AQCMuSY= X-Complaints-To: abuse@netlojix.com X-DMCA-Complaints-To: abuse@netlojix.com X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint properly X-Postfilter: 1.1 Xref: uni-berlin.de news.admin.net-abuse.email:2193497 Spam received from Verio touting Verio. When confronted, spammer claims it was a "personal email, just like a phone call, not spam." Yet, other network operators got the same spam with just the name and domain changed. Rule Number One validated. Delivered-To: jay@west.net Received: from psmtp.com (exprod5mx71.postini.com [12.158.34.223]) by acme.west.net (Postfix) with SMTP id B3B201A103 for ; Thu, 29 Apr 2004 10:14:21 -0700 (PDT) Received: from source ([129.250.36.44]) by exprod5mx71.postini.com ([12.158.34.245]) with SMTP; Thu, 29 Apr 2004 10:14:22 PDT Received: from [129.250.36.62] (helo=dfw-mmp2.email.verio.net) by dfw-smtpout4.email.verio.net with esmtp id 1BJF78-00010y-BU for jay@west.net; Thu, 29 Apr 2004 17:14:22 +0000 Received: from [209.207.210.36] (helo=USSPFDVA01TJP21) by dfw-mmp2.email.verio.net with esmtp id 1BJF70-0006OP-7Z for jay@west.net; Thu, 29 Apr 2004 17:14:14 +0000 From: "Edward Brooks" To: Subject: transit Date: Thu, 29 Apr 2004 13:14:21 -0400 Message-ID: <01d401c42e0d$6a357f80$3d02140a@corp.verio.net> MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable X-Priority: 3 (Normal) X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook, Build 10.0.6626 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 Importance: Normal X-pstn-levels: (S:84.12134/99.90000 P:95.9108 M:96.4339 C:93.8525 ) X-pstn-settings: 4 (1.5000:1.5000) p m c X-pstn-addresses: from [3894/169] Jay, I wanted to take this opportunity to introduce myself and Verio to WestNet. Verio operates a global Tier 1 IP network (AS2914) that provides Internet communications and VPN services for many enterprises throughout the US, Europe and Asia. more competitive rates because of our parent company, NTT Communications. I would like to discuss your network topology and how Verio might be able to increase performance. I look forward to speaking with you soon. Regards, Ed ............................... Edward Brooks NTT/VERIO Account Executive, Enterprise Broadband Services Toll Free - 866.292.2695 x6667 Direct - 703.333.6667 Mobile - 703.967.5581 Fax - 703.333.6746 Email - ebrooks@verio.net AIM - brookse23 In a followup, he lies... Date: Fri, 30 Apr 2004 09:25:07 -0400 From: Edward Brooks To: 'Jay Hennigan' Subject: RE: SPAM COMPLAINT (Verio) transit (fwd) Jay, My email was a personalized meant just for you....just like a call on the phone or postal mail...not spam. It's apparent that you are not interested and I will not send you any more emails. Ed Ed Brooks 703.333.6667 === 1st reply === Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-06 !sn-post-01!supernews.com!news.supernews.com!not-for-mail From: "yukio" Newsgroups: news.admin.net-abuse.email Subject: Re: Verio's Edward Brooks spams, lies about it... Date: Fri, 30 Apr 2004 14:17:15 -0700 Organization: Posted via Supernews, http://www.supernews.com Message-ID: <1095ggu3g8j958@news.supernews.com> References: X-Priority: 3 X-MSMail-Priority: Normal X-Newsreader: Microsoft Outlook Express 6.00.2800.1409 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409 X-Complaints-To: abuse@supernews.com Lines: 12 Xref: uni-berlin.de news.admin.net-abuse.email:2193611 "Jay Hennigan" wrote in message news:pan.2004.04.30.17.05.37.210559@west.net... > Spam received from Verio touting Verio. When confronted, spammer > claims it was a "personal email, just like a phone call, not spam." > > Yet, other network operators got the same spam with just the name > and domain changed. Rule Number One validated. His IP's already made it to Spamcop. === 2nd reply === Path: uni-berlin.de!samidi.ucar.EDU!not-for-mail From: Richard Johnson Newsgroups: news.admin.net-abuse.email Subject: Re: Verio's Edward Brooks spams, lies about it... Date: Sat, 01 May 2004 00:36:37 -0600 Organization: Whirlpools Suck the Breath Out of You Lines: 95 Message-ID: References: Reply-To: rnews@river.com NNTP-Posting-Host: samidi.ucar.edu (192.43.244.133) X-Trace: news.uni-berlin.de 1083393406 17301931 I 192.43.244.133 ([205492]) X-Orig-Path: rnews User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X) X-Nospam: To reply via email, make sure you don't enter the whirlpool on river left. Xref: uni-berlin.de news.admin.net-abuse.email:2193752 In article , Jay Hennigan wrote: > Spam received from Verio touting Verio. When confronted, spammer > claims it was a "personal email, just like a phone call, not spam." > > Yet, other network operators got the same spam with just the name > and domain changed. Rule Number One validated. > > Delivered-To: jay@west.net > Received: from psmtp.com (exprod5mx71.postini.com [12.158.34.223]) > by acme.west.net (Postfix) with SMTP id B3B201A103 > for ; Thu, 29 Apr 2004 10:14:21 -0700 (PDT) > Received: from source ([129.250.36.44]) by exprod5mx71.postini.com > ([12.158.34.245]) with SMTP; > Thu, 29 Apr 2004 10:14:22 PDT > Received: from [129.250.36.62] (helo=dfw-mmp2.email.verio.net) > by dfw-smtpout4.email.verio.net with esmtp > id 1BJF78-00010y-BU > for jay@west.net; Thu, 29 Apr 2004 17:14:22 +0000 > ... > From: "Edward Brooks" > To: > Subject: transit > Date: Thu, 29 Apr 2004 13:14:21 -0400 > ... > ............................... > Edward Brooks > NTT/VERIO > Account Executive, > Enterprise Broadband Services > > Toll Free - 866.292.2695 x6667 > Direct - 703.333.6667 > Mobile - 703.967.5581 > Fax - 703.333.6746 > Email - ebrooks@verio.net > AIM - brookse23 The blatant spamming followed by false claims of 'personal email' by that spamming Verio employee make their corporate network [1] a prime candidate for firewalling, permanently. Unless, of course, Verio management care to fire that spammer's ass, or otherwise suitably discipline him. Will they? Didn't think so. So much for removing verio.blackholes.us from our default blocklists. Verio is clearly still in the spamming business for themselves. As expected, their "cleanup" was just a sham. Hey Verio! That slam you just heard was the mainsleaze corporate direct-spam vault door on our firewall. Sucks to be you, doesn't it? Richard ------- PS - I'll be lobbying against your participation in NLR, simply pointing out to participants that you're still inveterate spammers. Enjoy! ------- [1] %rwhois V-1.5:0078b6:00 rwhois.verio.net (Vipar 0.1a. Comments to vipar@verio.net) network:Class-Name:network network:Auth-Area:129.250.36.0/23 network:ID:NETBLK-VRIO-OLAY-1.127.0.0.1/32 network:Handle:NETBLK-VRIO-OLAY-1 network:Network-Name:VRIO-OLAY-1 network:IP-Network:129.250.36.0/23 network:In-Addr-Server;I:C60-VRIO-HST.127.0.0.1/32 network:In-Addr-Server;I:U60-VRIO-HST.127.0.0.1/32 network:IP-Network-Block:129.250.36.0 - 129.250.37.255 network:Org-Name:Verio Technical Operations network:Street-Address:1950 Stemmons Freeway, Suite 202 network:City:Dallas network:State:TX network:Postal-Code:75207 network:Country-Code:US network:Tech-Contact;I:VERIO-ISS-VIPAR.127.0.0.1/32 network:Created:1999-09-14 19:39:11+00 network:Updated:2003-10-23 20:46:08+00 %ok -- To reply via email, make sure you don't enter the whirlpool on river left. My mailbox. My property. My personal space. My rules. Deal with it. http://www.river.com/users/share/cluetrain/