Verio - the reputable company in the past, but during the last year
it went completely rogue. Verio absolutely ignores spam complaints.
It has thousands or even more complaints about their "pet-spammers"
Postmaster General / Mindshare Design:

http://www.DolphinWave.org/spam/postmastergeneral_mindsharedesign.txt
(80kB)

More spam and complaints examples are on the Google Usenet archives:

http://groups.google.com/groups?hl=en&lr=&scoring=r&q=postmaster+general+verio+group%3Anews.admin.net-abuse.*&btnG=Google+Search

Yet these proved spammers are still happily connected by Verio. And
all Verio does is forwards the spam complaints to their spammers for
"listwashing", e-mail bombing or joe-jobbing. And the president's
office of Verio have said that they will not shut the Postmaster General
down.

Verio also has a huge load of other persistent spammers, all of them were
complained to Verio many times, none of them was disconnected. This
led Verio to multiple private and shared blocklists, like SPEWS. Their
legitimate customers begun to complain that they can't send e-mails
to other networks because of these blocks. Then Verio begun to lie to
their customers, that they did terminate those spammers and the blocks
are objectionable. Then, when those customers were shown the proof
that the spammers were NOT disconnected, and still reside in those
netblocks, Verio lied again, that they were not receiving complaints
(or it was only one complaint) on those spammers. Of course, this lie
also was dismissed with the help of Google Usenet search in the spam
complaints archive newsgroup news.admin.net-abuse.sightings.

Now, when the admin of one of such blocklists who runs the list of
known/proven FormMail spam sources, formmail.relays.monkeys.com, tried
to resolve a problem with a lot of abusable formmail scripts installed
on the Verio network, Verio said that they've scanned their network
once, two week ago (!!), and they consider it enough. Their Abuse
department manager, Jeff Richard, said that Verio will not discuss the
methods they have used to prevent this formmail abuse coming from their
networks, and that they will not allow anyone to tell them how to do it
right. BUT, they will take the legal actions against the list maintainer,
if he will not do what they want, and wouldn't remove their IP spaces
from his blocklist:

<QUOTE>
   If you do not choose to work this way, please be advised that
   the Verio Legal Team is now investigating this issue and have
   been copied on this e-mail.
</QUOTE>

<UPDATE 23-Mar-2003>
Verio also helps their long-time spammers to listwash those who complain
about them on the news.admin.net-abuse.email Usenet newsgroup, but will
not terminate those spammers!
</UPDATE 23-Mar-2003>

<UPDATE 24-Jul-2003>
Verio forwards all the complaints data to their spammers. Revenge attacks
from those spammers follow shortly.
</UPDATE 24-Jul-2003>

Update: 30-Apr-2004: Verio spams for their servers, themselves!


Verio are spam supporters, liars, cartooney-threateners, forward the
complaints to their spammers... Is there ANY reason NOT to block them all
from accessing my private property?! I don't think so!

The evidence files are below. For more evidences search on Google:
http://groups.google.com/groups?as_q=verio&num=10&as_scoring=r&hl=en&btnG=Google+Search&as_ugroup=news.admin.net-abuse.sightings

[65.100.46.240 - 65.100.46.247],
[66.93.14.160 - 66.93.14.175],
[66.149.126.96 - 66.149.126.103],
[128.121.0.0 - 128.121.255.255],
[128.241.0.0 - 128.242.255.255],
[129.250.0.0 - 129.250.255.255],
[130.94.0.0 - 130.94.255.255],
[131.103.0.0 - 131.103.255.255],
[140.174.0.0 - 140.174.255.255],
[157.238.0.0 - 157.238.255.255],
[161.58.0.0 - 161.58.255.255],
[165.121.100.48 - 165.121.100.55],
[165.254.0.0 - 165.254.255.255],
[168.143.0.0 - 168.143.255.255],
[192.12.211.0 - 192.12.211.255],
[192.35.171.0 - 192.35.171.255],
[192.35.180.0 - 192.35.180.255],
[192.41.171.0 - 192.41.171.255],
[192.41.219.0 - 192.41.219.255],
[192.67.13.0 - 192.67.14.255],
[192.67.236.0 - 192.67.247.255],
[192.80.12.0 - 192.80.17.255],
[192.102.243.0 - 192.102.248.255],
[192.147.160.0 - 192.147.168.255],
[192.147.171.0 - 192.147.171.255],
[192.147.174.0 - 192.147.179.255],
[192.156.226.0 - 192.156.226.255],
[192.195.85.0 - 192.195.85.255],
[192.204.0.0 - 192.204.255.255],
[192.217.0.0 - 192.217.255.255],
[192.220.0.0 - 192.220.255.255],
[198.17.243.0 - 198.17.244.255],
[198.17.249.0 - 198.17.249.255],
[198.49.174.0 - 198.49.174.255],
[198.58.2.0 - 198.58.6.255],
[198.63.0.0 - 198.66.255.255],
[198.84.16.0 - 198.84.31.255],
[198.87.0.0 - 198.88.255.255],
[198.104.0.0 - 198.104.255.255],
[198.106.0.0 - 198.107.255.255],
[198.133.158.0 - 198.133.159.255],
[198.138.0.0 - 198.139.255.255],
[198.170.0.0 - 198.173.255.255],
[198.187.252.0 - 198.187.252.255],
[198.247.0.0 - 198.247.255.255],
[198.252.194.0 - 198.252.195.255],
[199.4.64.0 - 199.4.127.255],
[199.73.32.0 - 199.73.41.255],
[199.88.145.0 - 199.88.145.255],
[199.103.128.0 - 199.103.255.255],
[199.164.210.0 - 199.164.210.255],
[199.184.212.0 - 199.184.212.255],
[199.184.226.0 - 199.184.226.255],
[199.201.197.0 - 199.201.197.255],
[199.217.128.0 - 199.217.255.255],
[199.224.0.0 - 199.224.15.255],
[199.234.0.0 - 199.234.255.255],
[199.236.0.0 - 199.240.255.255],
[199.245.16.0 - 199.245.31.255],
[200.15.0.0 - 200.15.255.255],
[204.0.0.0 - 204.3.255.255],
[204.27.64.0 - 204.27.127.255],
[204.42.0.0 - 204.42.255.255],
[204.57.32.0 - 204.57.63.255],
[204.75.146.0 - 204.75.146.255],
[204.91.99.140],
[204.141.0.0 - 204.143.255.255],
[204.156.0.0 - 204.156.31.255],
[204.156.128.0 - 204.156.159.255],
[204.170.0.0 - 204.171.255.255],
[204.194.176.0 - 204.194.183.255],
[204.200.0.0 - 204.203.255.255],
[204.214.84.0 - 204.214.84.255],
[204.227.160.0 - 204.227.191.255],
[204.233.0.0 - 204.233.255.255],
[204.245.128.0 - 204.245.255.255],
[204.247.0.0 - 204.247.255.255],
[205.146.0.0 - 205.146.255.255],
[205.149.160.0 - 205.149.191.255],
[205.157.128.0 - 205.157.143.255],
[205.212.0.0 - 205.212.255.255],
[205.238.0.0 - 205.238.63.255],
[206.14.0.0 - 206.14.255.255],
[206.50.0.0 - 206.50.255.255],
[206.52.0.0 - 206.52.255.255],
[206.54.0.0 - 206.54.63.255],
[206.55.0.0 - 206.55.63.255],
[206.58.0.0 - 206.58.255.255],
[206.68.0.0 - 206.69.255.255],
[206.80.32.0 - 206.80.63.255],
[206.82.32.0 - 206.82.63.255],
[206.86.0.0 - 206.86.255.255],
[206.106.144.0 - 206.106.159.255],
[206.163.0.0 - 206.163.223.255],
[206.166.128.0 - 206.166.191.255],
[206.183.192.0 - 206.183.223.255],
[206.184.0.0 - 206.184.255.255],
[206.197.81.0 - 206.197.81.255],
[206.213.64.0 - 206.213.127.255],
[206.222.32.0 - 206.222.63.255],
[206.239.0.0 - 206.239.255.255],
[206.252.0.0 - 206.252.31.255],
[207.20.0.0 - 207.21.191.255],
[207.22.64.0 - 207.22.127.255],
[207.31.192.0 - 207.31.255.255],
[207.32.64.0 - 207.32.127.255],
[207.33.0.0 - 207.33.255.255],
[207.52.97.0 - 207.52.97.255],
[207.52.130.0 - 207.52.130.255],
[207.52.151.0 - 207.52.151.255],
[207.52.244.0 - 207.52.244.255],
[207.53.128.0 - 207.53.191.255],
[207.55.128.0 - 207.55.223.255],
[207.56.0.0 - 207.57.255.255],
[207.58.0.0 - 207.58.127.255],
[207.67.128.0 - 207.67.255.255],
[207.71.64.0 - 207.71.127.255],
[207.91.64.0 - 207.91.127.255],
[207.97.0.0 - 207.97.127.255],
[207.111.64.0 - 207.111.127.255],
[207.137.0.0 - 207.137.255.255],
[207.150.0.0 - 207.150.159.255],
[207.152.64.0 - 207.152.127.255],
[207.153.128.0 - 207.153.255.255],
[207.156.128.0 - 207.156.255.255],
[207.158.192.0 - 207.158.255.255],
[207.159.0.0 - 207.159.63.255],
[207.196.0.0 - 207.196.127.255],
[207.197.128.0 - 207.197.255.255],
[207.198.128.0 - 207.198.255.255],
[207.199.0.0 - 207.199.127.255],
[207.201.128.0 - 207.201.191.255],
[207.206.0.0 - 207.206.127.255],
[207.207.128.0 - 207.207.159.255],
[207.241.0.0 - 207.241.127.255],
[208.55.0.0 - 208.55.255.255],
[209.21.0.0 - 209.21.63.255],
[209.24.0.0 - 209.24.255.255],
[209.39.0.0 - 209.39.255.255],
[209.41.0.0 - 209.41.63.255],
[209.43.128.0 - 209.43.255.255],
[209.57.0.0 - 209.57.255.255],
[209.69.0.0 - 209.70.255.255],
[209.75.0.0 - 209.75.255.255],
[209.94.0.0 - 209.94.31.255],
[209.107.0.0 - 209.107.95.255],
[209.124.0.0 - 209.124.31.255],
[209.130.0.0 - 209.130.127.255],
[209.139.0.0 - 209.139.191.255],
[209.157.0.0 - 209.157.255.255],
[209.162.64.0 - 209.162.127.255],
[209.168.0.0 - 209.168.127.255],
[209.170.0.0 - 209.170.63.255],
[209.189.0.0 - 209.189.127.255],
[209.207.128.0 - 209.207.255.255],
[209.217.128.0 - 209.217.191.255],
[209.227.0.0 - 209.227.127.255],
[209.238.0.0 - 209.238.255.255],
[216.42.0.0 - 216.42.255.255],
[216.44.0.0 - 216.44.255.255],
[216.167.0.0 - 216.167.127.255],
[216.208.197.96 - 216.208.197.127]: Access denied!


=== First of all, the evidence of the persistent Postmaster General / Mindshare ===
=== Design spammers, spamming me non-stop, and Verio did nothing to stop the abuse ===

http://www.DolphinWave.org/spam/postmastergeneral_mindsharedesign.txt



=== Verio ignores spam complaints, the spammers are not being terminated ===
=== for *months* of unstoppable spam and complaints ===

From frederi108@aol.com Fri Feb  1 18:58:57 2002
Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net!portc01.blue.aol.com!audrey05.news.aol.com!not-for-mail
Lines: 118
X-Admin: news@aol.com
From: frederi108@aol.com (Frederick the amateur spam killer)
Newsgroups: news.admin.net-abuse.email
Date: 01 Feb 2002 15:29:03 GMT
References: <t2ej5us1eao7h8n2frujj23rjmr1cq89tv@4ax.com>
Organization: AOL http://www.aol.com
X-Newsreader: Session Scheduler
Subject: SPEWS Verio spam problem (was Re: verio response.)
Message-ID: <20020201102903.03037.00000014@mb-fo.aol.com>
Xref: uni-berlin.de news.admin.net-abuse.email:1587410

In article <t2ej5us1eao7h8n2frujj23rjmr1cq89tv@4ax.com>, Wm James
<wrjames.remove@kudzucountry.com> writes:

>>Actually, they could do a "Sprintpink" and just cover an
>>affected B block.  I'll have to dig into it, but I believe they're
>>all related to one B block, at the very least.
>>Frederi108@aol.com (Frederick)


>That helps, of course.  But the main complaint with things which block
>pieces is that it affects the innocent with no warning.


Here's just a sample of spam complaints that I looked up last
night.  Now, to give credit where credit is due, the spam
complaints I made about spammers wanting to download an dialer
program to you have been taken down.  However, the ones shown
below, especially the mortgage spammer sites, are still up,
months after the complaints went out.
_______________________________________________________

From: Frederi108@aol.com (Frederi108@aol.com)
Subject: [email] SPEWS www.moneysavingsolutions.net
Newsgroups: news.admin.net-abuse.sightings
Date: 2002-01-30 16:59:30 PST

www.moneysavingsolutions.net resolves to 161.58.208.92
	Netname: VRIO-161-058
        Netblock: 161.58.0.0 - 161.58.255.255
        Maintainer: VRIO
_______________________________________________________

From: Frederi108@aol.com (Frederi108@aol.com)
Subject: [email] SPEWS getmedsonline.com -> medicalmarketgroup.com (C/C 
SCAM)
Newsgroups: news.admin.net-abuse.sightings
Date: 2002-01-28 16:45:18 PST

www.getmedsonline.com resolves to 168.143.166.146
	Netname: VRIO-168-143
        Netblock: 168.143.0.0 - 168.143.255.255
        Maintainer: VRIO

www.medicalmarketgroup.com resolves to 168.143.166.131
	Netname: VRIO-168-143
        Netblock: 168.143.0.0 - 168.143.255.255
        Maintainer: VRIO
_______________________________________________________

From: Frederi108@aol.com (Frederi108@aol.com)
Subject: [email] www.kwikscripts.com/viagra.htm -> medicalmarketgroup.com
Newsgroups: news.admin.net-abuse.sightings
Date: 2002-01-15 15:28:08 PST

www.kwikscripts.com resolves to 168.143.166.146
	Netname: VRIO-168-143
        Netblock: 168.143.0.0 - 168.143.255.255
        Maintainer: VRIO

www.medicalmarketgroup.com resolves to 168.143.166.131
	Netname: VRIO-168-143
        Netblock: 168.143.0.0 - 168.143.255.255
        Maintainer: VRIO
_______________________________________________________

From: Frederi108@aol.com (Frederi108@aol.com)
Subject: [email] www.freequote4me.com -> sunrise@connectcorp.net
Newsgroups: news.admin.net-abuse.sightings
Date: 2001-08-19 05:48:05 PST

www.freequote4me.com resolves to 128.121.116.26
	Netname: VRIO-128-121
        Netblock: 128.121.0.0 - 128.121.255.255
        Maintainer: VRIO
_______________________________________________________

From: Frederi108@aol.com (Frederi108@aol.com)
Subject: [email] www.getaquote4me.com -> sunrise@connectcorp.net
Newsgroups: news.admin.net-abuse.sightings
Date: 2001-08-04 20:40:31 PST

www.getaquote4me.com resolves to 128.121.124.170
        Netname: VRIO-128-121
        Netblock: 128.121.0.0 - 128.121.255.255
        Maintainer: VRIO
_______________________________________________________

I could go on, but it appears that verio.net has done NOTHING
concerning any of the spamvertised sites that anyone has
complained about.

verio.net   almost 9,000 hits in the sightings newsgroup.

Of particular interest should be han-solo.net, which seems
to be the source of quite a number of spams.

(netmed.han-solo.net [161.58.219.201]) has around 145 hits, although
it is found at various IP addresses on verio net-space.
Always seems to be used by spammers sending from it, making it
look like it was relayed off that equipment, or used a mailform.pl
exploit.

128.121 brings up 2610 hits in deja.com
161.58 brings up 817 hits in deja.com

Verio does nada.
Zip.
Zilch.
Zero.

SPEWS should consider adding the two above B blocks to their list.
Verio's hat color is pretty obvious from this short list alone.

Frederi108@aol.com (Frederick)
This e-mail address is whitelisted.
"Because I'm a CRAZY one-armed spam-fighter with a hand coming out of my neck,
so gimme some coffee!"  http://hometown.aol.com/frederi108



=== Verio *refuses* to talk about the abuse or spam issues with their customer ===

From pr@isprime.com Fri Feb 15 23:22:47 2002
Path: uni-berlin.de!fu-berlin.de!cpk-news-hub1.bbnplanet.com!news.gtei.net!nntp.abs.net!feeder.qis.net!sn-xit-02!supernews.com!postnews1.google.com!not-for-mail
From: pr@isprime.com (Phil Rosenthal)
Newsgroups: news.admin.net-abuse.email
Subject: Verio blackhole possible help?
Date: 15 Feb 2002 11:26:06 -0800
Organization: http://groups.google.com/
Lines: 53
Message-ID: <54e05a6a.0202151126.609b2f01@posting.google.com>
NNTP-Posting-Host: 209.11.110.130
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1013801167 26046 127.0.0.1 (15 Feb 2002 19:26:07 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 15 Feb 2002 19:26:07 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1595049

Hello,
I noticed that verio's ip space is blackholed on at least two
blackhole lists:


(127.0.0.4) 130.94.138.2 is DNSbl listed. by xbl.selwerd.cx 

www.kellyswebcam.com
uplink for NETBLK-LIKEWHOA
epending by dksmail.dksno.com/204.27.101.91
SPEWS S644
NS for bzah.com (Empire Towers)
www.mydishnow.com
www.wiseoldmule.com
xxx-porns.com
advanceddating.com
this is not a list of open relays
please see http://selwerd.cx/xbl/




--------------------------------------------------------------------------------

(127.0.0.7) 130.94.138.2 is DNSbl listed. by
blackholes.five-ten-sg.com

did not seem concerned at all about folks refusing all mail from their
networks.
added 2001-11-25; spam support - hosting postmastergeneral
called 800-438-8374 and they *refused* to talk about abuse or spam
issues, and


---

This blackhole does include my ip space as my primary uplink is verio,
but that will change soon.  I don't care too much that my ip space is
included there, except for the one exception that it should say "Verio
is blackholed", when someone looks up my ip and sees "did not seem
concerned...." it looks like I did something wrong when verio did,
anyway, moot point as I won't be using verio ip space soon.  But on
another issue, I believe I can help get these issues resolved.  As a
large customer of verio, I have some good contacts there, and would
like to see this come to an end.
A spam contact I have that I believe will help in all of these issues
is Shane Hopkins - 214-290-8544  I will contact him in regards to
these issues, but everyone else who would actually like to see these
issues resolved should contact him as well.  He does have to power to
put these issues to an end if they aren't resolved, and I believe he
will.

--Phil



=== Verio lies about terminating their persistent porn-spammer ===

From no@no.thanks Thu May 30 13:13:47 2002
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.cis.ohio-state.edu!nntp.service.ohio-state.edu!not-for-mail
From: "Jay Stuler" <no@no.thanks>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Verio porn peddler trick
Date: Wed, 29 May 2002 21:16:37 -0400
Organization: Ohio State University
Lines: 58
Sender: stuler.1@dhcp065-024-145-101.columbus.rr.com
Message-ID: <ad3uie$mmf$1@charm.magnus.acs.ohio-state.edu>
References: <20tafu405qqthhhsq8b1r6gthn1kar8mk5@4ax.com>
NNTP-Posting-Host: dhcp065-024-145-101.columbus.rr.com
X-Trace: charm.magnus.acs.ohio-state.edu 1022721422 23247 65.24.145.101 (30 May 2002 01:17:02 GMT)
X-Complaints-To: abuse@osu.edu
NNTP-Posting-Date: 30 May 2002 01:17:02 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Xref: uni-berlin.de news.admin.net-abuse.email:1701222


"Wm James" <wrjames.remove@spamreaper.org> wrote in message
news:20tafu405qqthhhsq8b1r6gthn1kar8mk5@4ax.com...
> posted to news.admin.netabuse.email
> cc:
>
filip.krupka@gtsgroup.cz,tm@gts.cz,zidek@master.cz,vosmera@master.cz,ant_and
@hotmail.com,abuse@digipoo.com,postmaster@digipoo.com,abuse@hotmail.com,post
master@hotmail.com,abuse@master.cz,postmaster@master.cz,abuse@SECURE.NET,pos
tmaster@SECURE.NET,abuse@verio.net,postmaster@verio.net
>
> After getting several spams every day for a while pointing to
> www.free-porn-space.com, and complaints to verio went totally ignored,
> I sent compies with ID of the perps to congress, the AGs, etc.
> Predictably, the page went away.  Now, a couple of days later, it's
> back, twice over.. sort of.
>
> There are two copies of the same page (folders' containing the page),
> apparently being setup to look like "affiliates".  Apparently they got
> properly dumped by www.amateur-vixens.com where the old page
> redirected.  Now it (both) point to www.pornhappybabes.com.
>
> However, the initial domain is STILL verio. Same IP as before.
>
> To those posting here wondering why so much of verio is being blocked
> by spews and others, this is a prime example.  Verio has scrapped the
> bottom of the sewer by protecting these scumbags.  They don't care
> what their spammers do, or even if children are involved.   You really
> want to support scum like that with your money?  Go ahead, but don't
> whine about decent people rejecting your emails.
>
> William R. James
>

Here's a nice email I received from "Sarah Pollister" at Verio regarding
www.free-porn-space.com

OF COURSE IT IS ALL LIES.  Nothing was disabled.

========================

Thank you for informing us about this.  Sending unsolicited e-mail or making
inappropriate commercial newsgroup posts from our web servers is strictly
forbidden.  It is also forbidden to promote web sites hosted on our servers
in
such mailings or postings.  You may see our acceptable use policy here:

http://home.verio.com/company/policies/aup.cfm

We are currently looking into this and the link posted has been disabled.

thanks,

Sarah
Abuse/VWH



=== More lies about terminating their spammers, now to their own customer. ===
=== Then the next lie: they didn't get enough complaints, which is a bullshit ===
=== cause that customer was spammed by them regularly, himself ===

From ed@virtualpix.com Wed May 29 13:00:36 2002
Path: uni-berlin.de!fu-berlin.de!pln-w!spln!dex!extra.newsguy.com!newsp.newsguy.com!enews4
From: Ed Donaldson <ed@virtualpix.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS - collateral damage - S562
Date: Tue, 28 May 2002 19:19:29 -0700
Organization: Virtualpix.com
Lines: 50
Message-ID: <3CF43AB1.C65BD56@virtualpix.com>
References: <3CF42575.5678A726@virtualpix.com> <B919A8E1.31476%chester@chickenboner.com>
NNTP-Posting-Host: p-196.newsdawg.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Mailer: Mozilla 4.75 [en]C-CCK-MCD (Qwest.net)  (Win98; U)
X-Accept-Language: en
Xref: uni-berlin.de news.admin.net-abuse.email:1700441

You are correct.  Verio claims that they haven't had reports of
spamming by subject domains or legitimate complaints lodged
therein so their advice is to change my IP number.  I know this is
bullshit since I receive email from these jerks regularly.  If it
wasn't so much trouble to move everything, I'd tell them to take a
leap.  I really can't afford that since I could easily be getting
into the same deal with another provider all over again...
Remarks??

chester wrote:
> 
> in article 3CF42575.5678A726@virtualpix.com, Ed Donaldson at
> ed@virtualpix.com wrote on 5/28/02 8:48 PM:
> 
> > My server IP is 128.121.115.25.  The "evidence" file S562 (for my
> > IP) shows the spammers IPs to be 128.121.113 and 128.121.116.
> > Evidently my server is lumped in with these low-lives.  A call to
> > viaVerio revealed these jerks were were shut down and since moved
> > to a new host.  That is supported by the evidence file.
> >
> Verio is not telling the whole story..
> 
> Type in http://128.121.116.26 see what comes back. If it is freequote4me.com
> then Verio then Verio seems to have lied to you.
> 
> Type in http://128.121.112.242 see what comes back. If it is
> request-erate.com then Verio then Verio seems to have lied to you.
> 
> Type in http://128.121.112.242 see what comes back. If it is a
> www.value-esun.com removal page then Verio seems to have lied to you.
> 
> Then you see why verio can't be trusted. It would be better for you to
> change networks.
> 
> Please, by all means, do the lookups yourself. Do the traceroutes, use
> samspade.org. Use whatever tools you have at your disposal to see if the
> verio hosted spammers are there or not.
> 
> Verio will lie to its own customers to protect its revenue stream from
> spammers. Call back and get their answer to why these spammers still have
> working websites. Let us know what happens.

-- 
Regards - Ed Donaldson
VirtualPix.com  (480) 488-1784
Active Server, Database Driven Web Sites and Web Hosting
http://VirtualPix.com  ed@virtualpix.com

"The reason the mainstream is thought of as a stream
is because it's so shallow." - George Carlin



=== And to dismiss the second lie that they were not receiving enough complaints ===

From davidwiz@erols.com Wed May 29 13:01:45 2002
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!feed2.news.rcn.net!feed1.news.rcn.net!rcn!not-for-mail
From: David Wisniewski <davidwiz@erols.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS - collateral damage - S562
Date: Tue, 28 May 2002 23:36:14 -0400
Organization: The Spanish Inquisition
Lines: 34
Message-ID: <3CF44CAE.68513809@erols.com>
References: <3CF42575.5678A726@virtualpix.com> <B919A8E1.31476%chester@chickenboner.com> <3CF43AB1.C65BD56@virtualpix.com>
Reply-To: davidwiz_2000@yahoo.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: UmFuZG9tSVb3YwP5ohlr01BIsbeTEGqflf8NjxT1ySm7BHyuJGiqDVotI80mpx2g
X-Complaints-To: abuse@rcn.com
NNTP-Posting-Date: 29 May 2002 03:38:02 GMT
X-Mailer:  Mozilla 4.78 [en] (Win98; U)
X-Accept-Language:  en
Xref: uni-berlin.de news.admin.net-abuse.email:1700483

Ed Donaldson wrote:
> 
> You are correct.  Verio claims that they haven't had reports of
> spamming by subject domains or legitimate complaints lodged
> therein so their advice is to change my IP number.  I know this is
> bullshit

Here is the proof that Verio is lying to you:

> > Type in http://128.121.116.26 see what comes back. If it is freequote4me.com
> > then Verio then Verio seems to have lied to you.

5 pieces of spam at:
http://groups.google.com/groups?q=http%3A%2F%2F128.121.116.26+.sightings&hl=en 

11 at:
http://groups.google.com/groups?hl=en&lr=&q=freequote4me.com+.sightings

> > Type in http://128.121.112.242 see what comes back. If it is
> > request-erate.com then Verio then Verio seems to have lied to you.

http://groups.google.com/groups?hl=en&lr=&q=request-erate.com+.sightings

> > Type in http://128.121.112.242 see what comes back. If it is a
> > www.value-esun.com removal page then Verio seems to have lied to you.

3 pieces of spam:
http://groups.google.com/groups?hl=en&lr=&q=www.value-esun.com+.sightings

In under a minute, I've shown that Verio is a lying piece of scum.  If I
were you, I'd email Verio's CEO at ceo@verio.net until the cows come
home.  Then sue them for giving you damaged goods.

-David



=== Here is another Verio customer being lied that Verio has dealt with ===
=== the spammers who made Verio to be listed in SPEWS, and that SPEWS is ===
=== wrong ===
Path: uni-berlin.de!fu-berlin.de!vienna1-snh1.gtei.net!news.gtei.net
 !newsfeed1.cidera.com!Cidera!cyclone.tampabay.rr.com!news-post.tampabay.rr.com
 !twister.tampabay.rr.com.POSTED!53ab2750!not-for-mail
From: "Rommie Johnson" <rommiej@NOSPAM.facefirst.com>
Newsgroups: news.admin.net-abuse.email
References: <V8zu9.160340$S8.3209109@twister.tampabay.rr.com>
  <3DBAD11D.2080208@netscape.net>
Subject: Re: How do I get off SPEWS list?
Lines: 96
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <ZsAu9.160389$S8.3215650@twister.tampabay.rr.com>
Date: Sat, 26 Oct 2002 17:41:13 GMT
NNTP-Posting-Host: 65.32.188.169
X-Complaints-To: abuse@rr.com
X-Trace: twister.tampabay.rr.com 1035654073 65.32.188.169 (Sat, 26 Oct 2002
  13:41:13 EDT)
NNTP-Posting-Date: Sat, 26 Oct 2002 13:41:13 EDT
Organization: RoadRunner - Tampa Bay
Xref: uni-berlin.de news.admin.net-abuse.email:1845387

OK, first off, it never occurred to me that people here would SUPPORT this
SPEWS thing. From my perspective, it's pure evil. I understand now that you
find it helpful and I appreciate your efforts to politely point out its
usefulness. But, like I said, Verio tells me they've already taken care of
checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet
posting from the checklab idiot, and you're right -- but I still don't think
their insensitivity should affect me.)

When you say "SPEWS does work," I have to disagree. Yes, it's keeping people
from having to delete unwanted checklab.com e-mail from their inboxes, but
it's also preventing my parents from having any regular communication with
their son. That's collateral damage, and that's not acceptable to me.

In any case, thanks for the info.


"I.B." <caughtout2002@netscape.net> wrote in message
news:3DBAD11D.2080208@netscape.net...
> Rommie Johnson whined:
> > Suddenly I can't send e-mail to my family and friends because my domain
> > somehow got listed on this ridiculous SPEWS thing. I am not a spammer, I
> > loathe spam with every fiber of my being. But this is unbelievable.
Nobody
> > else uses my domain except me, so I know for a fact that there has
NEVER,
> > EVER been any spam sent from it.
> >
> > Repeated attempts to contact whomever is behind the SPEWS.org site have
been
> > ignored. Who the hell are these people and how do you get off their
list?
> >
> > Thanks in advance for any help.
> >
> >
>
> Hello Rommie,
>
> Firstly, you need to calm down. Lots. Bursting into a newsgroup that
> supports SPEWS and calling it ridiculous is not going to make you many
> friends.
>
> Secondly, SPEWS is very helpful, as you will soon see, as it has
> identified why you are getting your mail blocked by some ISPs.
>
> I assume that your sight is http://www.facefirst.com ? Right
>
> Check http://openrbl.org/ip/161/58/1/246.htm to see how much of a mess
> Verio is making in the spam and blocking world.
>
> Entering your IP number into SPEWS obtains the following information:
>
> http://spews.org/html/S1954.html
>
> reportobjects
> |--------------------
> 1, 161.58.1.38, reportobjects.com / checklab.com
> 1, 161.58.1.0/26, reportobjects.com / checklab.com (Verio)
> 1, 161.58.0.0 - 161.58.2.255, reportobjects.com / checklab.com (Verio)
> 1, 68.50.206.193, labsvr1.labsdata.com / "ebaileylap"
> (pcp699937pcs.hyatsv01.md.comcast.net)
> 2, 216.65.115.56, labsdata.com (host56.hostcentric.com)
> 2, 209.213.96.30, mail.labsdata.com (mail.vscape.net)
> ---------------------|
>
> Spamming.
>
> See:
>
<http://groups.google.com/groups?selm=20020912135915.A10797%40cadeau.d-and-d
.com>
>
> So basically, your problem lies with checklab.com, who are hosted at
> 161.58.1.38 They have been caught spamming and Verio refuses to turf
> them, meaning that SPEWS has widened it's blocking list.
>
> As you see, it now covers you, and boy has it got your attention! So
> SPEWS does work!
>
> What you need to do is harrass Verio, and get them to kick checklab.com
> off their site, so that ISPs who use SPEWs won't reject your e-mail any
> more.
>
> Simple.
>
> P.S. - Have a read of that usenet post listing in that SPEWs listing.
> That just shows the stubborn and insensitive mindset of a spammer.
>
> Good luck.
>
> --
> I.B.
>
>


=== And here the lie is shown again ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!cyclone.swbell.net!cyclo
From: "Andy Lawson" <nanoo@paradise.net.nz>
Newsgroups: news.admin.net-abuse.email
Subject: Re: How do I get off SPEWS list?
Date: Sun, 27 Oct 2002 09:20:32 +1300
Organization: OsiruSoft Research & Engineering
Lines: 21
Message-ID: <apete6$r81$1@ns.osirusoft.com>
References: <V8zu9.160340$S8.3209109@twister.tampabay.rr.com> <3DBAD11D.2080208@
NNTP-Posting-Host: 202-0-33-254.cable.paradise.net.nz
X-Trace: ns.osirusoft.com 1035663622 27905 202.0.33.254 (26 Oct 2002 20:20:22 GM
X-Complaints-To: news@news.osirusoft.com
NNTP-Posting-Date: 26 Oct 2002 20:20:22 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Xref: uni-berlin.de news.admin.net-abuse.email:1845439

"Rommie Johnson" <rommiej@NOSPAM.facefirst.com> wrote in message
news:ZsAu9.160389$S8.3215650@twister.tampabay.rr.com...
snip snip

> But, like I said, Verio tells me they've already taken care of
> checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet
> posting from the checklab idiot, and you're right -- but I still don't
think
> their insensitivity should affect me.)
>

Hate to disappoint you but your contact at Verio told you a big fat porker,
Checklab is STILL hosted on Verio's network at the exact same IP as listed
in
the spews record and is provided with nameservers by Verio also. So how
exactly
has Verio taken care of the problem?
Verio haven't even bothered to respond to spam complaints I've sent them in
the past.


=== The confirmation - Verio still hosts the spammer they've claimed to ===
=== terminate ===
Path: uni-berlin.de!fu-berlin.de!news.teledanmark.no!uninett.no!news.algonet.se
 !algonet!oden.abc.se!not-for-mail
From: Claes T <nospam@mialfreak.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: How do I get off SPEWS list?
Date: Sat, 26 Oct 2002 23:24:28 +0200
Organization: DoNotSpam, eventhough e-address IS valid
Lines: 38
Message-ID: <511mrus0qse3q1nq437c06l0uhqrl52mlv@4ax.com>
References: <V8zu9.160340$S8.3209109@twister.tampabay.rr.com>
  <3DBAD11D.2080208@netscape.net>
  <ZsAu9.160389$S8.3215650@twister.tampabay.rr.com>
NNTP-Posting-Host: dialup-8.abc.se
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: oden.abc.se 1035667469 22520 195.17.73.8 (26 Oct 2002 21:24:29 GMT)
X-Complaints-To: abuse@abc.se
NNTP-Posting-Date: Sat, 26 Oct 2002 21:24:29 +0000 (UTC)
X-Newsreader: Forte Agent 1.9/32.560
Xref: uni-berlin.de news.admin.net-abuse.email:1845461

On Sat, 26 Oct 2002 17:41:13 GMT, "Rommie Johnson"
<rommiej@NOSPAM.facefirst.com> wrote:

>But, like I said, Verio tells me they've already taken care of
>checklab.com and that SPEWS refuses to acknowledge it. (I read that Usenet
>posting from the checklab idiot, and you're right -- but I still don't think
>their insensitivity should affect me.)

Hello!
I'm the guy who got the checklab answer you read in the SPEWS file
(but I'm not SPEWS or related to them). Let me check facts so far:

You say Verio say they have taken care of Checklab.com? *Already*
*taken* (past tense)?  When I reported them they where at 161.58.1.38,
so let's check where they have gone since Verio took care of them....

--- 10/26/02
--- looking up host checklab.com
--- traceroute to www.checklab.com [161.58.1.38],
....
 23  [  192.67.244.73]  ge-25-0836.stngva01.us.verio.net  293 ms
 24  [    161.58.1.38]  checklab.com  278 ms
--- traceroute statistics for www.checklab.com
...

Hmmm, they have moved....NOT. You may want to talk to Verio *again*,
because if Verio waits for SPEWS to acknowledge somothing never done,
it will take time. Now you see *why* SPEWS "refuse to acknowledge"?

And I agree -  the Checklab issue *should* have been solved *long*
before you where affected. You may want to ask (demand) Verio to add
some staffing to their abuse desk, to avoid getting Verio into trouble
as in your/Checklabs case in the future. After all, your money pays
their salaries, and their abuse desk *is* understaffed, due to
management priorities.

All the best,
Claes T



=== Verio forwards complaints to spammers for "listwashing" ===
From bwojr@rrnet.com Thu May 23 20:10:27 2002
Path: uni-berlin.de!fu-berlin.de!nntp.cs.ubc.ca!newsfeed.stanford.edu!postnews1.google.com!not-for-mail
From: bwojr@rrnet.com (Bruce Opheim Jr.)
Newsgroups: news.admin.net-abuse.email
Subject: Yet more proof  Verio loves spambags...
Date: 22 May 2002 20:07:40 -0700
Organization: http://groups.google.com/
Lines: 31
Message-ID: <1528fa32.0205221907.6694452f@posting.google.com>
NNTP-Posting-Host: 63.230.106.194
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1022123260 13717 127.0.0.1 (23 May 2002 03:07:41 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 23 May 2002 03:07:41 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1686495

MY complaint (search nanas):
www.inphonic.com spam sent from Mindshare and Verio just keeps letting
Mindshare spam all they want in wanton violation of several state
laws. Nice company Verio. Makes me want to hope they go out of
business
VERY soon.
I'd suggest Verio try to apply an appropriate AUP/Tos but apparently
that
would be a waste of time. Rot in Spews Verio. You suck! Hell you
couldn't
even whitewash this address from last complaints.
Bruce Opheim Jr.
bwojr@rrnet.com

Got this reply:
From: Customer_Relations@inphonic.com
Date: Fri, 17 May 2002 19:28:39  -0400
Subject: RE:[email] Free Wireless phones with Free Long Distance!!!
[#332834]
To: bwojr@rrnet.com
removed
Sincerely,
Andrea Springs
Customer Relations Department

Complain to Verio about Inphonic and get white washed.. proof that
Verio is sleeping with their spambags in a big way. Verio is a lousy
'Net neighbor and I sincerely hope Verio goes out of business.

Bruce Opheim Jr.
bwojr@rrnet.com



=== Verio ignores their Postmaster General spam complaints, listwashes but ===
=== the spam begins to flow again, and no way to stop ===

From rfg@monkeys.com Sat May 11 10:30:51 2002
Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu!postnews1.google.com!not-for-mail
From: rfg@monkeys.com (Ronald F. Guilmette)
Newsgroups: news.admin.net-abuse.email
Subject: Re: That's IT.  I have HAD IT with Verio and mb00.net.
Date: 10 May 2002 21:55:58 -0700
Organization: http://groups.google.com/
Lines: 231
Message-ID: <aacf586.0205102055.54c1fca4@posting.google.com>
References: <karlthec-A324E5.18325010052002@virt-reader.news.rcn.net>
NNTP-Posting-Host: 66.60.157.246
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1021092959 8903 127.0.0.1 (11 May 2002 04:55:59 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 11 May 2002 04:55:59 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1653473

Karl Czapla <karlthec@mac.com> wrote in message news:<karlthec-A324E5.18325010052002@virt-reader.news.rcn.net>...
> One of my spamtrap addresses (@yahoo) had been getting spam from one of 
> mb00's lists for some time now.  I eventually gave in and sent an 
> unmunged report using SpamCop to Verio, who seemed to have listwashed me.
> 
> But guess what?  The spam just started back up again!  Being powerless 
> to do anything else except JHD or remove, I sent the following to Verio 
> via verio.net@bitch-list.net (spam snipped at the headers since this 
> ain't NANAS).  
> 
> I encourage ALL who get mb00 spam, and do not already forward it via 
> bitch-list, to do the same.  I realize this is preaching to the choir 
> for the most part, but if I can even get one or two other users to 
> follow suit, I will have done my job.


It has already been proven many many times to be an utterly pointless
exercise in futility to forward spam to Verio.  They don't care, and
nothing you might do will make them care.  That's why they are in
SPEWS!

The only possible approach that might bear fruit is to start forward-
ing all of your Postmastergeneral and Verio spam to various addresses
that belong to Verio's parent company, NTT of Japan.

I provided a list of such addresses previously:

http://groups.google.com/groups?q=NTT+Verio+author:rfg%40monkeys.com&hl=en&scoring=d&selm=u04dghgmfvbcc%40corp.supernews.com&rnum=2

If everyone who got spammed from Verio just did this for about a week,
I'm confident that we would cease to have this massive Verio spam
problem.

Here's the list again:

postmaster@ntt.com
webmaster@ntt.com
k.hayamizu@ntt.com
hostmaster@ntt.com
root@ntt.net
yharada@will.brl.ntt.co.jp
domain-tech@ntt.net
ikeda.akio@ss.bch.ntt.co.jp
coling96@nttkb.ntt.jp
ehtbli@ntt.net
hirata@nefertiti.brl.ntt.co.jp
igy@arhc.org
t.imoto@ntt.com
nakayama.ryuji@lab.ntt.co.jp
t-ymmt@aecl.ntt.co.jp
hisadome@exa.onlab.ntt.co.jp
terada@exa.onlab.ntt.co.jp
nakayama.ryuji@lab.ntt.co.jp
horima.toshihiko@lab.ntt.co.jp
korea-gl@ntt.com
AgentAction@mmgw.nsc.cae.ntt.co.jp
ArcstarMobile@ntt.com
aptivapack@ntt.ocn.ne.jp
aw-info@ntt.com
b2b@ains.nttdata.co.jp
bba@ntt.com
billing-co@ntt.com
buildarc@ntt.com
business@ntt.com
buyer-nw@ntt.com
ckoho@tamail.rdc.ntt.co.jp
e-container@ntt.ocn.ne.jp
com@ntt.com
elesson-co@ntt.com
eps@ntt.com
esquare@ntt.com
free-navi@ntt.com
freedial@wins.pkt.ntt.co.jp
gigaway@ntt.com
guardit@ntt.com
h-info@ntt.com
home@ntt.com
ikenobo@ntt.com
in-info@ntt.com
info-ab@ntt.com
info-af@ntt.com
info-senyo@ntt.com
info-utrad@ntt.com
Finfo@ntt-wt.co.jp
info@ntt.com
iplc-sales@ntt.com
k.dozono@ntt.com
k.ojima@ntt.com
kaneko.atsushi@ntt.ocn.ne.jp
kaneko@vcn.ntt.com
kentei@ntt.com
koho-so@ntt.com
kokusai@ntt.com
m-support@ntt.com
masanobu.kondo@ntt.com
miwako.iyoku@ntt.com
mobilepack@ntt.ocn.ne.jp
mom@ntt.com
next@ntt.com
ninsyo@ntt.com
ocnpcpack@ntt.ocn.ne.jp
photobook@azb.nttls.co.jp
premier@ntt.com
rals-c@ntt.ocn.ne.jp
s-vpn@ntt.ocn.ne.jp
shigai@ntt.com
t.fujii@ntt.com
t.fujimoto@ntt.com
t.kurai@ntt.com
value-iad@ntt.com
workstyle@ntt.com
y.mizutori@ntt.com
yoshiharu.hamashima@ntt.com
Info@ntt-wt.co.jp
a.nishiharaguchi@ntt.com
abc@ntt.co.kr
air@ntt.com
apparelarc@ntt.com
appmaster@ntt.com
arcstar-ip-vpn@ntt.com
arcstarmobile@ntt.com
bba@ntt.com
blade@ntt.com
bldg@ntt.com
broadband@ntt.ocn.ne.jp
buildarc@ntt.com
business@ntt.com
callagecheck@ntt.com
cdpf@ntt.com
chemicalarc@ntt.com
ckoho@tamail.rdc.ntt.co.jp
com-choi@ntt.com
datacenter@ntt.com
drm@ntt.com
e-lesson@ntt.com
e-security@ntt.com
e-transit@ntt.com
ec-info@ntt.com
eco-m@ntt.ocn.ne.jp
epicot@ss.bch.ntt.co.jp
eps@ntt.com
evlan@ntt.com
free-navi@ntt.com
freedial@wins.pkt.ntt.co.jp
gigae@ntt.com
gigaway@ntt.com
gtrax@ntt.com
guardit@ntt.com
h.mitsuke@ntt.co.jp
h.mitsuke@ntt.com
h.sasaki@ntt.com
home@ntt.com
honyaku@ntt.ocn.ne.jp
i.okada@gad.ldg.bch.ntt.co.jp
in-info@ntt.com
info-ab@ntt.com
info-af@ntt.com
info-e@dali.ss.bch.ntt.co.jp
info-es@ntt.com
info-mama@ntt.ocn.ne.jp
info-relay@ntt.com
info-senyo@ntt.com
info@clearinghouse.ntt.com
info@gad.ldg.bch.ntt.co.jp
info@ntt-wn.co.jp
info@ntt-wt.co.jp
info@ntt.com
info@ntt.net
intern-pd@ntt.com
iplc-sales@ntt.com
ipv6@ntt.com
ka.kobayashi@east.ntt.co.jp
kahoru.tsuda@ntt.com
kaidai@ntt.com
kazuhisa.miyake@ntt.com
ke.sato@ntt.com
kentaro.suzuki@ntt.com
kentei@ntt.com
kimura.kazuo@ntt.ocn.ne.jp
koho-so@ntt.com
koho@mail.rdc.ntt.co.jp
korea-gl@ntt.com
kouhou@soumu.nttcom.co.jp
m.ashida@ntt.com
mdc-so@ntt.com
mmvnet@mm.bch.east.ntt.co.jp
mobileconnect@ntt.com
mom@ntt.com
monitoring@ntt.com
mpeloquinl@verio.net
n.yamaga@ntt.com
navi@ntt.com
navidial@wins.pkt.ntt.co.jp
netcast@ntt.com
nwd-info@ntt.com
ocn-sec@ntt.ocn.ne.jp
ocncafe@ntt.ocn.ne.jp
ocnhosting@ntt.ocn.ne.jp
ocnkids@ntt.ocn.ne.jp
ocnpcpack@ntt.ocn.ne.jp
online-shop@ntt.com
open@sinoa.east.ntt.co.jp
poc@ntt.ocn.ne.jp
press@nttdomain.com
procure@chuo.longdist.ntt.co.jp
rals-c@ntt.ocn.ne.jp
saitai-nw@ntt.com
saitai@sinoaml.east.ntt.co.jp
saitai@west.ntt.co.jp
saiyo@ntt.com
sasaki.t@east.ntt.co.jp
sharestage@ntt.com
shien-co@ntt.com
shigai@ntt.com
streaming@ntt.com
streamsales@ntt.ocn.ne.jp
t.kuboyama@pc.west.ntt.co.jp
t.kurai@ntt.com
t.morishita@ntt.com
take.yoshikawa@ntt.com
tech0033-co@ntt.com
trade-edi@sm2.bch.ntt.co.jp
trasec@ntt.com
user-info@ntt.com
v-net@mm.bch.east.ntt.co.jp
v-portal@ntt.com
wcs-co@ntt.com
webbox@ntt.com
y.hanada@ntt.com
y.sumida@ntt.com
yuji.katou@ntt.com



=== Verio forwarded the spam complaint to their spammer, doesn't mind to host ===
=== spammers if they don't use Verio's resources to send spam. Quoting the bill ===
=== that was never passed into the law, that supposedly legitimize the spam, is ===
=== ok with Verio, too (S. 1618) ===

From rippa042@hotmail.coma Wed Oct 24 10:19:45 2001
Path: uni-berlin.de!fu-berlin.de!news.tele.dk!small.news.tele.dk!207.115.63.138!newscon04.news.prodigy.com!newsmst01.news.prodigy.com!prodigy.com!postmaster.news.prodigy.com!newssvr21.news.prodigy.com.POSTED!not-for-mail
From: "Carl Woods" <rippa042@hotmail.coma>
Newsgroups: news.admin.net-abuse.email
Subject: verio sends complaint to spam hoster, response attached
Lines: 259
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 5.50.4522.1200
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4522.1200
Message-ID: <UqqB7.2444$MX1.743969916@newssvr21.news.prodigy.com>
NNTP-Posting-Host: 206.170.148.185
X-Complaints-To: abuse@prodigy.net
X-Trace: newssvr21.news.prodigy.com 1003893556 ST000 206.170.148.185 (Tue, 23 Oct 2001 23:19:16 EDT)
NNTP-Posting-Date: Tue, 23 Oct 2001 23:19:16 EDT
Organization: Prodigy Internet http://www.prodigy.com
X-UserInfo1: OXYYSWOELRVS@^LYMRKNOPDA[X_LPO@FKY\@LWQHBATBTSUBYFWEAE[YJLYPIWKHTFCMZKVMB^[Z^DOBRVVMOSPFHNSYXVDIE@X\BUC@GTSX@DL^GKFFHQCCE\G[JJBMYDYIJCZM@AY]GNGPJD]YNNW\GSX^GSCKHA[]@CCB\[@LATPD\L@J\\PF]VR[QPJN
Date: Wed, 24 Oct 2001 03:19:16 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1458399

Spammer-speak complete with Murk quote.
Copied to NANAS/NANAE.


----- Original Message -----
From: "Moic" <markinet@markinet.com>
To: <rippaxxx@hotmail.com>
Sent: Tuesday, October 23, 2001 8:03 PM
Subject: Re: (email) (SPEWS flag) (ntt/verio) Life Insurance - NOW
200110222124x15022


> This address has now been removed from our list.
>
>
> Hello-
>
> I have recieved your email...as addressed to: markinet@markinet.com
>
> From: Verio <abuse@Verio-hosting.com>
>
> Subject: xy199.com : Unsolicited Email 1 1DS-3012434
>
> 1. before we signed up with you, I spoke with a gentleman by the name of:
> Bob DeFrances <rdefrances@verio.net> and presented our situation to him.
He
> then connected us to someone in "support" by the name of "Steve"
>
> I outlined what we are doing before we started, and payment was made on
> this basis:
>
> 1. We send no mail from your web site. All outgoing mail is sent from a
> private server elsewhere from other sources.
>
> 2. We do not receive any mail at your website. All mail is received at
> alternative sources.
>
> 3. We do not refer to your website for any feed back.
>
> 4. Your site holds no web pages except those for our own use.
>
> 5. All mails going out are strictly monitored and comply with all known
> laws of the USA.
>
> Here is our disclaimer:
>
> THIS MESSAGE IS BEING SENT IN COMPLIANCE WITH PENDING EMAIL BILLS & LAWS:
> SECTION 301. PER SECTION, PARAGRAPH (a) (2) (c) of S. 1618.
>
> This message is not intended for any prospect who is under the legal age
of
> 18 , or those who do not wish to receive these e-mail's or those persons
> whom are residents in the State of WA, NV, CA & VA. If you wish to be
> removed automaticlly or are a Washington, Virginia, or California
resident:
>
> 6. We do not promote any of the following:
>
> a. Porn
>
> b. Sex
>
> c. Illicit
>
> d. illegal matters
>
> 7. We are a legitimate, paying customer of yours in several areas.
>
>
> 8. All outgoing emails have a valid and working: reply to, and valid
> "removes" link.
>
> 9. We are engaging the services of professional mailers who are sending
> this mail to their known "op-in" list of subscribers.
>
> 10. Please advise if we can correct the situation in any way,
>
> 11. Below, is a copy of the ad, converted from the code provided from
> below.
>
> Please advise...
>
> Thank you,
>
> jb
>
>
>
> *********** REPLY SEPARATOR  ***********
>
> On 23/10/01 at 7:45 PM Carl Woods wrote:
>
> >[spam]
> >
> >[@home mail source: 24.179.142.117]
> >
> >[@Home Network (NETBLK-HOME-2BLK)HOME-2BLK    24.176.0.0 - 24.183.255.255
> >@Home Network (NETBLK-DESMIA1-IA-4) DESMIA1-IA-4 24.179.128.0 -
> >24.179.143.255]
> >
> >[ntt/verio spamvertised web haven: 128.242.89.112 :
> > http://www.xy199.com/index.htm]
> >
> >[SPEWS flag:
> >Netname: VRIO-128-242
> >   Netblock: 128.242.0.0 - 128.242.255.255]
> >
> >Re:reply245c@reply.lynxdata.net (Administrator of network hosting email
> >address referenced in spam)
> >   To: abuse#home.net@devnull.spamcop.net (Notes)
> >
> >
> >
> >Return-path: <increasedopportunity@excite.com>
> >Received: from mta4.snfc21.pbi.net (mta4-pr.snfc21.pbi.net)
> > by sims3.snfc21.pbi.net
> > (Sun Internet Mail Server sims.3.5.2000.03.23.18.03.p10)
> > with ESMTP id <0GLO004NHG4HVU@sims3.snfc21.pbi.net> for
> >rippa@sims-ms-daemon;
> > Tue, 23 Oct 2001 14:10:14 -0700 (PDT)
> >Received: from localhost.localdomain ([24.179.142.117])
> > by mta4.snfc21.pbi.net (Sun Internet Mail Server
> >sims.3.5.2000.01.05.12.18.p9)
> > with ESMTP id <0GLO003VEG42H4@mta4.snfc21.pbi.net> for
> > rippa@sims3.snfc21.pbi.net; Tue, 23 Oct 2001 14:09:42 -0700 (PDT)
> >Received: from localhost.localdomain (localhost [127.0.0.1])
> > by localhost.localdomain (Postfix) with SMTP id 45C867B4; Tue,
> > 23 Oct 2001 09:34:48 -0500 (CDT)
> >Date: Tue, 23 Oct 2001 04:35:38 -0500
> >From: increasedopportunity@excite.com
> >Subject: Life Insurance - NOW 200110222124x15022
> >To: 200110222124x15022-devnul@excite.com
> >Message-id: <20011023143449.45C867B4@localhost.localdomain>
> >Content-type: text/html
> >Precedence: junk
> >BANNED: /etc/BadDomains
> >X-uid: 200110222124x15022
> >envelope_limit: 1
> >X-Bulkmail: 2.04
> >
> ><html>
> >
> ><head>
> ><meta http-equiv="Content-Type"
> >content="text/html; charset=iso-8859-1">
> ><meta name="GENERATOR" content="Microsoft FrontPage Express 2.0">
> ><title></title>
> ></head>
> >
> ><body>
> >
> ><p><SPAN lang="EN-US" style="COLOR: red"></SPAN>&nbsp;</p>
> >
> ><table border="0" bgcolor="#00D000" 613? #800000?>
> >    <tr>
> >        <td width="605" bgcolor="#FFFFF0" bordercolor="#FFFFF0"
> >        height="285">&nbsp;&nbsp;&nbsp; <p align="center"
> >        class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: red"><strong>ONLINE&nbsp;<O:P></O:P></SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: red"><strong>NO
> >        OBLIGATION TERM LIFE INSURANCE</SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: red"><strong>QUOTES<O:P></O:P></SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: red"><O:P></O:P></SPAN></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: blue"><strong>Save
> >        up to 70% on<O:P></O:P></SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: blue"><strong>Term
> >        Life Insurance<O:P></O:P></SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: blue"><O:P></O:P></SPAN></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: #ff0000"><strong>Highest
> >        Rated Companies</SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: #ff0000"></SPAN><SPAN lang="EN-US" style="COLOR:
> >#ff6600"><strong>Lowest
> >        Cost Coverage<O:P></O:P></SPAN></strong></p>
> >        <p align="center" class="MsoNormal"
> >        style="MARGIN: 0cm 0cm 0pt; TEXT-ALIGN: center"><SPAN
lang="EN-US"
> >style="COLOR: #ff6600"><O:P></O:P></SPAN></p>
> >        <p align="center"><u><SPAN lang="EN-US" style="FONT-SIZE: 12pt;
> >COLOR: fuchsia; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family:
> >'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US;
> >mso-bidi-language: AR-SA"></u><a
> >        href="http://www.xy199.com/index.htm?ID=paba"><strong><u>Click
> >        here for free quote!</u></strong><u></SPAN></u></a></p>
> >        <p align="center"><u><SPAN lang="EN-US" style="FONT-SIZE: 12pt;
> >COLOR: fuchsia; FONT-FAMILY: 'Times New Roman'; mso-fareast-font-family:
> >'Times New Roman'; mso-ansi-language: EN-US; mso-fareast-language: EN-US;
> >mso-bidi-language: AR-SA"></u><a
> >        href="mailto:reply245c@reply.lynxdata.net"><strong><b><u>Reply
> >        To:</u></b></strong><u></SPAN></u></a></p>
> >        <p><b>THIS MESSAGE IS BEING SENT IN COMPLIANCE WITH
> >        PENDING EMAIL BILLS &amp; LAWS: SECTION 301. PER SECTION,
> >        PARAGRAPH (a) (2) (c) of S. 1618.</b><br>
> >        This message <strong>is not intended</strong> for any
> >        prospect who is <strong>under the&nbsp;legal age of 18</strong>
> >        , or those who do not wish to receive these e-mail's
> >        &nbsp;or those persons whom are residents in the State of
> >        WA, NV, CA &amp; VA.&nbsp;If you wish to be removed
> >        automaticlly or are&nbsp;a Washington, Virginia, Nevada,
> >        or California resident: </p>
> >        <p align="center"><a
> >
>
>href="mailto:200110222124x15022remove@remove.lynxdata.net?Subject=Please_re
> m
> >ove_from_paba"><font
> >        color="#0000FF" size="3" face="Times"><strong>Please
> >        Remove&nbsp;Your Address Here</strong></font></a> </p>
> >        <p align="center"><strong>Failure to click here will not
> >        remove your address automatically.</strong></p>
> >        <p align="left"><strong><select name="." size="1">
> >            <option selected
> >value="paba010908gl001">paba010908gl001&nbsp;</option>
> >
>
></select>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;
> &
> >nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;We
> >        honor all removal requests.&nbsp;&nbsp; </strong></p>
> >        <p align="center">Copyright (c) 2001&nbsp;Mailers
> >        Associated.&nbsp;(All Rights Reserved)<br>
> >        Designated trademarks and brands are the property of
> >        their respective owners.</p>
> >        </td>
> >    </tr>
> ></table>
> ></body>
> ></html>
>
> a
>
>


=== Verio says to go and unsubscribe from their spammers' list ===
=== instead of stopping their persistent and unstoppable Postmaster ===
=== General / Mindshare Desighn spammers ===

From davidwiz@erols.com Fri Dec 14 01:04:37 2001
Path: uni-berlin.de!fu-berlin.de!feeder.qis.net!feed2.news.rcn.net!feed1.news.rcn.net!rcn!not-for-mail
From: David Wisniewski <davidwiz@erols.com>
Newsgroups: news.admin.net-abuse.email
Subject: Verio Says - Eat Your Spam
Date: Thu, 13 Dec 2001 14:57:02 -0500
Organization: The Spanish Inquisition
Lines: 68
Message-ID: <3C19080E.9B90045C@erols.com>
Reply-To: davidwiz@erols.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: UmFuZG9tSVY12tWR83xhc7ssSaaCJT3kFr2tQvneltowE7h2KrkXnGaDbzFdj4Hq
X-Complaints-To: abuse@rcn.com
NNTP-Posting-Date: 13 Dec 2001 19:58:03 GMT
X-Mailer:  Mozilla 4.78 [en] (Win98; U)
X-Accept-Language:  en
Xref: uni-berlin.de news.admin.net-abuse.email:1540513

-------- Original Message --------
Subject: Re: [IDS-3193828] [email] SPAM: Here is your Frree T-Shirt,
please confirm
Date: Thu, 13 Dec 2001 11:20:15 -0700 (MST)
From: Sarah Pollister <support@viaverio.com>
To: davidwiz@erols.com


If you would like to remove your name from any further emails or mailing
lists administered by MindShare Design/PostMaster General, please visit
http://postmastergeneral.com/addrem.html. On this page, you will be able
to opt out of specific mailing lists or permanently remove your name
from all mailing lists administered by MindShare Design/PostMaster
General.

Please be aware that removals may take up to 72 hours. If you continue
to see unwanted emails from MindShare Design/PostMaster General or one
of the lists administered by MindShare Design/PostMaster General beyond
72 hours, please email MindShare Design/PostMaster General at
nospam@mindsharedesign.com.

We hope this information is helpful.

Sarah
Verio Webhosting Support

==== Excerpt from your message received 12/7/2001 10:24:20 MST ====
>Attention SECURE.NET:  The spam is coming from 209.133.65.60 which
>belongs to you.  Please take care of it.
>
>
>-------- Original Message --------
>Return-Path: <pmgsender@returns.postmastergeneral.com>
>Received: from mx01.mrf.mail.rcn.net ([207.172.4.50] [207.172.4.50])by
>mta01.mrf.mail.rcn.net with ESMTPid
><20011207121925.TZCN13519.mta01.mrf.mail.rcn.net@mx01.mrf.mail.rcn.net>;Fri,
>7 Dec 2001 07:19:25 -0500
>Received: from 209.133.65.60.mindsharedesign.com ([209.133.65.60]
>helo=b.pm0.net)by mx01.mrf.mail.rcn.net with esmtp (Exim 3.33 #10)id
>16CJyO-0000oy-00for davidwiz@erols.com; Fri, 07 Dec 2001 07:19:24 -0500
>Received: from i1008.pm0.net (209.133.67.243.mindsharedesign.com
>[209.133.67.243] (may be forged))by b.pm0.net (8.11.0/8.9.3) with ESMTP
>id fB7FBjm26635for <davidwiz@erols.com>; Fri, 7 Dec 2001 07:11:45 -0800
>Received: (from pmguser@localhost)by i1008.pm0.net (8.11.0/8.9.3) id
>fB7EBXj05526;Fri, 7 Dec 2001 06:11:33 -0800
>Message-Id: <200112071411.fB7EBXj05526@i1008.pm0.net>
>X-Authentication-Warning: i1008.pm0.net: pmguser set sender to
>pmgsender@returns.postmastergeneral.com using -f
>From: J a N et
><tshirtnews.0.twmi5ee3r0iihom2roljlcwxtklji===@reply.pm0.net>
>To: <davidwiz@erols.com>
>X-PMG-Userid: tshirtnews
>X-PMG-Recipient: davidwiz@erols.com
>Subject: Here is your Frree T-Shirt, please confirm
>Date: Fri, 07 Dec 2001 09:11:32 EST
>MIME-Version: 1.0
>Content-Type: text/plain; charset="iso-8859-1"
>X-Spam-Warning: This message was accepted from a host or IP address
>whichis suspected of being used to distribute spam.  Please
>seehttp://www.mail.rcn.net/external/x-header/ for more information
>X-Mozilla-Status: 8001
>X-Mozilla-Status2: 00000000
>X-UIDL: <200112071411.fB7EBXj05526@i1008.pm0.net>
>
>Get your Free T-Shirt, please confirm
>
>Thank you for joining Free T-Shirt News.
>Please CLICK the link or simply reply ...



=== Verio refuses to effectively deal with their abusable formmail script ===
=== users, but does legal threats to the blocklist maintainer, when those ===
=== proved to be abused IPs were listed on the blocklist ===

From rfg@monkeys.com Fri May 31 07:51:17 2002
Path: uni-berlin.de!fu-berlin.de!fr.usenet-edu.net!usenet-edu.net!freenix!sn-xit-01!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: rfg@monkeys.com (Ronald F. Guilmette)
Newsgroups: news.admin.net-abuse.email
Subject: BLOCK,LEGAL: Cartooney threat: Verio vs. formmail.relays.monkeys.com
Date: Fri, 31 May 2002 01:09:23 -0000
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <ufdja3ohikmb7d@corp.supernews.com>
X-Complaints-To: newsabuse@supernews.com
Lines: 180
Xref: uni-berlin.de news.admin.net-abuse.email:1701975


Some background...

I run an anti-spam list of known/proven FormMail spam sources for the
benefit of the Internet community.  The list can be referenced as:

	formmail.relays.monkeys.com

IP addresses get added to this list by being sources of FormMail spam.
There is no other way to get listed on this list.  No opinions or
judgement calls are involved.  Many sites are using this list now
to filter out Formmail spam.

I consider the removal of IP addresses from this list as being merely
a necessary courtesy that I must extend to the sites that get listed,
when and if they actually fix the FormMail spam problem, completely,
on their end.  In an ideal world, 100% of the burden of dealing with
the problems created by the sites that have been sources of FormMail
spam would fall onto those sites themselves, and they would ``remove''
their own outgoing mail servers from the FormMail list simply by chang-
ing the IP addresses of those servers.  But we don't live in that ideal
world, and my feeling is that the sites that are using my FormMail list
for spam filtering do desire and expect me to process removal requests
from any and all listed sites that have in fact fixed the FormMail prob-
lem, completely, on their end.  And I do process such removal requests
in all cases where I am convinced that the problem has really been solved,
and that the IP addresses to be removed will never again be sources of
FormMail spam.

When I get requests for removals from the FormMail Spam Sources list,
I separate them into one of two categories, i.e. (1) non-web-hosting
organizations and (2) companies that do web hosting as part of their
business portfolio.

In the case of non-web-hosting organizations, I try my best to verify
that the organization has either fixed or removed the problematic
FormMail script... typically there is only one... and then, when that
seems to have been accomplished, I remove the relevant IP address.

In the case of companies that do web hosting for other parties as a
normal part of their business (most of whom allow their end users to
upload and install any old CGI script at any time), I have been asking
these companies to either (a) use the FormMail Spam Sources list to
do mail filtering on their own mail servers[1], or else (b) to scan
all of their CGI-enabled directories, every night, to find new FormMail
scripts.

In the latter case, I _do not_ just let them get by with a vague and
non-specific statement like "yea, we do scanning", in part because I
have already learned that an awful lot of companies have the Wrong
Idea about how to do such scanning properly.  Many seem to think that
just scanning for files with filenames like "formmail.pl" or "FormMail.cgi"
is sufficient to find all of these bad scripts.  I disabuse them of that
notion and ask that they use a different scanning technique whereby they
first find all Perl CGI scripts that are marked as executable, and then
grep each of those for the string "Matt Wright".  (This will of course
also find other non-FormMail kinds of Matt Wright scripts, but given that
all such are known to be dangerous, security-wise, this bit of ``overkill''
may in fact be helpful in finding additional problematic CGI scripts.)

So anyway, that's what I do when I get requests from web hosting
companies who want their IP addresses removed from the FormMail Spam
Sources list.

So far, most of the web hosting companies that I have dealt with, and
who have requested removal have either been willing to comply with these
conditions or else they have just sulked off quietly and either changed
the IP addresses of their mail servers or else they have decided to just
live with the blocking on a permanent basis.  The majority have in fact
implemented the nightly scanning of their CGI directories, as per my
recommended procedure.

Then comes Verio.  These folks tell me that they scanned for the bad
_filenames_ once, two weeks ago, and that if that's not good enough
for me, then it must be _my_ problem.  (As noted above, scanning for
_filenames_ is definitely _not_ sufficient to completely solve the
FormMail problem.  Also, of course, some of Verio's less-well-clued
customers may have uploaded bad Formmail scripts since the one and
only scanning pass that Verio claims to have performed on their servers,
two weeks ago.)

In a rather stunning display of self-centered arrogance, someone claiming
to be Jeff Richard, Manager, Abuse Dept.  NTT/VERIO sent me the e-mail
message attached below.  Please note the not-at-all-veiled cartooney
threat.

Mr. Richard, in the privacy of his own mind, apparently believes that I'm
not ``cooperating'' with ISPs.  It would be more accurate to say that I'm
not merely bending over whenever _Verio_ requests me to do so.  I have in
fact been working with other large web hosting companies to fully and
permanently resolve the net's FormMail spam problem, and in most cases so
far, these cooperations have resulted in successful outcomes where all
users of the FormMail Spam sources list may be sure that these other
companies will never again be sources of FormMail spam.

Unfortunately, on advice of council, I can no longer communicate directly
with Mr. Richard and/or Verio, and I will not attempt to do so in any way.

I will not however discourage other paries who may have opinions on all
of this from making those opinions known to Verio and/or Mr. Richard.
(Not that I expect any such opinions to make any difference.  The current
reputation of Verio with regards to control of spam from and within their
network is well known by now, I believe.)

Certainly, anybody who does contact Verio should, in the first instance,
make inquiries regarding Verio's actions, or lack thereof, with regards
to the following open proxies located on AS 2914 (Verio's network) which
I reported to Verio over a week ago.  These are a more significant and
dangerous kind of security problem on Verio's network, relative to any
remaining FormMail scripts, and most or all of these proxies appear to
still be open at the present time.

128.241.240.176:1080:s4 2914
129.250.208.254:80:hc 2914
199.103.158.2:1080:s4 2914
199.237.6.114:3128:hc 2914
204.2.44.66:80:hc 2914
205.146.38.2:80:hc 2914
205.146.38.3:80:hc 2914
205.146.38.4:80:hc 2914
207.20.36.166:1080:s4 2914
207.57.33.10:8080:hc 2914
207.199.5.153:80:hc 2914
207.197.196.7:1080:s4 2914
207.197.196.7:1080:s5 2914
207.197.204.134:80:hc 2914
207.197.204.134:1080:s5 2914
207.241.85.29:3128:hc 2914
209.39.70.25:1080:s5 2914
209.39.70.25:1080:s4 2914
209.75.96.135:1080:s4 2914
209.170.16.98:8080:hc 2914
209.170.16.98:80:hc 2914


Regards,
rfg


======
[1] In which case I will only list that company's web servers, when and
as appropriate, so that there can be a model of mail security much like
what Alan Brown used to employ with ISPs to handle the case where custo-
mers are ``smart hosting'' outgoing mail out thru the ISP's main mail
servers.


=========================================================================
Return-Path: support@verio-hosting.com
Delivery-Date: Thu May 30 13:47:19 2002
Return-Path: <support@verio-hosting.com>
Delivered-To: admin@monkeys.com
Received: from mail07a.vwh1.net (mail07a.vwh1.net [209.238.9.57])
	by segfault.monkeys.com (Postfix) with SMTP id 2BC73660B
	for <admin@monkeys.com>; Thu, 30 May 2002 13:47:10 -0700 (PDT)
Received: from ids03.team-center.net (128.242.54.146)
	by mail07a.vwh1.net (RS ver 1.0.63s) with SMTP id 240988;
	Thu, 30 May 2002 16:46:48 -0400 (EDT)
From: Jeff Richard <support@verio-hosting.com>
Subject: Re: [IDS-3900617] redroversolutions.com - HOSTING SUPPORT QUESTION
To: admin@monkeys.com
Date: Thu, 30 May 2002 16:46:48 -0400 (EDT)
X-Loop-Detect: 1
Message-Id: <20020530204713.2BC73660B@segfault.monkeys.com>

Monkeys.com Admin:

I want to make this very clear.  The Verio servers that have formmail.pl or ANY variation of that name (e.g. bformmail.pl, ForMmail.pl, etc..) have been disabled.  Such scripts will no longer be executed on our servers for any reason, ever.

Respectfully, Monkeys.com does not seem to want to cooperate with any ISP.  Your Policy seems to be to blacklist IP's and mail servers based on your needs.  The problem here is you do it without any attempt to contact an ISP.  Have you ever thought about working with an ISP to help solve the spam problems on the Internet or are you trying to be an authority figure for formmail abuse on the Internet?  I think you should consider working with an ISP rather than damaging a client's ability to use their e-mail effectively.

The bottom line here is you have absolutely no right to dictate what will and will not happen on the Verio network.  We have done what is needed to disable the use of this script.  We will not divulge proprietary information about our web servers, how we scanned for this script, or how we disabled this script.

Verio would like to work this issue to a resolution with your cooperation.  If you do not choose to work this way, please be advised that the Verio Legal Team is now investigating this issue and have been copied on this e-mail.

Thanks,

Jeff Richard
Manager, Abuse Dept.
NTT/VERIO SME



=== A notification that was sent to Verio by the formmail.relays.monkeys.com ===
=== maintainer about their insecure proxies 10 days ago. ===
=== They *all* are still insecure as in the last 48 hours ===

From rfg@monkeys.com Sat Jun  1 01:53:17 2002
Path: uni-berlin.de!fu-berlin.de!newsfeed.arcor-online.net!fr.clara.net!heighliner.fr.clara.net!isdnet!sn-xit-02!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: rfg@monkeys.com (Ronald F. Guilmette)
Newsgroups: news.admin.net-abuse.email
Subject: Verio Open Proxies Notification
Date: Fri, 31 May 2002 22:27:31 -0000
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <uffu6j2iai5595@corp.supernews.com>
X-Complaints-To: newsabuse@supernews.com
Lines: 111
Xref: uni-berlin.de news.admin.net-abuse.email:1702567


What follows is a copy of the notification message that was sent,
by me, via e-mail to <abuse@verio.net> back on May 19th.

As noted in the other thread that I stared here recently regarding
Verio's antagonistic legal saber rattling against me, this noti-
fication message appears to have slipped imperceptably into the
black hole known as <abuse@verio.net>, never to be heard from
again.

The slightly more up-to-date list of open proxies on Verio's network
that I posted in the other thread differs in a few entries from the
one shown in the message below, but the two lists are about 90%
identical.

==========================================================================
>From bounces@monkeys.com  Sun May 19 01:56:32 2002
Return-Path: <bounces@monkeys.com>
Delivered-To: notify-log@monkeys.com
Received: by segfault.monkeys.com (Postfix, from userid 0)
	id EC79D6671; Sun, 19 May 2002 01:56:31 -0700 (PDT)
From: "Monkeys.Com Administrator" <admin@monkeys.com>
To: abuse@verio.net
Cc: notify-log@monkeys.com
Subject: SECURITY NOTIFICATION:  Open proxy list for AS 2914
Reply-To: "Monkeys.Com Administrator" <admin@monkeys.com>
Message-Id: <20020519085631.EC79D6671@segfault.monkeys.com>
Date: Sun, 19 May 2002 01:56:31 -0700 (PDT)


The message is a security notification regarding security problems
that were recently detected on your network, AS 2914.

The IP addresses shown below, which are located on your network,
were recently submitted to us as possible unsecured TCP proxies.
We have tested these IP addresses and found that they are indeed
dangerously unsecured open proxies.

Because these unsecured proxies may represent a serious security
threat to your network, and because these unsecured proxies may
also be abused, by either hackers or spammers or both, to attack
or to compromise the security of other networks elsewhere, we urge
you in the strongest possible terms to take all necessary actions
to either reconfigure or to disconnect these proxies from the
Internet immediately.

We also request that you respond to this e-mail message so that we
may be assured that this important security notification has in
fact been seen by at least one actual human and by at least one
authorized network administrator for AS 2914.

The list of unsecured TCP proxies that are known to exist on your
network (AS 2914) at the present time follows below.  Please note
that each line in the following list is composed of three parts,
separated by colons.  The first part is the IP address of the un-
secured open proxy.  The second part is the port number of the
unsecured proxy.  The third and final part of each line is a two-
character abbreviation denoting the protocol used by the proxy.
The abbreviations and their meanings are as follows:

	s4  -  SOCKS Version 4 protocol
	s5  -  SOCKS Version 5 protocol
	hc  -  HTTP CONNECT method protocol
	h2  -  Modified HTTP CONNECT method protocol

=========================
128.121.26.140:80:hc
128.241.240.176:1080:s4
129.250.208.254:80:hc
198.84.16.126:80:hc
199.103.158.2:1080:s4
199.237.6.114:3128:hc
204.2.44.66:80:hc
205.146.38.2:80:hc
205.146.38.3:80:hc
205.146.38.4:80:hc
207.199.5.153:80:hc
207.197.196.7:1080:s4
207.197.196.7:1080:s5
207.57.33.10:8080:hc
207.241.85.29:3128:hc
207.197.204.134:1080:s5
207.197.204.134:80:hc
209.39.70.25:1080:s4
209.39.70.25:1080:s5
209.75.96.135:1080:s4
209.170.16.98:8080:hc
209.170.16.98:80:hc
=========================

(Note that all of the proxies listed above have been re-verified as
being unsecured within the past 48 hours.)

Please respond to this message at your earilest convenience.  Please
send all responses to <admin@monkeys.com>.  Please be sure to include
your network's registered AS number in any and all communications with
us regarding the open proxy list given above.

If there is a better or more appropriate e-mail address to which we
should direct future messages regarding serious network security
issues involving your network, please be sure to include that e-mail
address in your reply to us.

Thank you for your cooperation.


Regards,
Administrator
Monkeys.Com
<admin@monkeys.com>



=== Verio's SLAPP against Monkeys.com ===
http://www.DolphinWave.org/spam/verio-demand.ps



=== And the result of this legal threat from Verio against the blocklist ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-post-02!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: rfg@monkeys.com (Ronald F. Guilmette)
Newsgroups: news.admin.net-abuse.email
Subject: ANNOUNCE: Policy change for formmail.relays.monkeys.com
Date: Thu, 27 Jun 2002 06:52:06 -0000
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <uhldgmt28pf3f6@corp.supernews.com>
X-Complaints-To: newsabuse@supernews.com
Lines: 29
Xref: uni-berlin.de news.admin.net-abuse.email:1730757

Beginning at midnight tonight, Wed June 26, 2002, for legal and
technical reasons that I will describe in detail at a later time,
no further processing of removal requests for the Monkeys.Com
FormMail Spam Sources List (formmail.relays.monkeys.com) will
be processed.  Additions to the list, based on evidence, will
continue to be made as in the past.

After tonight, all requests to have IP addresses removed from the
FormMail Spam Sources List will be declined, and all owners or
users of those addresses will be directed instead to change the
IP addreses of their servers if they wish to avoid the possible
negative consequences of having their current mail server IP
addresses listed.

I sincerly regret that I will no longer be able to process removal
requests for the FormMail Spam Sources List, but a combination of
legal reasons (which I will also elaborate on in the near future)
and personal time constraints now make that impossible.

All sites currently using the FormMail Spam Sources List should
seriously consider the implications of this policy change, and
should make adjustments to their use of the list as they deem
appropriate.


Regards,
rfg



=== Verio's Hostmaster says not to send complaints to them, but to ===
=== abuse@verio.net instead. And abuse@verio.net just ignores them ===

From wrjames.remove@kudzucountry.com Tue Jan 29 16:09:03 2002
Path: uni-berlin.de!fu-berlin.de!feeder.qis.net!feed2.news.rcn.net!rcn!newsfeed1.earthlink.net!newsfeed2.earthlink.net!newsfeed.earthlink.net!news.mindspring.net!not-for-mail
From: Wm James <wrjames.remove@kudzucountry.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: verio response.
Date: Tue, 29 Jan 2002 07:25:21 -0600
Organization: MindSpring Enterprises
Lines: 158
Message-ID: <ql8d5ukt5n7fqc5ge5dbp1ndps3neo7lul@4ax.com>
References: <tevb5u4v9uurlai55agl163ecrceu9km9q@4ax.com> <3c564de8.813143829@news.earthlink.net>
Reply-To: wrjames.remove@kudzucountry.com
NNTP-Posting-Host: 43.d8.86.47
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Server-Date: 29 Jan 2002 13:21:45 GMT
Cancel-Lock: sha1:fY8G5XAYcBGfMkG394NH1+WgwiE=
X-Newsreader: Forte Agent 1.8/32.548
X-NFilter: 1.2.0
Xref: uni-berlin.de news.admin.net-abuse.email:1585106

On Tue, 29 Jan 2002 07:43:02 GMT, marvin.glenn@no.valid.domain (Marvin
Glenn, ASNN) wrote:

>-----BEGIN PGP SIGNED MESSAGE-----
>
>I think I would've responded with something to the effect of:
>
>"If your abuse department did its job, I wouldn't need to send these
>reports to all the addresses I have for Verio."
>
>Though they probably would've just plonked my address.  I had that
>happen to me from a large ISP in '96.  Thank [god/$DEITY/us] (tinu)
>for MAPS and SPEWS.  Hard to plonk that.


Here's the whole exchange:

======================================================

On Mon, 28 Jan 2002 17:54:32 -0800, you wrote:

>
>William,
>
>abuse@verio.net is the department within Verio that handles spam 
>complaints.

When has that ever happened?  They've never handled spam complaints
before!  Ignoring or deleting, doesn't qualify as handling.  Has
something changed in the last few hours?  

>Sending your complaints to other departments within 
>Verio will NOT expedite them.  

Neither does sending complaints to abuse@verio.net . 

>If you choose to ignore this information, then your complaints will
>never reach the proper department that can facilitate your requests.
>
>Hostmaster

OK.  How will I know the difference?  Will someone email me and
actually tell me it was never read instead of just deleting it unread?

Please let me know.  This is interesting. Of hundreds of spam
complaints regarding hundreds of spammers, I've never even had a reply
until yours suggesting that if I don't do as you suggest then nothing
will be any different.  Doesn't that seem a little odd to you? 

William R. James


>
>In message <eavb5uko15e7d6b09eojbm36j4nt7c1abs@4ax.com>, Wm James writes:
>>
>>There is no need for you to allow your spammers to keep crapping in my
>>box either, but you keep doing it.
>>
>>When you stop ignoring complaints sent to abuse@verio.net then I'll
>>send them to abuse@verio.net.
>>
>>Fair enough?
>>
>>William R. James
>>
>>
>>
>>On Mon, 28 Jan 2002 16:42:54 -0800, you wrote:
>>
>>>Please send future spam complaints to abuse@verio.net. There is no 
>>>need to cc all the verio addresses that you have.  Thank you,
>>>
>>>Hostmaster
>>>
>>>
>>>In message <3lrb5u4fsg8f1q1bnqdlhfrrvf7tvnrkg4@4ax.com>, Wm James writes:
>>>>More garbage!
>>>>
>>>>Same spam, same spammer, same IP, same everything.
>>>>
>>>>
>>>>Spammer's pages:
>>>>www.listkast.com
>>>>http://www.qksrv.net/click-1014390-10581
>>>>https://www.cihost.com/?zone=products/limited_time_offer_signup&id=listkast.com
>>>>https://www.paypal.com/affil/pal=ER8Y84GAL8L8N
>>>>
>>>>Peddles for:
>>>>http://servedby.advertwizard.com/plugin/clickthru.phtml?60905|41729|2|18732|//www.mailingci
>>rc
>>>>ulars.com
>>>>www.advertwizard.com
>>>>www.mailingcirculars.com
>>>>
>>>>Spammer's drop boxes:
>>>>advertise@listkast.com
>>>>bart.bobrowski@shaw.ca
>>>>
>>>>Spam sent from:
>>>>207.150.80.229 = verio.net
>>>> sent through: 212.163.8.99
>>>> = BT Telecomunicaciones
>>>>
>>>>
>>>>
>>>>On Sun, 27 Jan 2002 22:33:47 -0700, "pedro" <pedro@hotmail.com> wrote:
>>>>
>>>>>Received: (qmail 95340 invoked from network); 28 Jan 2002 19:23:13 -0000
>>>>>Received: from unknown (HELO elara.antalis.es) (212.163.8.99)
>>>>>  by www.hostay.net with SMTP; 28 Jan 2002 19:23:13 -0000
>>>>>Received: from hotmail.com (207.150.80.229 [207.150.80.229]) by elara.antalis.es with SMTP
>> (
>>>>Microsoft Exchange Internet Mail Service Version 5.5.2650.21)
>>>>>	id DADR3LFR; Mon, 28 Jan 2002 06:35:39 +0100
>>>>>From: "pedro" <pedro@hotmail.com>
>>>>>To: <wromail@poczta.wp.pl>
>>>>>Subject: Email Lists
>>>>>Sender: "pedro" <pedro@hotmail.com>
>>>>>Mime-Version: 1.0
>>>>>Content-Type: text/html; charset="ISO-8859-1"
>>>>>Date: Sun, 27 Jan 2002 22:33:47 -0700
>>>>>Reply-To: "pedro" <pedro@hotmail.com>
>>>>>Content-Transfer-Encoding: 8bit
>>>>>Message-Id: <E16VHON-0002IP-00@sh2.1-sh.com>
>>>>>X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
>>>>>X-AntiAbuse: Primary Hostname - sh2.1-sh.com
>>>>>X-AntiAbuse: Original Domain - besna.org
>>>>>X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
>>>>>X-AntiAbuse: Sender Address Domain - hotmail.com
>>>>>
>>>>
>>>>Attached:
>>>>
>>>><html>
>>>><head>
>>>><title>Untitled Document</title>
>>>><meta http-equiv="Content-Type" content="text/html;
>>>>charset=iso-8859-1">
>>>></head>
>>>>
>>>><body bgcolor="#FFFFFF" text="#000000">
>>>><div align="center">
>>>>  <p><a
>>>>href="http://www.listkast.com/cgi-bin/counters/loadr.cgi?http://www.listkast.com?pedro"
>>>>target="_blank"><img
>>>>src="http://www.listkast.com/images/banners/bannerC01-08-2002.gif"
>>>>border="0"></a> 
>>>>  </p>
>>>>  <p>:: this email not sent by Listkast Inc., or anyone associated
>>>>with it.</p>
>>>></div>
>>>></body>
>>>></html>
>>>>
>>>>
>>
>>



=== Another Hostmaster@Verio's reply to send complaints to abuse@ (/dev/nul) ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!newsfeed.novia.net.MISMATCH!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Verio replies.. well... sort of...
Date: 28 Jun 2002 16:54:16 -0500
Lines: 110
Message-ID: <4mmphuk8osnfhgtcu3o99dklvk91hsi0s2@4ax.com>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:LTr7F9RgaFprOAnTHcFafYo+V60=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1732101

Well, at least one address there gets the emails.  Not that they want
it or do anything with it...

==========================================================

To: wrjames@spamreaper.org
Subject: Re: [IP Eng Req #10103] [EMAIL] Keep track of what your kids
are doing online! OLk
From: Hostmaster <hostmaster@verio.net>
Date: Fri, 28 Jun 2002 09:22:06 -0700
Cc: hostmaster@verio.net


abuse@verio.net is the proper department to send these reports to.
Although you may not get a direct response from them, they do work
on every request sent to them. hostmaster@verio.net can not help
you in any way with your abuse issue.

Hostmaster



In message <kvmmhu0qjbbudr3pimme173opib3umulg3@4ax.com>, Wm James
writes:
>
>When there is some evidence that abuse@verio.net actually gets read,
>sure.
>
>So far, you are the only indication I've EVER seen tat anyone at verio
>has ever read a complaint.
>
>Many of verio's customers are whining daily to
>news.admin.net-abuse.email about their emails bouncing.  They can't
>get an answer out of you either.   What should I tell them?  Why is
>verio continung to ignore all complaints regarding various blatent
>habitual abusers and selling IPs which you know are blocked to
>innocent suckers?
>
>If you give me an answer, I'll pass it on.
>
>William R. James
>
>
>
>On Thu, 27 Jun 2002 09:20:00 -0700, you wrote:
>
>>In message <mf1lhu8n667q35af6aurjbq9s77n1esham@4ax.com>, Wm James writes:
>>
>>please send abuse reports to abuse@verio.net,
>>
>>thank you,
>>
>>- hostmaster
>>
>>>Posted to usenet
>>>
>>>
>>>Spammer's pages:
>>>http://9wa@211.154.135.67/user0204/index.asp?Afft=M15
>>>     This means you connect using normal web http and authentication
>>>info 9wa to host 211.154.135.67 and fetch /user0204/index.asp?Afft=M15
>>>     The URL is accessible as
>>>http://211.154.135.67/user0204/index.asp?Afft=M15 (login as 9wa if
>>>needed) and is hosted by 211.154.135.67
>>>
>>>
>>>Spammer's drop boxes:
>>>ilan@interlink-marketing.com
>>>hostmaster@easyspace.com
>>>
>>>Spam sent from:
>>>161.58.168.148
>>>= interlink-marketing.net
>>>= verio
>>>     interlink-marketing.net resolves to 161.58.168.148
>>>     www.interlink-marketing.net resolves to 161.58.168.148
>>>     Mail for interlink-marketing.net is handled by
>>>interlink-marketing.net (10) 161.58.168.148
>>>
>>>
>>>
>>>On Wed, 26 Jun 2002 19:48:49 -0600 (MDT), alwayzhard007@aol.com ()
>>>wrote:
>>>
>>>>Received: (qmail 5443 invoked from network); 27 Jun 2002 01:43:46 -0000
>>>>Received: from interlink-marketing.net (161.58.168.148)
>>>>  by www.hostay.net with SMTP; 27 Jun 2002 01:43:46 -0000
>>>>Received: (imarket@localhost) by interlink-marketing.net (8.11.6) id g5R1mnS0
>>>0186; Wed, 26 Jun 2002 19:48:49 -0600 (MDT)
>>>>Date: Wed, 26 Jun 2002 19:48:49 -0600 (MDT)
>>>>Message-Id: <200206270148.g5R1mnS00186@interlink-marketing.net>
>>>>To: <about 40 addresses removed>
>>>>From: alwayzhard007@aol.com ()
>>>>Subject: Keep track of what your kids are doing online!
>>>                        OLk
>>>>X-AntiAbuse: This header was added to track abuse, please include it with any
>>> abuse report
>>>>X-AntiAbuse: Originator/Caller UID/GID - [0 0] / [0 0]
>>>>X-AntiAbuse: Sender Address Domain - interlink-marketing.net
>>>>
>>>>Below is the result of your feedback form.  It was submitted by
>>>> (alwayzhard007@aol.com) on Wednesday, June 26, 2002 at 19:48:49
>>>>---------------------------------------------------------------------------
>>>>
>>>>.:
>>>>
>>>>FIND OUT WHO THEY ARE CHATTING/EMAILING WITH ALL THOSE HOURS!



=== And about the Verio's so-called customers' support. An (ex-)customer speaks ===
Path: uni-berlin.de!fu-berlin.de!nautilus.eusc.inter.net!news.ticon.net
 !newsfeeder.mylinuxisp.com!nntp1.hal-pc.org!dfw-feed.news.verio.net
 !phl-feed.news.verio.net!nntp2.tagonline.com!not-for-mail
From: werdnaandrew@moc.sysgattagsys.com (Andrew Gideon)
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS - Needed Advice on getting unlisted
Date: 31 May 2002 20:23:52 GMT
Organization: TAG Online Inc.
Lines: 53
Message-ID: <ad8m4o$4gg$1@muffin.int.tagonline.com>
References: <676e24bc.0205301738.3841e57e@posting.google.com>
  <hgodfuonk6aeep03i3rbq0vap1i09g5isp@news.supernews.com>
  <676e24bc.0205310130.d3fc1bd@posting.google.com>
NNTP-Posting-Host: cake.int.tagonline.com
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: muffin.int.tagonline.com 1022876632 4624 192.168.2.35 (31 May 2002
  20:23:52 GMT)
X-Complaints-To: news@news.tagonline.com
NNTP-Posting-Date: 31 May 2002 20:23:52 GMT
X-Newsreader: knews 1.0b.1
Xref: uni-berlin.de news.admin.net-abuse.email:1702507

In article <676e24bc.0205310130.d3fc1bd@posting.google.com>,
        raj@lauhala.com (Roger Jacobs) writes:

> I may have to move, although I have been happy with verio for years.

I was a happy client of a pre-Verio New York Net.  But since Verio
bought it - and more so since the NYNet owner left Verio - things
have been sliding fast.

It's not just the spam, although that's part of the overall theme.
We'd two locations connected to Verio circuits, both exchanging BGP
feeds.  One was full, the other partial.

Verio used to send 0/0.  But when they moved our circuits from
Cisco routers at their end to Junipers, they stopped.  They didn't
mention this change to us either; we had to discover it for ourselves.

When I asked that this be fixed, I received a runaround which ended
up with "our IP Engineering Group says 'no'".  That is, Verio no
longer sends a default route with a partial BGP feed.  We're supposed
to use a different default-network, and simply accept the fact that -
with multiple upstreams - we can have routing loops.

More, since the owner left NYNet, I can no longer talk to any engineer
at Verio.  I can only pass messages through "technical support people"
that ask questions like "how do I spell BGP?".

Finally, tickets appear to be closed on a schedule that has no
relationship to whether or not the issue is resolved.  I'm of
the opinion that someone's bonus is based on closed tickets.
Otherwise, why create new ones instead of reopening the old?

So we've been replacing Verio circuits.  When we sent in a cancel
order, we received a nice note which asked if there was anything
they could do to keep the business, and which claimed that the
author's top priority was customer satisfaction.

I wrote the above to this person, but in more detail.  I closed
with my impression that all these issues - spam, lack of technical
contact, unwillingness to satisfy basic customer requests - all
spoke of a company that cares not at all about customers.

The reply I received was "you will be contacted".

Needless to say, I'm still waiting.

For what are you waiting?  Leave.  But do explain why.  Perhaps
enough departures - with explanations - will move them.

[Even the abuse desk people have told me that they cannot
 do anything, and that I should contact sales.]

        - Andrew



=== Another customer shows that Verio is all "black" ===
From: RoastedBillyGoates@hotmail.com (Roasted Billy-Goates never reads email sent to him.  Post to the group.)
Newsgroups: news.admin.net-abuse.email
Subject: Verio is black - incontrovertible proof; what next?
Date: 6 May 2002 16:50:47 -0700
Organization: http://groups.google.com/
Lines: 397
Message-ID: <8c57314e.0205061550.3577408@posting.google.com>
NNTP-Posting-Host: 12.236.109.6
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1020729047 23122 127.0.0.1 (6 May 2002 23:50:47 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 6 May 2002 23:50:47 GMT


Posting this on behalf of an aquaintance.
To: drg@verio.net, abuse@verio.com
Date: Mon,  6 May 2002 14:57:58 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi, Darren.  I'm still waiting forr a response to my email sent 4/22
at 2:28PM PST, which you confirmed receiving in an email dated 4/23/02
at 2:04 PM.

This email follows up on
the email I sent 4/26/2002   12:39 PM,
the email I sent 26 Apr 2002 10:07:32 -0700, which you confirmed
receiving in an email dated 4/26/02, also at 2:04 PM
the email I sent 23 Apr 2002 18:39:22 -0700,
the email I sent 23 Apr 2002 13:37:10 -0700,
and another voicemail, all asking you to respond to the same email,
with the same set of issues.

These emails were mostly sent with hushmail, so I have digitally
signed third party evidence that they were sent...and your own
confirmation that my email was received.  I also sent some of them to
ceo@verio.com, and to verio.com@bitch-list.net, which forwards to the
addresses of much of Verio's top management*, as well as all the
standard addresses to send abuse messages to. No responses were
received.  Thus, based on the lack of a response, despite confirmed
receipt of the emails, and ample time to respond, I'm led to the only
logical conclusion: there is a systematic failure at verio to deal in
any appropriate way with customers that are spammers.  Any clueful
person who reads this email must come to the absolutely clear,
unavoidable conclusion that verio is actively and knowingly hosting
spammers in violation of its own AUP.

IMNSHO, the only reasons Verio has been responding to me up to this
point are that I'm a Verio customer, and that I have been EXTREMELY
DILIGENT AND INSISTENT that you do so.  It has taken the nearly thirty
(30) emails I've sent to get this far.  None of my emails to
abuse@verio.com have ever garnered any (non-automated) response; it
was only when Verio support contacted you on my behalf that you
started responding.

I asked you to answer several questions, and resolve 4 abuse issues,
which Verio has been aware of for between two weeks and 9 months, and
make some changes to your AUP.  None have been answered.  None have
been resolved.  None were made.  I ask you once again to answer the
questions, and resolve the issues, and make the changes.  Also, if I
have ever misquoted Verio, its policies or network status or anything
you have said in any way, in any of my emails to Verio, please let me
know immediately; to date, you have not claimed that I have.

Z: You are still hosting Grunt, who is still hosting (as of 4/28)
dvds4adults (e.g. at
http://www.internetcybermarketing.com/Merchant/merchant.mv?Screen=SFNT&Store_Code=dvd.)
As I have established in my previous emails to you, Verio has been
aware of this issue since 8/6/01.

A:
128.121.24.0/24 IP range of Verio needs to be shut down: (still up and
active as of 5/6, hosting the spamvertised sites)
http://groups.google.com/groups?hl=en&safe=off&threadm=200204171826.02636%402002.dolphinwave.org&rnum=7&prev=/groups%3Fhl%3Den%26safe%3Doff%26as_drrb%3Dq%26q%3Dverio%2Bgroup%253Anews.admin.net-abuse.*%26as_qdr%3Dw%26btnG%3DGoogle%2BSearch

B:
Verio could send a letter out to iserver folks
saying the security hole *requires* that customers close any open
relays and at the same time state the necessary mods
that need to be done to fix the FormMail problem.
http://groups.google.com/groups?hl=en&safe=off&threadm=aacf586.0204150153.2c6810e1%40posting.google.com&rnum=2&prev=/groups%3Fq%3Dverio%2Bgroup:news.admin.net-abuse.*%26hl%3Den%26safe%3Doff%26as_qdr%3Dw%26selm%3Daacf586.0204150153.2c6810e1%2540posting.google.com%26rnum%3D2
(No response.)

C: axincapital.com, AKA washington.myonlinerealtor.com, AKA
161.58.240.126 needs nuking  (Still up and active and on Verio 5/6/02
at 161.58.240.126.)
http://groups.google.com/groups?hl=en&safe=off&threadm=d0.25ecc03d.29f1b937%40aol.com&rnum=1&prev=/groups%3Fhl%3Den%26safe%3Doff%26as_drrb%3Dq%26q%3Dverio%2Bgroup%253Anews.admin.net-abuse.*%26as_qdr%3Dw%26btnG%3DGoogle%2BSearch




The questions asked included the following, plus a few other questions
I have omitted, but still want you to answer.

iv) Do you sometimes take only ineffective or no action when a valid
complaint is sent to abuse@verio.com that informs you of a customer's
spamming? ++
v) Do you sometimes take only ineffective or no action when a valid
complaint is sent to abuse@verio.com that informs you of a customer's
customer spamming? ++
vi) You said that management has instituted a set of guidelines that
the abuse department must follow, unless directed by Management.  Are
you willing to share those guidelines with me?



Did you investigate why you DID NOT cut off *Grunt* in a situation
that you have indicated would lead to that action?  What were the
results of said investigation?

I said
> > [Because] you allowed dvds4adults in your IP space for over 6 months,
> > several servers have chosen to block mail from ALL of Verio's IPs,
> > including the IP of my mail server, hence blocking my mail.  And I
> > suspect more will be doing so soon, because they see that Verio is
> > harboring spammers.  What is going wrong?
>
 You said:
> I think that answer is obvious.
You said that you are frequently frustrated and hence going grey,
because management regularly overrides the abuse department's decision
to terminate a customer.

I asked you to confirm that your team has been largely de-clawed by
management.++

- --------------begin footnotes and appendices-----------------------

++ As you have had six separate opportunities to answer questions iv)
and v) with 'no's, but instead provided only evasive responses, I
think I can safely assume that the answers to these questions are
"YES".

*verio.com@bitch-list.net is: abuse@verio.net , abuse@veriohosting.com
, abuse@verio-hosting.com , hostmaster@verio.net ,
domainadmin@verio.net , vipar@verio.net , admin@vwh.net ,
hostmaster@vwh.net , hostmaster@verio-hosting.com ,
veriohostmaster@verio.net , registrar@verio.net , support@viaverio.com
, sales@verio.net , reseller@verio.net , csm@clientservices.verio.net
, oop@clientservices.verio.net , oop@verio.net , ceo@verio.net ,
jcordero@verio.net, dschneider@verio.net , dschunk@verio.net ,
aandreoli@verio.net , jjaschke@verio.net , jhamrick@verio.net ,
mpeloquin@verio.net , yito@verio.net , sbrophy@verio.net ,
mbulder@verio.net , cdonelson@verio.net , pfritzinger@verio.net ,
lgeorge@verio.net , mcstewart@verio.net , iehringer@verio.net

- --------------begin email evidence; end
footnotes-----------------------

I began trying to have verio take action to resolve these issues when
I sent verio email on 3/27/02 in which I said :
> Hi. It appears that webcom is not doing enough to stop spammers.
>
> According to
> http://relays.osirusoft.com/cgi-bin/rbcheck.cgi?addr=209.1.28.141,
> my (your) SMTP server has been added to two blacklists.
> Please look into the policies of these blacklists and do what
> is necessary to get off them.
>
> As a customer (and antispam activist) I expect webcom to do
> everything necessary to keep blacklist operators happy, so
> that my legitimate mail gets thru.
I also included an important invitation email that I had sent to a
friend with a juno online account that bounced because of spam sent by
other Verio customers to juno.

A couple days later, after not receiving any response, I wrote in
part:

> Sent: Friday, March 29, 2002 3:34 PM
> To: abuse@verio.net; Geoff Millikan/John
> Senkier/Josh Pavlovich/Aaron Redshaw; ceo@verio.net
> Subject: wcm-melvex Worried about my email
>
>
> Hello.   Is this true?  As a verio/webcom customer, I'm
> concerned that your action/inaction is going to cause my
> email to not be delivered.
>
> Your AUP says that you may take action against spammers.  Is
> it your policy to sometimes not do so?  It appears so.
> Please be specific.  I think your AUP needs to be changed to
> be less spammer-friendly.  You should indicate that prompt
> action will be taken against TOS violators.  You should not
> tolerate spammers.
I enclosed the allegations made on usenet regarding abuse issue A:, in
the email above ***re. Grunt Work and 209.189.73/24 - DAMON HAS BEEN
AWARE OF THIS ISSUE SINCE 8/6/01.*** according to Chris O'Brien -
http://groups.google.com/groups?selm=3ca2220f%240%249550%24724ebb72%40reader2.ash.ops.us.uu.net&output=gplain
.

Also, note all the To: addressees of the email above. ceo@verio.net
DOES go to the office of the president, and there ARE people who read
it and respond, but don't take effective action. It has been my
experience that they only respond to email in which ceo@verio.net is
the ONLY addressee; I suggest you heed this information if you are
mailing ceo@verio.net.

I asked you to explain how you would respond to abuse complaints from
non-customers, after having been told by you (in form mail):
> Please be advised that Verio can only address abuse issues for customers.
Ryan Charles Cave replied (falsely, as this history proves):
We most definately take action against domains which are advertised in
UCE, regardless of the origon of the email.

You repeatedly asked for complete headers of the spam I was
complaining about, even though I repeatedly explained that I wasn't
complaining about an individual spam, so I sent you an example spam -
with complete headers :one regarding abuse issue A:, above.  (I
expressed my surprise that someone like you, who had been handling
abuse at Verio for several years, would show a complete lack of
understanding about spam, and my belief that you were being
intentionally obtuse.)  You falsely claimed that the issue had been
resolved, even though the spammer was still hosting his web store on
your network, and I pointed this out, but the web store is still up on
your network.
Emails were sent:  (Sent dates copied directly from the mail headers
(except for the last few, which were transcribed), sometimes with
direct quotes.)
Sent: Monday, March 18, 2002 2:02 PM
Sent: Friday, March 29, 2002 3:34 PM
Sent: Sunday, March 31, 2002 2:32 PM
Sent: Sunday, March 31, 2002 10:22 PM
Sent: Monday, April 01, 2002 5:25 PM
Sent: Tuesday, April 02, 2002 8:52 AM
Sent: Tuesday, April 02, 2002 11:35 AM
Sent: Tuesday, April 02, 2002 11:47 AM
Sent: Wednesday, April 10, 2002 11:37 AM
Sent: Thursday, April 11, 2002 2:34 PM
Sent: Thursday, April 18, 2002 5:05 PM
Sent: Thursday, April 18, 2002 5:47 PM
> To: 'Darren Grabowski'
> Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/24
>
>
> I seem to have hit a brick wall.
> I'd like to explain what I have planned if Verio continues to
> be unresponsive:
>
> 1)I have complained more than once to ceo@verio.com, which is
> the official address of the CEO (and spoken with his
> assistant Theresa Thornton, who reads his email), and I am a
> customer, and still no action has been taken.
>
> 2)I have put together a long list of important email
> addresses at webcom and verio and elsewhere that I will be
> informing of Verio's spam stance, including, but not limited
> to, a number of verio's prized employees.   I can use
> advanced techniques, such as the ones the spammers you host
> use, to ensure that you cannot block these emails.
>
> 3)I will be posting, non-anonymously, to several newsgroups,
> including NANAE, as I mentioned before, with full details,
> showing the lengths I've been to in trying to promote
> responsible action.  I will be following up on any postings
> to said newsgroups.

Sent: Thursday, April 18, 2002 10:21:36 AM (from hushmail)
Sent: Friday, April 19, 2002 10:17 AM
Sent: Friday, April 19, 2002 1:01 PM
Sent: Friday, April 19, 2002 2:58 PM
Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/2
> Darren Grabowski is quoted as saying:
> > Not all of the decisions to cut off a
> > spammer are made by my team.
>
> Can you elaborate on that?  Who else makes the decisions?
> What is the process?
>
> >
> > darren
> > --
> > Darren Grabowski                                   drg@verio.net
> > Team Lead - NTT/VERIO Security & Abuse      http://www.verio.net
> > office: 214.290.8680                           fax: 214.800.7771
> >                 "Carpe Diem Baby" - J. Hetfield
Darren has been with Verio abuse for several years.

Sent: Sunday, April 21, 2002 5:52 PM
> From: Darren Grabowski [mailto:drg@verio.net]
> > Sent: Saturday, April 20, 2002 10:27 AM
> > There are times when we move to terminate a customer, and it is halted
> > by a manager/director/V.P. in another department.  We do not have
> > the final say in who gets terminated in all cases.
> Thank you.  I imagine that being as anti-spam as you claim to be, this would sometimes be very frustrating.
(In a later reply, you replied that this frustrated you to the extent
that it was making your hair turn white.)

> > Unfortunately you get to see it from the outside.  I have found it to
> > be my experience that no abuse team has absolute authority in dealing
> > with spammers.
 
> I can't think of any legitimate reason for that to be the case.
> Certainly, Verio is in the business of maximizing its profits, not being a saintly company.  I'm trying to convince Verio management of, and ensuring that, being spam-tolerant is extremely inconsistent with profit maximization.  Make sense?
 
> > We do not discuss actions we take against our
> > customers, spammer or not.
> I imagine that often this is expedient and sometimes a good idea, but can't see any reason for it to be a blanket rule.  What's wrong with a response that says 'thank you, the issue has been dealt with'?
> Or even, why not respond : 'thank you, the issue has been dealt with by [sending a {first | last } chance warning <attached> | termination of the customer's service ] ' or 'this does not relate to a Verio customer'?
> It wouldn't be hard to, in most cases, send out one of a few informative, but standard responses.  It doesn't pose any legal difficulties.
 
> > If you're ever in Dallas, let me know and I can arrange
> > for you to meet with my team.

Sent: Date: Mon, 22 Apr 2002 12:30:16 -0700 (from hushmail)
Sent: Monday, April 22, 2002 2:28 PM
> Darren Grabowski is quoted as saying:
> > We have a set of guidelines that we must follow, so a termination
> > is not always the action we take.  Our actions are either
> > dictated by our guidelines or by Managements direction.
>
> Hmm... Are you willing to share those guidelines with me?

[regarding your not responding to complaints to abuse@verio.com]
> > These are the rules that were recommend by legal, and part of our
> > guidelines.
>
> Think there's any point taking it up with them (e.g. Carla -cdonelson@verio.net )?
> (Makes it easier for Verio to do nothing while pretending to
> be responsible.)

And the follow-ups to that email requesting a response:

the email I sent 4/26/2002   12:39 PM,
the email I sent 26 Apr 2002 10:07:32 -0700, (which you confirmed
receiving in an email dated 4/26/02 at 2:04 PM)
Sent: Friday, April 26, 2002 10:08 AM
To: 'Darren Grabowski'
Cc: 'ceo@verio.com'; 'Shelli Christy'
Subject: RE: RE: [NTT/VERIO #206165] spam from 209.189.73/24
wcm-melvex
I still haven't heard from you.  What's up?  I see that none of the
issues I've brought up have been resolved; all the services were still
up.  Verio management has NOT decided that, as I said "being
spam-tolerant is extremely inconsistent with profit maximization." 
I'm starting to react, but I still hope to hear from you.
Sent: Tuesday, April 23, 2002 6:39 PM (from hushmail)
the email I sent 23 Apr 2002 13:37:10 -0700, (from hushmail)
and another voicemail, all asking you to respond to the same set of
issues.

- --------------end footnotes and appendices-----------------------

Hush provide the worlds most secure, easy to use online applications -
which solution is right for you?
HushMail Secure Email http://www.hushmail.com/
HushDrive Secure Online Storage http://www.hushmail.com/hushdrive/
Hush Business - security for your Business http://www.hush.com/
Hush Enterprise - Secure Solutions for your Enterprise
http://www.hush.com/

Looking for a good deal on a domain name?
http://www.hush.com/partners/offers.cgi?id=domainpeople

-----BEGIN PGP SIGNATURE-----
Version: Hush 2.1

wlsEARECABsFAjzW/JEUHG1lbHZleUBodXNobWFpbC5jb20ACgkQjslZoD9Nz65YGQCb
B7butR7HLsKl/hVshRTLKtaOHMMAnjSBlMlTV3kYpi4IXGABRX+nyeug
=VQ10
-----END PGP SIGNATURE-----

Sorry about the hush advertising above; I can't delete it without
rendering the PGP signature invalid.

I have email addresses of some 3,000 verio customers.  I want to let
them know what verio is up to.  Anyone got a copy of one a those
direct-to-mx spamming programs I can use? Somone got one in order to
be better able to counteract 'em! Please let me know. I'm not about to
pay for one and I want to ensure that webcom can't block the emails. 
I'm also looking for someone to grant me a free strongly spam-filtered
email and web hosting account. Use: for fairly agressive, but legal
anti-spam activities that might prompt retaliation.  E.g.
o   publicizing the most effective spam-free tactics
o   getting IANA to refuse to grant, or even revoke spammer IP address
assignments
o   effecting citizen's arrests of verio and other spam haven officers
and employees for committing a public offense and felony theft of
service,
o   discussing, and even advocating, but not performing retaliatory
actions
Until I have such an account, to contact us, see the last paragraph,
below.

 
If you want to use this message in a SPEWS or ROSKO case or other RBL
nomination, UDP or IDP nomination, go for it.  Use it as evidence in a
felony theft of service, junk fax, or spam suit against verio and/or
its co-consipirators. Please feel free but keep it intact.  WE have
NOT done any of this; please feel free!!!  Take up the baton!!!

We'd like to thank Chris O'Brien, Paul Vixie, all the folks running
RBL blacklists, combat.uxn.com, SpamAssassin developers, the folks
behind bitch-list.net, spamlaws.com, spamcop.net, spamfaq.net,
spamhaus.org, rosko, BrightMail,  Erik Warmelink (compared to whom I'm
pro-spam), Phil Zimmerman for PGP, Hush for Hushmail (even if it is
problematic), and everyone else trying to stop spam, including those
providing financial support to people trying to create a spam-free
'net.

Email to me without "this is not spam" in the subject is directed
straight to the trash unread by automatic filters.  Even then, I don't
check it often. If you'd like to contact me or my acquaintance, reply
to this post with another post.  Obviously, verio knows who he is, but
he doesn't want to make his name publicly known.  We WOULD very much
like to hear from you.  Post a reply here, to N.A.N-A.E.  HOWEVER, If
you don't have anything constructive to say, please don't say anything
at all.  Trolls will not be fed.
If you insist on wanting to email my friend, you can get his email
address by correcting the obvious typo in the first sentence of this
email, and verifying the PGP signature.



=== Verio management forbids terminating their spammers ===
Path: uni-berlin.de!12-238-109-183.client.attbi.COM!not-for-mail
From: "Karl-Henry Martinsson" <khm@suespammers.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: BITCH-LIST -->  additional names for Verio
Date: Wed, 12 Jun 2002 00:31:43 -0400
Lines: 26
Message-ID: <ae6f4v$4e9ne$1@ID-62184.news.dfncis.de>
References: <02xN8.22422$xc2.2800632976@newssvr10.news.prodigy.com> <ae6d1a$ihi$1@charm.magnus.acs.ohio-state.edu>
NNTP-Posting-Host: 12-238-109-183.client.attbi.com (12.238.109.183)
X-Trace: fu-berlin.de 1023852512 4663022 12.238.109.183 (16 [62184])
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Xref: uni-berlin.de news.admin.net-abuse.email:1716632

"Jay Stuler" <no@no.thanks> wrote in message
news:ae6d1a$ihi$1@charm.magnus.acs.ohio-state.edu...
>
> <darryl_INVALID@rbdms_NOSPAM.org> wrote in message
> news:02xN8.22422$xc2.2800632976@newssvr10.news.prodigy.com...
> > A few additional names for verio net: Peter Allen  pallen@verio.net or
>
> That address does not exist and has not existed for some time.
>

damond@verio.net should work, though. At least it did about 6 months ago. I
also talked to Damon on the phone, so I know he exists. He confirmed that
Verio are aware of their spammers, but "management" does not want to
disconnect them, and abuse is not allowed to...
Damons supposedly works for their sorry excuse for an abuse department.
If I would not have promised Damon (who claim to lurk here in nanae but is
not allowed to post, again by order of "management") not to give out his
direct phone number, I would do that. But I gave him my word.

/KHM

PS. Damon's last name is Daugherty, and I got through to him by calling the
main Verio number in Colorado... That is not giving out his phone number, is
it? :-)



=== Verio president's office will not shut down Postmaster General spammers ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!panix!panix2.panix.com!not-for-mail
From: kludge@panix.com (Scott Dorsey)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Intlsteel.com (161.58.160.120) being blocked... request for removal
Date: 27 Jun 2002 19:45:20 -0400
Organization: Former users of Netcom shell (1989-2000)
Lines: 42
Message-ID: <afg82g$dli$1@panix2.panix.com>
References: <d8c6c82b.0206261351.48fee6b6@posting.google.com> <8k5nhu074u09u899lei5lrp1g7as9cdmcq@4ax.com>
NNTP-Posting-Host: panix2.panix.com
X-Trace: reader2.panix.com 1025221477 14590 166.84.1.2 (27 Jun 2002 23:44:37 GMT)
X-Complaints-To: abuse@panix.com
NNTP-Posting-Date: Thu, 27 Jun 2002 23:44:37 +0000 (UTC)
Xref: uni-berlin.de news.admin.net-abuse.email:1731339

On 26 Jun 2002 14:51:34 -0700, drbrianh@attbi.com (Brian Harris)
wrote:
>
>We currently leased some space off-site with Verio to host our email
>solution.  All seemed to be working fine until I started seeing relay
>denied messages.  As a result of searching, the SPEWS list is the only
>list I can find with our IP address on it.  I understand that our IP
>address was in a range of addresses formerly utilized by
>POSTMASTERGENERAL.COM .  Could someone point me in the right direction
>of the process(es) needed to remove our IP address from this list?  I
>would greatly be appreciative.

Which list?

The problem is that postmastergeneral spammed so hard and so long that
just about every large site put all of their address space into local
blocking lists.

If you were just on something like SPEWS, that would be comparatively
easy to get off of.  All that needs to happen to get off of SPEWS is
for the spam to stop.

But getting out of the local blocks is nearly impossible because there
are literally thousands of them.  The folks who run them usually don't
have any aging scheme, so nothing gets removed unless you talk to the
guy that runs the list at that site, and with thousands of sites you
can spend the rest of your life doing this.

Verio won't shut postmastergeneral down, at least that's what the
president's office told me when I talked with them two years ago.
They just keep moving them around to evade the blocking lists.  It
is entirely Verio's fault that you have a problem; they are selling
you a bad product.  Demand to be moved to clean address space because
what they are giving you is NOT what you are paying for.

I am still getting spam from postmastergeneral, by the way, and I am
continuing to add new Verio netblocks to my local blocking list as I
discover more spam coming from them.
--scott

--
"C'est un Nagra.  C'est suisse, et tres, tres precis."




=== Verio knows about their spammers and blocking - watches NANAE for posts about them ===
Received: (from dolphin@localhost)
        by mail.dolphinwave.org (8.11.6/8.11.6) id g5P8SgW02060;
        Tue, 25 Jun 2002 11:28:42 +0300
To: usenet-jun+nanae@2002.dolphinwave.org
Message-Id: <slrnahgadq.1jf.usenet-jun+nanae@orca.dolphinwave.org>
Posted-To: news.admin.net-abuse.email
From: Dolphin <usenet-jun+nanae@2002.dolphinwave.org>
Subject: Re: Redemption for IP's
References: <CzxR8.48431$9b.8977709@typhoon.austin.rr.com> <e0bdhug8ipp203ndkomnjlelpjlnt1jiio@news.supernews.com> <slrnahdgh3.92m.usenet-jun+nanae@orca.dolphinwave.org>
Organization: Private person
Sender: Alexander Sheremet <usenet-jun+nanae@2002.dolphinwave.org>
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
Date: Tue, 25 Jun 2002 11:28:42 +0300
X-Loop: dev.null@dolphinwave.org
Status: R 
X-Status: N

On 24 Jun 2002 06:54:34 GMT Dolphin <usenet-jun+nanae@2002.dolphinwave.org>
 wrote in message <slrnahdgh3.92m.usenet-jun+nanae@orca.dolphinwave.org>:
> On Sun, 23 Jun 2002 22:24:03 -0700 trebor@sirius.com.no.more <user@example.com>
>  wrote in message <e0bdhug8ipp203ndkomnjlelpjlnt1jiio@news.supernews.com>:
>> "klivingston" <klivingston@0world1web2systems.net> wrote:
>>
>>>I was given several IP's by my ISP that appeared have been reported and or
>>>used for spamming at some point.
>
><SNIP>
>> However, and here's where you need to pay attention, if the IPs are
>> listed because your ISP failed to respond quickly to reports of spamming
>> customers, it's a whole different deal. If this is the case, you're much
>> better off finding a different ISP.
>
> And to help you to make a decision, you can read just what a piece of SNIP
> your provider is:
>
> http://www.DolphinWave.org/spam/verio.txt  (85kB)
>
> Verio doesn't terminate any spammer, lies (even to their customers), lies
> again, forwards spam complaints to their spammers, sends cartooney threats
> to blocklist maintainers... You name it, they do it. All of Verio is blocked
> here until their management will be fired (preferring - literally, so nobody
> will by any accident go to another ISP).
>
> Dolphin.

So, Verio, will you do something about your spammers according to your
Acceptable Use Policy that you so like to quote in your auto-ignores,
or you will just sit there, swallowing all the $41t that people report
you flowing from your servers, and doing nothing, just lurking here?
You *did* read about that $41t, didn't you?

dagobah.noc.verio.net - - [24/Jun/2002:20:08:32 +0300] "GET /spam/verio.txt
HTTP/1.0" 200 87368 "http://groups.google.com/groups?hl=en&lr=&ie=UTF-8
&frame=right&th=f6e977f2f1cd7c7b&seekm=
slrnahdgh3.92m.usenet-jun%2Bnanae%40orca.dolphinwave.org#link1" "Mozilla/4.79
[en] (X11; U; Linux 2.4.9-21 i686)"

Dolphin.

-- 
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461



=== More of NANAE watching, following the link of one of their customer's ===
=== complaint on being blocked, and reading replies of people about Verio ===
dagobah.noc.verio.net - - [26/Jul/2002:20:38:14 +0300] "GET /spam/verio.txt HTTP/1.0" 200 123786 "http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&frame=right&th=4a82d67ae709d120&seekm=aOY%258.66004%24Yb1.71373%40sea-read.news.verio.net#link1" "Mozilla/4.79 [en] (X11; U; Linux 2.4.9-21 i686)"



=== As well as their parent company, NTT, knows about the Verio spam problem ===
NTT was looking for the arcstarmobile@ntt.com e-mail address, mentioned in
Google, and found my Verio spam file:

centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:27 +0300] "GET /spam/verio.txt HTTP/1.1" 200 118388 "http://www.google.co.jp/search?q=arcstarmobile@ntt.com&ie=UTF-8&oe=UTF-8&hl=ja&lr=" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

Then they've decided to look at the title page of mine (without reading the
Verio file):

centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:37 +0300] "GET / HTTP/1.1" 200 4852 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:38 +0300] "GET /Background/bg01.jpg HTTP/1.1" 200 1241 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /Background/bg01.jpg HTTP/1.1" 200 1241 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /sandy.gif HTTP/1.1" 200 4182 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /Dolphin-Ring/webring2.gif HTTP/1.1" 200 3105 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:39 +0300] "GET /logo.jpg HTTP/1.1" 200 3373 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /logo.jpg HTTP/1.1" 200 3373 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /sandy.gif HTTP/1.1" 200 4182 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:40 +0300] "GET /update.gif HTTP/1.1" 200 973 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:42 +0300] "GET /Dolphin-Ring/dolfring.gif HTTP/1.1" 200 22829 "http://www.dolphinwave.org/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

Now they take a look at my whole /spam/ archives:

centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /spam/ HTTP/1.1" 200 19580 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/blank.gif HTTP/1.1" 200 148 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/folder.gif HTTP/1.1" 200 225 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:38:55 +0300] "GET /icons/back.gif HTTP/1.1" 200 216 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
centris.noc.ntt.co.jp - - [17/Jul/2002:04:38:56 +0300] "GET /icons/text.gif HTTP/1.1" 200 229 "http://www.dolphinwave.org/spam/" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"
quadra.noc.ntt.co.jp - - [17/Jul/2002:04:40:30 +0300] "GET /favicon.ico HTTP/1.1" 404 293 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"

And now they decide to get that Verio file again, getting it from the cache
(to read?):

quadra.noc.ntt.co.jp - - [18/Jul/2002:08:13:07 +0300] "GET /spam/verio.txt HTTP/1.1" 304 - "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705)"



=== NTT looks for sex/porn messages related to them, archived on Google ===
silver.rdh.ecl.ntt.co.jp - - [03/Jul/2002:16:56:24 +0300] "GET /spam/verio.txt HTTP/1.0" 200 91608 "http://www.google.co.jp/search?q=ntt.co.jp+2002+Jun+sex&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)"
silver.rdh.ecl.ntt.co.jp - - [03/Jul/2002:16:58:19 +0300] "GET /spam/verio.txt HTTP/1.0" 200 114968 "http://www.google.co.jp/search?q=ntt.co.jp+2002+Jun+sex&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)"
classic.noc.ntt.co.jp - - [04/Jul/2002:02:50:11 +0300] "GET /spam/verio.txt HTTP/1.1" 200 114968 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; T312461)"
silver.rdh.ecl.ntt.co.jp - - [04/Jul/2002:15:41:21 +0300] "GET /spam/verio.txt HTTP/1.0" 304 - "http://www.google.co.jp/search?q=ntt.co.jp+porn&hl=ja&lr=&ie=UTF-8&inlang=ja&start=10&sa=N" "Mozilla/4.79 (Macintosh; U; PPC)"
silver.rdh.ecl.ntt.co.jp - - [19/Jul/2002:16:35:46 +0300] "GET /spam/verio.txt HTTP/1.0" 200 33208 "http://www.google.co.jp/search?q=NTT.co.jp+sex+porn&hl=ja&inlang=ja&ie=Shift_JIS" "Mozilla/4.79 (Macintosh; U; PPC)"


=== "We need to do all that we can do to keep our current bill paying customers." ===
=== Verio on the FuckedCompany.com ===
=== http://www.fuckedcompany.com/extras/verio6_email.cfm ===
To Verio employees

----- Original Message -----
CONFIDENTIAL - FOR INTERNAL DISTRIBUTION ONLY

MEMO

TO:   All Associates
FROM: Justin Jaschke, Chief Executive Officer, 
      and Alain Andreoli, President and Chief Operating Officer
DATE: June 21, 2002
SUBJECT: Company Update 

As we near the end of the second quarter, we wanted to provide you with an update on 
our progress this year and our current outlook on the company and the market in 
general.  We have made huge strides thus far in implementing our business plan, 
particularly in executing our restructuring initiatives and reducing our costs and 
cash burn rates.  In our meetings last week with NTT in Tokyo, both Mr. Suzuki, 
President and CEO of NTT Communications, and the new President designate of NTT 
Holdings, Mr. Wada, expressed their appreciation for the efforts put forth and 
significant progress made on this front and reiterated the importance of Verio?s role 
as the core element in NTT?s global IP strategy.

We do, however, continue to struggle to ramp-up revenues and must continue to deal 
with the very serious downturn in the Telecom industry in general.  Our number one 
priority going forward is to recapture revenue growth, even against this difficult 
industry backdrop, while continuing to manage our expenses and cash consumption.

YEAR-TO-DATE RESULTS

Our first quarter and year-to-date financial results are as follows:  

We are ahead of plan on contribution margin, EBITDA, capital expenditures and cash 
usage.  During 2002, you have done an outstanding job of executing the restructuring 
and cost reduction initiatives and have consistently and significantly reduced 
month-after-month operating expense.  Moreover, over the last year the company has 
made huge strides in key industry indicators such as:

         EBITDA - 71% improvement from ($20.8) million in June 2001 to ($6.0) million 
in May 2002.

         Revenue per Associate - 55% improvement from $96,600 in June 2001 to 
$149,400 in May 2002. 

It is also worth noting that the combined Web Hosting businesses are now positive at 
the contribution margin level and nearing EBITDA profitability after allocation of 
centralized expenses and corporate overhead.

THANK YOU for pulling together as one team to make this happen.    Without a doubt, 
these are nothing short of remarkable results achieved while enduring the perfect 
economic storm.

PRIORITY NUMBER ONE:  REVENUE GROWTH

Revenue - The Key Concern 

The major area of concern, as indicated in the financial results, is the gap between 
actual and planned revenues that has opened up in April and May.  The budget has a 
revenue ramp-up starting in the second quarter and throughout the remainder of the 
year.  Current projections indicate we may have a revenue shortfall because the 
revenue trend has yet to turn up.  

We know all of you are working hard to drive increased revenues and are running into 
weak market demand, accelerating price competition and an overall sluggish economy.   
The potential revenue shortfall requires us to monitor our progress closely, evaluate 
our results and look for further improvements and refinements to our approach which 
may include further reductions in staff in limited situations and additional 
partnering and outsourcing solutions to drive scale and share funding.

General Industry Conditions

We continue to experience a severe downturn in the Telecommunications industry in 
general and the Internet space in particular.   Industry sources indicate that overall 
demand in the U.S., for both web hosting and IP access services, declined slightly in 
the first quarter and continues to be very soft.  The general industry shakeout 
continues as we have recently seen Teleglobe, KPN/Qwest and XO Communications file for 
bankruptcy, Intel withdraw from the web hosting business (breaks our hearts) and 
Loudcloud sell their web hosting business to EDS at a fire sale price.  Even the 
largest competitors in the industry, such as Worldcom, Qwest and Sprint have had their 
debt downgraded to near-junk bond status.  Industry pricing has become intensely 
competitive as overcapacity persists and competitors act irrationally in their 
desperate attempts to survive.    

The bad news is that the industry drought continues, the rains are yet to come, and we 
must continue to manage our business in these extreme desert conditions.  The good 
news is that we have continued to improve our financial position and business 
operations in this environment, have the solid backing of NTT and are positioned as 
the safe choice in this sea of uncertainty, and stand to benefit from the continued 
demise of our competitors.  All these shakeouts spell opportunity for Verio if we are 
able to capitalize.  

Programs Driving Revenue Growth

Our number one priority for the remainder of the year is revenue growth.  We are 
confident the plans that are in place and are being executed are moving the company in 
the right direction, and we are seeing some early signs of progress in sales activity, 
pipelines and in some areas, bookings.  Our top-level priorities across the business 
aimed at driving revenue growth are as follows:

Optimize our sales model.  We need to continue to fine-tune our new BU-oriented sales 
model and clearly define our go-to-market approach.  This includes sales management 
responsibilities, sales staffing and training, customer targeting and pricing and 
proposal management.  We expect to see consistent improvement in our sales 
productivity.

Indirect channel development.  Across all BU?s we need to get greater production and 
leverage out of our indirect channel partners and continue to develop new partners.  
We are launching new channel programs in each BU, have an increased focus on this 
area, and expect to significantly increase the relative contribution of the indirect 
channels to our sales.

Marketing, branding and lead generation strategy.  We are focusing here on continuing 
to build the NTT/Verio global IP services brand and more effectively generate sales 
leads.  We have launched, with NTT Com?s support, a global brand advertising campaign 
and are trying to increase our brand exposure while ensuring a consistent and positive 
image.  We are also continuing to optimize our web site for lead generation and are 
experimenting with other lead generation sources such as outsourced telemarketing.  We 
are also pursuing specific ?switching programs? aimed at capturing customers who want 
to leave less stable competitors.

Product improvement and product roadmap.  We are continuing to focus on improving our 
core products and services while selectively adding features and functionality to 
differentiate our services.  Knockout I and II was launched in the Enterprise Hosting 
area, in both the U.S. and Europe, giving us very competitive service ?packages? for 
low to mid-range dedicated hosting customers.  We are continuing the development of 
the next generation SME hosting platform, Signature.  More competitive local loop 
pricing and services have been rolled out by the Broadband Team in a number of our 
access markets.  The Operational Excellence Group, along with the BU?s, are working to 
clean up the product configuration process and systems resulting in getting our 
products quicker to market.  We must continue to drive product and service 
improvements.  Given our budgetary constraints, there is a need to be focused and 
selective and leverage partners wherever possible.

Leverage NTT affiliates and channels.  A number of programs are being pursued to 
provide services to various NTT business units and affiliates and expect to drive 
increasing growth from this source.  We are also seeing an increasing number of large 
corporate account opportunities being brought to us from NTT sales channels, including 
NTT America and the NTT Solutions group in Tokyo.  Specific ?major account solutions 
teams? are being put together to pursue and support these opportunities in conjunction 
with NTT.

Competitive Edge:  Customer Satisfaction and Retention

In addition to the programs to drive new sales, we must continue to focus on 
preserving and protecting our existing customers and current revenue streams.   More 
than ever, keen focus on customer service and satisfaction are indispensable.  We need 
to do all that we can do to keep our current bill paying customers.  Superior customer 
service can and will give us a competitive advantage.  A recent enterprise user survey 
conducted by America?s Network, painted a picture of an industry of mediocrity in 
customer service and quality - not terrible, just ordinary.  The good news is that the 
opportunity has never been better for us to retain customers if we can master the 
challenges and deliver superior customer service.  

Churn is trending in the right direction, but it is still too high.  There have been 
some very positive results, in both Enterprise and Broadband, from proactive customer 
contact programs that have improved customer satisfaction and loyalty.  Both corporate 
and BU churn task forces have been formed along with the cross-BU Sales Activation 
Cycle (SAC) Team focused on identifying root causes for churn and implementing 
programs to eliminate those causes and increase customer loyalty.

We also continue to experience much too high a level of credits and adjustments, 
significantly reducing our revenues each month.  This is, to a large extent, due to 
SAC process errors in activating and deactivating customers.  While many of these 
adjustments are revenue neutral (i.e. an over billing in a prior month is adjusted out 
in a subsequent month), the impact on customer satisfaction and ultimately churn is 
significant.  Continue to commit yourselves to driving process improvements and 
improving quality in our operations to eliminate these errors.

Align your activities with these priorities on the revenue growth side and help drive 
the acceleration of revenue growth as quickly as possible.

What Else Do We Need From You?

Ideas.  Leaders from each BU met in Denver two weeks ago to assess our sales and 
marketing efforts, to question why we weren?t seeing sales ramp more quickly and to 
generate additional actions to accelerate growth.  A number of promising action items 
were identified which each of theBU?s are pursuing.  We need and want more.  If you 
have ideas on how to accelerate revenue growth, reduce cost, eliminate barriers to 
success or enhance our competitive position, we want to hear from you.  Please send 
your thoughts to VerioIdeas@verio.net. 
 
Ongoing cost savings and cash management.  We need to continue to operate with a 
?desert environment? mentality, carefully managing expenses and cash usage and looking 
for additional opportunities for improvement.  Significant additional sources of cash 
for the second half of the year (such as sale of closed data centers, capital leasing, 
further network optimization) have been identified that we will be pursuing to make up 
for potential revenue shortfalls.

Notwithstanding, we need you to do your part and continue to be watchful of expenses.  
Collectively, you have contributed significantly by decreasing expenses in travel, 
telephone and general operating expenses within your areas of control and influence.  
Continue to be very vigilant and insure that any money spent is truly necessary and 
contributes to the bottomline.  Moreover, continue to limit your purchases of 
equipment, use of consultants/contractors or adding a new hire/replacing positions to 
only those situations where you absolutely ?must have this year.?  All others should 
be postponed.  If you have questions about whether your expense situation falls within 
the ?must have this year? category, please contact your SLT member or financial 
director for your BU or department.  In addition, if you know of an area of expense 
that needs further attention, please contact your SLT member to discuss.  

NTT COMMITMENT TO VERIO

Notwithstanding the challenges we face, we are fortunate to have NTT Communications? 
unwavering support.  In fact, in his message to customers on June 1, 2002, Mr. 
Maasanobu Suzuki, President and CEO, stated:

?Despite these global economic uncertainties, however, I stand firmly by our corporate 
vision of becoming a ?Global IP Company.?  The need for unified global services that 
are reliable and stable is greater than ever.?

As evidence of continued progress in this direction, the ratio between revenue from 
data/IP and voice services, a primary benchmark of NTT Com?s ongoing commitment to 
become a Global IP Company, reached 1.0, up from .7 in the first half of fiscal year 
2002.  Verio remains at the core of NTT Com?s strategy to transition itself from a 
domestic voice services company to a leading global IP and data solutions provider.  

THANK YOU FOR YOUR CONTINUED COMMITMENT

It has been most rewarding to see the significant improvement you have helped drive in 
our business in these most difficult of times.  Your continued commitment and resolve 
to succeed are overwhelming.  Thank you, again, for all that you have accomplished.  
We know that we have asked much of you and are again asking for even more on the 
revenue side of our business.  We firmly believe that our perseverance will pay off 
and that the survivors of this industry shakeout will be well rewarded.  

As we have done in the past, we will keep you updated when we have relevant 
information to share.   Thank you for your ongoing support. 

Justin and Alain



=== Verio's position on spam ===
Path: uni-berlin.de!fu-berlin.de!eusc.inter.net!news.tele.dk!small.news.tele.dk
 !news.dizum.com!sewer-output!mail2news
From: Anonymous <cripto@ecn.org>
Comments: This message did not originate from the Sender address above. It was
  remailed automatically by anonymizing remailer software. Please report
  problems or inappropriate use to the remailer administrator at
  <cripto_abuse@ecn.org>.
X-No-Archive: Yes
Newsgroups: news.admin.net-abuse.email
Subject: Verio on spam
Message-ID: <a5061718d67734c32bdae1a97efacd60@ecn.org>
Date: Wed, 11 Sep 2002 20:16:10 +0200 (CEST)
Mail-To-News-Contact: abuse@dizum.com
Organization: mail2news@dizum.com
Lines: 10
Xref: uni-berlin.de news.admin.net-abuse.email:1801540

After repeated complaints about one of their spammers I placed a
call to Verio.  Upon connection with some english-as-a-second-
language tech I tell them that one of their customers is
spamming me I am asked "how do you know that you are being
spammed?".  I ask for his supervisor and some lady comes on and,
after telling her that I want her customer to stop spamming me
she tells me "since you are not a verio customer there is
nothing we can do."



=== Verio picks up the spammer just terminated for spamming from another ISP ===
From throwaway1101@hotmail.com Thu Sep 12 22:33:48 2002
Path: uni-berlin.de!015.a.001.gsf.iprimus.net.AU!not-for-mail
From: Joe Blowe <throwaway1101@hotmail.com>
Newsgroups: news.admin.net-abuse.email
Subject: Verio, the spammer's friend
Date: Fri, 13 Sep 2002 04:15:39 +1000
Organization: ...
Lines: 63
Message-ID: <3D80D9CB.D3E142DA@hotmail.com>
NNTP-Posting-Host: 015.a.001.gsf.iprimus.net.au (210.50.154.15)
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Trace: fu-berlin.de 1031854487 292559 210.50.154.15 (16 [99621])
X-Mailer: Mozilla 4.76 [en] (Win95; U)
X-Accept-Language: en
Xref: uni-berlin.de news.admin.net-abuse.email:1802133

Not quite 24 hours ago, white-hat HostCentric terminated this spammer
discussed in 

http://groups.google.com/groups?selm=3D7F8B93.35804371@hotmail.com

and appearing in 

http://groups.google.com/groups?selm=F156vlUQ9cAgjHXwKHv00002080@hotmail.com

I thought it was the end of itm at least for a while. Then, I just got
this turd:

Received: from yahoo.com ([211.140.121.53]) 
by mc2-f24.law16.hotmail.com with Microsoft SMTPSVC(5.0.2195.5600);
         Thu, 12 Sep 2002 07:01:41 -0700
Received: from q4.quickslow.com ([27.85.242.54])
        by mta85.snfc21.pibi.net with local; 
Thu, 12 Sep 2002 17:01:27 +0300
Received: from mta85.snfc21.pibi.net ([105.211.194.109])
        by mta85.snfc21.pibi.net with NNFMP; Thu, 12 Sep 2002 20:00:35
-0600
Reply-To: "Lonely Married" <alonemarried7181v01@yahoo.com>
Message-ID: <003b72e74c4e$5384a1d2$7da73eb1@xqnktf>
From: "Lonely Married" <alonemarried7181v01@yahoo.com>
To: <deleted>
Subject: Married and Lonely people are hoping for 
someone to save them! 0989zxHg2-473rnER0512ECoI-24
Date: Thu, 12 Sep 2002 20:42:04 -0700
MiME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Internet Mail Service (5.5.2650.21)
Importance: Normal
Return-Path: alonemarried7181v01@yahoo.com
X-OriginalArrivalTime: 12 Sep 2002 14:01:42.0656 (UTC) 
FILETIME=[EC3EC000:01C25A64]

... and, the URLs are now pointing to:

You guessed it. 

http://198.66.213.210/marriedbutlonely/ = VERIO

www.marriedbutalwayslonely.com = VERIO.

[rant]
So spammers: don't worry about losing your hosting; Verio will be glad
to host your bilge. Nothing is taboo at Verio -- porn, beastiality, MMF,
pyramid scams, real estate scams, 419'ers, printer ink, golfballs, sect
religions, chickenboner Don Johnston wannabes from Florida, child rape,
drugs for sale, guns for hire... y'all welcome at Verio. What's more --
you can even rape open relays to send 20 million spams and Verio will
turn a blind eye! Verio would also be happy to host the El-Quada "How to
be a scumbag terrorist: the online instruction manual" site and never
terminating it 'cause after all, Osama is a good paying customer.....
[/rant]

God; I need a coffee...  

And Verio really needs a bitch listing.



=== Talking on the phone with Verio "tech support for e-mail" ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com
 !newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: verio on the phone (attn: SPEWS)
Date: 16 Oct 2002 17:27:24 -0500
Lines: 36
Message-ID: <lpprqu0ak9bkp425of3fgvlf84sig877u8@4ax.com>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:b+ZUmTugSo8OtekQN6xnUKNC8xw=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1837885

Called, went through the nonsence phone menues to "tech support for
email".  Got a moron on the phone who thinks:

A) Spam isn't illegal and so isn't abuse.
B) "DOS attack" only applies to pings.
C) 1200 unsolicited emails from the same sender in one day isn't a DOS
attack, "it's just email, so not a cause for termination".
D) cashassistance.com isn't their customer.
E) 128.121.126.220 is a name server and no email can come from it.
F)  Of the following addresses, only abuse@verio.net exists:
aad@verio.net,aandreoli@verio.net,abuse@ntt.com,abuse@OCN.AD.JP,accounts@verio.c
 o.uk,acquisitions@verio.net,asteinback@verio.net,barbg@verio.net,billing@verio.
 net,cdonelson@verio.net,CEO@verio.net,channel@verio.co.uk,Chemicalarc@ntt.com,c
 hris@verio.net,competition@verio.co.uk,consulting@verio.net,copyright@verio.net
 ,cwk@verio.net,dedicated_support@verio.co.uk,delliott@verio.net,dns-billing@VER
 IO.NET,DomainAdmin@verio.net,domreguk@verio.co.uk,drowlands@verio.net,dschneide
 r@verio.net,dschunk@verio.net,eduda@verio.net,enterprise@verio.co.uk,enterprise
 _support@verio.co.uk,eps@ntt.com,evivacqua@ctcomm.com,gdenison@verio.net,gkelly
 @verio.net,grisha@verio.net,hostmaster@NTT.COM,hostmaster@verio.net,hostmaster@
 VERIO.NET,iehringer@verio.net,info@ntt.net,info@verio.co.uk,info@verio-advanced
 .co.uk,jadams@verio.net,jamodio@verio.net,jay@ntt.net,jcordero@verio.net,jhamri
 ck@verio.net,jheasley@verio.net,jobs@verio.net,lisa.ko@ntt.com,lphipps@VERIO.NE
 T,lyric@verio.net,marketing@verio.co.uk
mbulder@verio.net,mcstewart@verio.net,mpeloquin@verio.net,next@verio.net,oop@ver
 io.net,pfritzinger@verio.net,postmaster@ntt.com,postmaster@OCN.AD.JP,reseller@v
 erio.net,sales@verio-hosting.com,sbrophy@verio.net,service-manager@viaverio.com
 ,John.Sullivan@ketchum.com,johnson.liu@ntt.com,jtreuting@verio.net,kamro@verio.
 net,k.hayamizu@NTT.COM,user-info@ntt.com,VerioIdeas@verio.net,vipar@verio.net,v
 ipar@VERIO.NET,vps_support@verio.co.uk,vsilva@verio.net,klsmith@verio.net,legal
 @verio.net,legal4@verio.net,lgeorge@verio.net,detected.spam@ketchum.com,shared_
 support@verio.co.uk,snawabi@verio.net,sob@verio.net,sthomas@noc.verio.net,suppo
 rt@verio.net,warpinfo@verio.net,webbox@ntt.com,www-admin@www.ntt.com,ymasatani@
 verio.net

tracert 128.121.126.220
...
13 129.250.31.111 3094ms 3445ms 3004ms  TTL:  0
(ge-2-1.r00.mlpsca01.us.wh.verio.net ok)
14 192.67.241.142 3004ms 3355ms 2914ms  TTL:  0
(ge-26.a0254d.mlpsca01.us.wh.verio.net ok)
15 128.121.126.2203004ms 3265ms 2835ms  TTL: 52  (cashassistance.com
ok)

Even that failed to even remotely suggest to him that
cashassistance.com was a verio customer or that cashassistance.com had
anything to do with the IP.

Anyway, he said he couldn't close any accounts, had no authority, and
he apparently didn't know anyone who did.

Where do they find these idiots?
Should anyone want to offer him an education, the number is
1-800-GET-VERIO
or 1-800-438-8374

William R. James



=== Verio is STILL spam-friendly and ignores complaints ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene!newscene
 !novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spews update S1611
Date: 18 Oct 2002 23:44:17 -0500
Lines: 48
Message-ID: <rho1ru4e8r5drvvpb9bhnen1n0baci1q14@4ax.com>
References: <3DB08A00.B3121AD6@verio.net>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:p/kZUPAYV7NYWeLe6IWijiwTdsQ=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1839370

On Fri, 18 Oct 2002 17:24:00 -0500, Darren Grabowski
<firstinitiallastname@verio.net> wrote:

>The following Server Arts customers have been
>terminated for AUP violations:
>extrememailing.us and marketsvc.net

Riiight!  For AUP violations!  Sure, that's the ticket! What doews
that translate to anyway?  "They didn't pay the bill."?  "Their check
bounced."?  "They found an unblocked IP with another scumbag host."?
"They called verio support and found out it doesn't exist."? All I
know for certian is that verio AUP is about as meaningless as Iraq
elections.

>Server Arts is a customer in good standing.
>Please remove the following blocks:

It is my hope that no verio IP will be unblocked EVER!

What about cashassistance.com ?  Verio has ignored at least 50
complaints over the past two weeks, hung up on me twice, and lied to
me at least a dozen times.

Other scumbags who verio still harbors and ignores complaints for:
the6habits.com
hudsonezine.com
postrun.com
128.121.126.220  (whatever scumbag who keeps spamming from there)
makeitbig.tux.nu   =  redirection.iscool.net
DynastyServers.com
SelfReplicator.com
affiliSOFT.com
128.121.245.51 (whatever other scumbag who keeps spamming from there)
e-bizness.arecool.net
greatway.arecool.net
arecool.net  (narrow it down)
webvisions.com
alturl.com
smartmall.biz
icrservices.net
ebrain.com
mailer-unix-host.com

Verio has no business inhabiting the same internet as decent people or
even the same planet.

William R. James



=== My reply ===
Path: uni-berlin.de!cust-62-219-88-98.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-oct+nanae@2002.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spews update S1611
Date: 19 Oct 2002 10:35:23 GMT
Organization: Private person
Lines: 31
Sender: Alexander Sheremet <usenet-oct+nanae@2002.dolphinwave.org>
Message-ID: <slrnar2db3.7cm.usenet-oct+nanae@orca.dolphinwave.org>
References: <3DB08A00.B3121AD6@verio.net>
  <rho1ru4e8r5drvvpb9bhnen1n0baci1q14@4ax.com>
NNTP-Posting-Host: cust-62-219-88-98.cust.bezeqint.net (62.219.88.98)
X-Trace: fu-berlin.de 1035023723 26688003 62.219.88.98 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1839441

On 18 Oct 2002 23:44:17 -0500 Wm James <wrjames.remove@spamreaper.org>
 wrote in message <rho1ru4e8r5drvvpb9bhnen1n0baci1q14@4ax.com>:
> On Fri, 18 Oct 2002 17:24:00 -0500, Darren Grabowski
><firstinitiallastname@verio.net> wrote:
>
>>The following Server Arts customers have been
>>terminated for AUP violations:
>>extrememailing.us and marketsvc.net
>
> Riiight!  For AUP violations!  Sure, that's the ticket! What doews
> that translate to anyway?  "They didn't pay the bill."?  "Their check
> bounced."?
<SNIP>

http://www.verio.net/company/policies/aup.cfm
<Verio AUP quote>
| Other Activities -- Engaging in activities, whether lawful or unlawful,
| that Verio determines to be harmful to its subscribers, operations,
| reputation, goodwill, or customer relations.
</Verio AUP quote>

Refusing to pay the bill or giving checks that bounce sure fits to the
Verio AUP's violation.

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461



=== Verio sales executives have said 'to hell with the AUP' ===
Path: uni-berlin.de!fu-berlin.de!nautilus.eusc.inter.net!eusc.inter.net
 !psinet-eu-nl!linford
From: Steve Linford <linford@spamhaus.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Check out this VERIO scumbag spammer's disclaimer
Organization: The Spamhaus Project
References: <zfTw9.1$Sl6.7189@news1.trib.com>
  <580x9.4396$5u4.13701@news-server.bigpond.net.au>
User-Agent: MT-NewsWatcher/3.1 (PPC)
X-PGP-Fingerprint: 5B78 8C67 BC8A 2E52  0972 E15A 757F 88F1
Lines: 14
Message-ID: <Cudx9.4$bx1.325@psinet-eu-nl>
Date: Sun, 03 Nov 2002 18:00:02 +0000
NNTP-Posting-Host: 193.115.218.20
X-Complaints-To: abuse@uk.psi.com
X-Trace: psinet-eu-nl 1036346402 193.115.218.20 (Sun, 03 Nov 2002 18:00:02 GMT)
NNTP-Posting-Date: Sun, 03 Nov 2002 18:00:02 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1850154

In article <580x9.4396$5u4.13701@news-server.bigpond.net.au>,
 TheMartian <themartian@*SPAM=ABUSE*ananzi.co.za> wrote:

> I would setup a autoforwarder to bounce all crap from this spammer to verio
> abuse.

It's a little more complicated than that, Verio Abuse are currently
being prevented by management from enforcing the AUP. Verio are in
trouble and the sales executives have said 'to hell with the AUP'.

--
  Steve Linford
  The Spamhaus Project
  http://www.spamhaus.org

  

=== And some more of Verio liars ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com
 !newscene!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Check out this VERIO scumbag spammer's disclaimer
Date: 3 Nov 2002 22:21:11 -0600
Lines: 26
Message-ID: <cvpbsusc4569ho7v75vr7hssjb4hljgome@4ax.com>
References: <zfTw9.1$Sl6.7189@news1.trib.com>
  <580x9.4396$5u4.13701@news-server.bigpond.net.au>
  <Cudx9.4$bx1.325@psinet-eu-nl>
  <U1jx9.7335$5u4.23900@news-server.bigpond.net.au>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:mmEY2oTXpwIdPtN4O74v/x+Rf1M=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1850405

On Mon, 04 Nov 2002 00:19:00 GMT, TheMartian
<themartian@*SPAM=ABUSE*ananzi.co.za> wrote:

>After a long war with a spammer "Steve Linford" wrote:
>
>> In article <580x9.4396$5u4.13701@news-server.bigpond.net.au>,
>>  TheMartian <themartian@*SPAM=ABUSE*ananzi.co.za> wrote:
>>
>>> I would setup a autoforwarder to bounce all crap from this spammer to
>>> verio abuse.
>>
>> It's a little more complicated than that, Verio Abuse are currently
>> being prevented by management from enforcing the AUP. Verio are in
>> trouble and the sales executives have said 'to hell with the AUP'.
>
>outch, did not know about that one
>
>sales droids must not understand that they are not going to have much of
>a business when all of their IP are blocked.

The "techs" I spoke to on the phone a week or so ago claimed they
weren't aware that anyone was blocking them. That only proves they are
liars as well as thieves. :)

William R. James



=== My reply and the proof of Verio lying about that statement ===
Path: uni-berlin.de!cust-62-219-88-94.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-nov+nanae@2002.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Check out this VERIO scumbag spammer's disclaimer
Date: 5 Nov 2002 16:38:31 GMT
Organization: Private person
Lines: 22
Sender: Alexander Sheremet <usenet-nov+nanae@2002.dolphinwave.org>
Message-ID: <slrnasft01.4q0.usenet-nov+nanae@orca.dolphinwave.org>
References: <zfTw9.1$Sl6.7189@news1.trib.com>
  <580x9.4396$5u4.13701@news-server.bigpond.net.au>
  <Cudx9.4$bx1.325@psinet-eu-nl>
  <U1jx9.7335$5u4.23900@news-server.bigpond.net.au>
  <cvpbsusc4569ho7v75vr7hssjb4hljgome@4ax.com>
NNTP-Posting-Host: cust-62-219-88-94.cust.bezeqint.net (62.219.88.94)
X-Trace: fu-berlin.de 1036514311 8201954 62.219.88.94 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1851279

On 3 Nov 2002 22:21:11 -0600 Wm James <wrjames.remove@spamreaper.org>
 wrote in message <cvpbsusc4569ho7v75vr7hssjb4hljgome@4ax.com>:

<SNIP>
> The "techs" I spoke to on the phone a week or so ago claimed they
> weren't aware that anyone was blocking them. That only proves they are
> liars as well as thieves. :)
>
> William R. James

They sure are lying, cause they were reading my verio files, themselves,
and know very well that at least some people do block the whole Verio.
And here is the proof that Verio does watch NANAE for being blocked:
<http://groups.google.com/groups?selm=slrnahgadq.1jf.usenet-jun%2Bnanae%40orca.dolphinwave.org>

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461


 
=== And Verio's corporate mail relays are blocked by the Spamhaus SBL now ===
=== http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5013 ===
*Ref: SBL5013*

*129.250.38.0/25** is listed on the Spamhaus Block List (SBL)*

Nov 1 2002 - 20:10hrs GMT

*Verio, Inc. Corporate Mail Relays*
This SBL listing of Verio, Inc. corporate resources for Knowingly
Providing Spam Support Services, is made with sadness on the part of the
Spamhaus Project team because we know Verio has an extremely good Abuse
Team and an excellent Acceptable Use Policy. We are certain Verio's spam
problems are caused by greed-driven executives overriding the Abuse team
and making a mockery of Verio's Acceptable Use Policy.

Things have gone seriously wrong at Verio. Verio is in management crisis
and Verio's Sales management has made an unwise decision to generate
additional cash by purposefully selling connectivity to well-known spam
gangs enabling blatant spam operations to operate from the Verio network.

A number of hard-core notorious spam gangs run by spammers with criminal
records for fraud or theft are now hosted knowingly by Verio, therefore
the volumes of Verio-hosted spam have increased dramatically. Gangs
including "US Health Labs" and "Cyrunner" (running two separate fake
ISPs "UNIPXNET" and "IXXNET" off Verio with fraudulent registrations
designed to misdirect spam complaints) are flooding the Internet
non-stop in spam for "pre-teen-sex", "make-penis-fast", viagra, loans
and mortgage scams.

Verio's broadband business unit's president is believed to have
personally approved the sale of 100+ high-bandwidth lines to US Health
Labs, knowingly for spam purposes. These are sales made knowing that US
Health Labs, run by professional spammers Mike Cunningham and Andrew
Amend, are a spam gang whose sole business and sole use of Verio's
network is for the relentless and illegal spamming of millions of U.S.
Citizens.

Another long-term professional spam operation, IMG Direct run by Steve
Hardigree and Frank Bernal moved to Verio on 1 November after being
thrown off Sprint. Another spam operation, Gordon Lantz, like the others
thrown off almost all major U.S. networks, is about to go live on Verio
having been approved and scheduled for installation.

With increasing alarm, the Spamhaus Project has watched spammers moving
to Verio due to Verio Sales Managers knowingly doing business with
notorious 'porn & pills' spam gangs. Spamhaus believes that Verio's CEO
is ordering the Abuse department to disregard the AUP and that is a
situation that, as well as illuminating a disastrous state of affairs
for Verio customers and shareholders, is unacceptable to us.

This SBL listing of Verio's Corporate Mail Relays is intended to not
impede the normal communications of Verio customers, but to concentrate
boycott action on Verio executives. Executives who appear willing to
supply Spam Support Services foregoing ethics and integrity in return
for promises of larger line purchases from spam operations.

Email from Verio Corporate Mail Relays is currently being refused by 98
Million international SBL users. If you are currently experiencing mail
difficluties due to this listing, please contact your Verio account
manager/Verio Customer Support now. A Verio executive needs to contact
Spamhaus.

SBL Listings of spam gangs hosted by Verio
<http://www.spamhaus.org/sbl/listings.lasso?isp=verio.net>

Verio spam complaints (current issues)
<http://groups.google.com/groups?as_epq=verio%20net&safe=images&ie=ISO-8859-1&as_ugroup=*.sightings&lr=&num=100&as_scoring=d&hl=en>


The 'Cyrunner' spam gang (aka "UNIPXNET" and "IXXNET")
<http://www.spamhaus.org/rokso/search.lasso?evidencefile=1141>

The 'US Health Labs' spam gang
<http://www.spamhaus.org/rokso/search.lasso?evidencefile=1395>



To have this listing removed from the SBL, contact the Spamhaus Project
<mailto:sbl-removals@spamhaus.org?subject=SBL listing SBL5013
129.250.38.0/25> quoting the reference *SBL5013*, and let us know what
you have done to fix the problem. If the reason for the listing has been
fixed we will normally immediately remove the listing from the SBL.



The SBL is an international anti-spam system maintained by The Spamhaus
Project and used by Internet networks to protect users from spam sources
and spam services. The SBL lists only IP addresses - not domains or
addresses. If you are unable to send email due to the SBL listing above,
please contact your Internet Service Provider now and point them to this
page - your ISP needs to contact us to resolve the issue.

UXN Spam Combat <../index.lasso>


<http://www.spamhaus.org/sbl/>
<http://www.spamhaus.org/rokso/>



=== People were calling Verio about it ===
Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net
 !sea-read.news.verio.net.POSTED!not-for-mail
From: "Paul Franson" <moc.gnirpsdnim@nosnarf.mapson>
Newsgroups: news.admin.net-abuse.email
Subject: Contact with Verio Office of the President...
Lines: 21
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2720.3000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <bxcy9.129992$Yb1.128530@sea-read.news.verio.net>
Date: Wed, 06 Nov 2002 17:43:35 GMT
NNTP-Posting-Host: 206.184.3.205
X-Complaints-To: abuse@verio.net
X-Trace: sea-read.news.verio.net 1036604615 206.184.3.205 (Wed, 06 Nov 2002
  17:43:35 GMT)
NNTP-Posting-Date: Wed, 06 Nov 2002 17:43:35 GMT
Organization: Verio
Xref: uni-berlin.de news.admin.net-abuse.email:1852094

Sent a sh*t-o-gram this morning to a bunch of folks on the Verio manangement
team about Steve Linford's credible (as is everything I've ever heard come
out of Steve) allegations in
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL5013.

Just got a call from a gentleman from the Verio Office of the President in
Dallas to gather some info.  I told him that Verio's rep among the
spam-fighting community was hideous but starting to get a little better
because of Darrin's work.  What Steve had fleshed out was not only a 180 in
that progress, but would cause me to pull everything I have from Verio if it
was 1) true, and 2) not mitigated pretty fast.

He said he was unaware of most of the stuff in the entry, but had heard of
US Health (not a good sign) and that they were formulating a formal
response.  His next call was to Darrin who was out of town in a meeting.

More to follow as it comes in...

PF



=== Verio Abuse desk shuts down one site, keeps 15 (original post) ===
Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net
 !dfw-read.news.verio.net.POSTED!not-for-mail
Message-ID: <3DCC63ED.FE75C9FB@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: SPEWS updates from Verio
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 16
Date: Fri, 08 Nov 2002 19:25:01 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1036805083 129.250.49.192 (Sat, 09 Nov 2002
  01:24:43 GMT)
NNTP-Posting-Date: Sat, 09 Nov 2002 01:24:43 GMT
Organization: NTT/Verio
Xref: uni-berlin.de news.admin.net-abuse.email:1853975

S2040

Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk
have now been removed, I'm guessing someone missed
it.

S1384

We have not received any complaints on the two
domains listed since July of this year.  I know if
some folks have received spam from them recently
you'll let me know.

--
Darren Grabowski
Verio Security & Abuse Team



=== People reply ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS updates from Verio
Date: 8 Nov 2002 20:59:09 -0600
Lines: 66
Message-ID: <iktosu4p37eskgqgur31kf6bc5keq78c29@4ax.com>
References: <3DCC63ED.FE75C9FB@verio.net>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:bbewWXbRPKrJkE8j3sDFkUN0gG4=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1854030

On Fri, 08 Nov 2002 19:25:01 -0600, Darren Grabowski
<firstinitiallastname@verio.net> wrote:

>From: Darren Grabowski <firstinitiallastname@verio.net>
>X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686)
>X-Accept-Language: en
>MIME-Version: 1.0
>Newsgroups: news.admin.net-abuse.email
>Subject: SPEWS updates from Verio
>Content-Type: text/plain; charset=us-ascii
>Content-Transfer-Encoding: 7bit
>Lines: 16
>Date: Fri, 08 Nov 2002 19:25:01 -0600
>NNTP-Posting-Host: 129.250.49.192
>X-Complaints-To: abuse@verio.net
>X-Trace: dfw-read.news.verio.net 1036805083 129.250.49.192 (Sat, 09 Nov 2002 01:24:43 GMT)
>NNTP-Posting-Date: Sat, 09 Nov 2002 01:24:43 GMT
>Organization: NTT/Verio
>Xref: newscene.com news.admin.net-abuse.email:1811890
>
>S2040
>
>Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk
>have now been removed, I'm guessing someone missed
>it.
>
>S1384
>
>We have not received any complaints on the two
>domains listed since July of this year.  I know if
>some folks have received spam from them recently
>you'll let me know.
>
>--
>Darren Grabowski
>Verio Security & Abuse Team


cashassistance.com is still active.
www.6habits.com is still active.
hudsonezine.com is still active.
postrun.com is still active.
makeitbig.tux.nu is still active.
redirection.iscool.net is still active.
DynastyServers.com is still active.
netdomination.com is still active.
SelfReplicator.com is still active.
www.affiliSOFT.com is still active.
ispforrent.com is still active.
webtools2010.com is still active.
theispguide.com is still active.

ALL of those have been reported to verio for habitual abuse and all
complaints have been totally ignored as usual. Also, I have mentioned
them here, and you obviously don't have to guts to even address them. 

Verio is still TOTALLY ignoring complaints. Until that changes, go
crawl back under your rock and stop trying to make people think they
are enforcing the AUP by posting domains of the bums who didn't pay
the bill. 

No one here is fooled.  Go tell your boss in the sales dept that it
aint gonna work. 

William R. James



=== My reply ===
Path: uni-berlin.de!cust-62-219-88-94.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-nov+nanae@2002.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS updates from Verio
Date: 9 Nov 2002 19:14:41 GMT
Organization: Private person
Lines: 58
Sender: Alexander Sheremet <usenet-nov+nanae@2002.dolphinwave.org>
Message-ID: <slrnasqnko.vta.usenet-nov+nanae@orca.dolphinwave.org>
References: <3DCC63ED.FE75C9FB@verio.net>
  <iktosu4p37eskgqgur31kf6bc5keq78c29@4ax.com>
NNTP-Posting-Host: cust-62-219-88-94.cust.bezeqint.net (62.219.88.94)
X-Trace: fu-berlin.de 1036869281 11264870 62.219.88.94 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1854369

On 8 Nov 2002 20:59:09 -0600 Wm James <wrjames.remove@spamreaper.org>
 wrote in message <iktosu4p37eskgqgur31kf6bc5keq78c29@4ax.com>:
> On Fri, 08 Nov 2002 19:25:01 -0600, Darren Grabowski

<SNIP>
>>S2040
>>
>>Zones for hudjheuhfnnvgxvbchnfhfujryyfgbch.co.uk
>>have now been removed, I'm guessing someone missed
>>it.
>>
>>S1384
>>
>>We have not received any complaints on the two
>>domains listed since July of this year.  I know if
>>some folks have received spam from them recently
>>you'll let me know.
>>
>>--
>>Darren Grabowski
>>Verio Security & Abuse Team

And you didn't terminate them back in July, when you *did*
receive complaints exactly why? Cause Verio wanted you to
keep them as customers, and just wait till the heat goes
down?

> cashassistance.com is still active.
> www.6habits.com is still active.
> hudsonezine.com is still active.
> postrun.com is still active.
> makeitbig.tux.nu is still active.
> redirection.iscool.net is still active.
> DynastyServers.com is still active.
> netdomination.com is still active.
> SelfReplicator.com is still active.
> www.affiliSOFT.com is still active.
> ispforrent.com is still active.
> webtools2010.com is still active.
> theispguide.com is still active.
>
> ALL of those have been reported to verio for habitual abuse and all
> complaints have been totally ignored as usual. Also, I have mentioned
> them here, and you obviously don't have to guts to even address them.
<SNIP>

Which makes their Abuse desk work to be how effective? Less than 7%?!
Interesting, if they are being paid the same percentage of their
salaries, or Verio pays it reverse-proportional, 100%-7%? Less sites
you shut down - bigger salary you get?

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461

 

=== Verio is "well aware about other issues" ===
=== (but the "issues" are still up online) ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com!sjc-peer.news.verio.net!news.verio.net!dfw-read.news.verio.net.POSTED!not-for-mail
Message-ID: <3DDD2176.DE48058B@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.9-31 i686)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: FYI SPEWS S594
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 103
Date: Thu, 21 Nov 2002 12:09:58 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1037902308 129.250.49.192 (Thu, 21 Nov 2002 18:11:48 GMT)
NNTP-Posting-Date: Thu, 21 Nov 2002 18:11:48 GMT
Organization: NTT/Verio
Xref: uni-berlin.de news.admin.net-abuse.email:1861646

We have terminated US Health Labs for aup
violations.  My team and I are also well aware of
the other issues.  

The following netblocks were assigned to USHL:
198.64.0.0 /28
198.64.0.16 /28
198.64.0.32 /28
198.64.1.64 /28
198.64.1.80 /28
198.64.2.0 /28
198.64.2.112 /28
198.64.2.208 /28
198.64.2.224 /28
198.64.2.32 /28
198.64.2.48 /28
198.64.2.64 /28
198.64.2.80 /28
198.64.2.96 /28
204.2.56.144 /28
204.2.73.0 /28
204.233.38.0 /28
204.233.38.112 /28
204.233.38.128 /28
204.233.38.144 /28
204.233.38.16 /28
204.233.38.160 /28
204.233.38.176 /28
204.233.38.192 /28
204.233.38.208 /28
204.233.38.224 /28
204.233.38.240 /28
204.233.38.32 /28
204.233.38.48 /28
204.233.38.64 /28
204.233.38.80 /28
204.233.38.96 /28
207.150.143.144 /28
207.150.143.160 /28
207.150.143.192 /28
207.150.143.208 /28
198.64.0.112 /28
198.64.0.128 /28
198.64.0.144 /28
198.64.0.160 /28
198.64.0.160 /28
198.64.0.176 /28
198.64.0.176 /28
198.64.0.192 /28
198.64.0.192 /28
198.64.0.208 /28
198.64.0.208 /28
198.64.0.224 /28
198.64.0.240 /28
198.64.0.48 /28
198.64.0.64 /28
198.64.0.80 /28
198.64.0.96 /28
198.64.1.0 /28
198.64.1.112 /28
198.64.1.128 /28
198.64.1.144 /28
198.64.1.16 /28
198.64.1.160 /28
198.64.1.176 /28
198.64.1.192 /28
198.64.1.208 /28
198.64.1.224 /28
198.64.1.240 /28
198.64.1.32 /28
198.64.1.48 /28
198.64.1.96 /28
198.64.2.128 /28
198.64.2.144 /28
198.64.2.16 /28
198.64.2.160 /28
198.64.2.176 /28
198.64.2.192 /28
204.2.55.176 /28
204.2.51.224 /28
204.2.55.144 /28
204.2.73.128 /28
204.2.73.144 /28
204.2.73.160 /28
204.2.73.176 /28
204.2.73.192 /28
204.2.73.208 /28
204.2.73.224 /28
204.2.73.32 /28
157.238.182.16 /28
157.238.182.32 /28
157.238.182.64 /28
157.238.182.80 /28
157.238.182.96 /28
198.87.130.112 /28
198.87.130.128 /28
198.87.130.144 /28
198.87.130.160 /28
198.87.130.96 /28

--
Darren Grabowski
Verio Security & Abuse Team



=== My reply ===
Path: uni-berlin.de!cust-62-219-88-44.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-nov+nanae@2002.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: FYI SPEWS S594
Date: 21 Nov 2002 19:10:50 GMT
Organization: Private person
Lines: 17
Sender: Alexander Sheremet <usenet-nov+nanae@2002.dolphinwave.org>
Message-ID: <slrnatqbtj.kp.usenet-nov+nanae@orca.dolphinwave.org>
References: <3DDD2176.DE48058B@verio.net>
NNTP-Posting-Host: cust-62-219-88-44.cust.bezeqint.net (62.219.88.44)
X-Trace: fu-berlin.de 1037905850 19814904 62.219.88.44 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1861688

On Thu, 21 Nov 2002 12:09:58 -0600 Darren Grabowski
  <firstinitiallastname@verio.net>
 wrote in message <3DDD2176.DE48058B@verio.net>:
> We have terminated US Health Labs for aup
> violations.  My team and I are also well aware of
> the other issues.
<SNIP>

We are well aware that you are well aware of the other issues.
Your actions (or lack of) is what matters, not your awareness.

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461



=== Bogus termination report to NANAE ===
Message-ID: <3E2C4192.2030602@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: S2298
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 11
Date: Mon, 20 Jan 2003 12:36:02 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1043087780 129.250.49.192 (Mon, 20 Jan 2003 18:36:20 GMT)
NNTP-Posting-Date: Mon, 20 Jan 2003 18:36:20 GMT
Organization: NTT/Verio


IP-Hosts has been terminated by our customer, and Verio has 
reclaimed the IP's assigned to IP Hosts.

1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio)
1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com)

darren
--
Darren Grabowski
Verio Security & Abuse Team



=== Reply ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com
 !newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com!telocity-west
 !DIRECTV!sn-xit-03!sn-xit-06!sn-post-01!supernews.com!news.supernews.com
 !news.rrclark.net!nobody
From: spammers_lie@rrclark.net (Rich Clark, aka Rev Egg Plant, ULC)
Newsgroups: news.admin.net-abuse.email
Subject: Re: S2298
Date: Tue, 21 Jan 2003 06:37:38 -0500
Organization: Fubar Inc
Message-ID: <slrnb2qc82.431.spammers_lie@rich.private.rrclark.net>
References: <3E2C4192.2030602@verio.net>
User-Agent: slrn/0.9.7.1 (Linux)
X-Complaints-To: abuse@supernews.com
Lines: 21
Xref: uni-berlin.de news.admin.net-abuse.email:1903851

In article <3E2C4192.2030602@verio.net>, Darren Grabowski wrote:
> IP-Hosts has been terminated by our customer, and Verio has
> reclaimed the IP's assigned to IP Hosts.
>
> 1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio)
> 1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com)

Darren,

This is the most facetious thing I've seen you post in a long time.  A
recheck at 06:35 21 Jan 03 reveals that not only are they not
terminated, they are still answering up on port 25 of 199.239.133.3.

Why are they still connected in spite of what you posted above?

Rich
--
... it would appear that the general public is embracing the concept of
spam as "unsolicited, viral advertising", an evolutionary development in
the etymology of the word. -- George Crissman, NANAE, 12/1/02
TINLC Unit #2309        Death to all spammer accounts.      WWSB?



=== Verio's responce ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu
 !newsfeed-west.nntpserver.com!hub1.meganetnews.com!nntpserver.com
 !sjc-peer.news.verio.net!news.verio.net!dfw-read.news.verio.net.POSTED
 !not-for-mail
Message-ID: <3E2D67E2.4080404@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120
  Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: Re: S2298
References: <3E2C4192.2030602@verio.net>
  <slrnb2qc82.431.spammers_lie@rich.private.rrclark.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 27
Date: Tue, 21 Jan 2003 09:31:46 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1043163124 129.250.49.192 (Tue, 21 Jan 2003
  15:32:04 GMT)
NNTP-Posting-Date: Tue, 21 Jan 2003 15:32:04 GMT
Organization: NTT/Verio
Xref: uni-berlin.de news.admin.net-abuse.email:1903983

Rich Clark, aka Rev Egg Plant, ULC wrote:
> In article <3E2C4192.2030602@verio.net>, Darren Grabowski wrote:
>
>>IP-Hosts has been terminated by our customer, and Verio has
>>reclaimed the IP's assigned to IP Hosts.
>>
>>1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio)
>>1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com)
>
>
> Darren,
>
> This is the most facetious thing I've seen you post in a long time.  A
> recheck at 06:35 21 Jan 03 reveals that not only are they not
> terminated, they are still answering up on port 25 of 199.239.133.3.
>
> Why are they still connected in spite of what you posted above?

I'm looking into why the IP's were still routing, in the
meantime I've made sure IP Hosts were down.  The IP's in the
199.239.132.0 - 199.239.135.255 range have been routed to null0.

darren
--
Darren Grabowski
Verio Security & Abuse Team



=== Other replies - 1 ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!cyclone.swbell.net
 !newsfeed1.easynews.com!easynews.com!easynews!novia!newscene.com!newscene!novia
 !novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: S2298
Date: 20 Jan 2003 16:34:28 -0600
Lines: 41
Message-ID: <toto2vohmkq3pdkvt4q996on5kphhf4u0u@4ax.com>
References: <3E2C4192.2030602@verio.net>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:z+slImbxGbnrNuq4GDDQATle9KM=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1903445

On Mon, 20 Jan 2003 12:36:02 -0600, Darren Grabowski
<firstinitiallastname@verio.net> wrote:

>IP-Hosts has been terminated by our customer, and Verio has
>reclaimed the IP's assigned to IP Hosts.
>
>1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio)
>1, 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com)
>
>darren


Your crinimal harrassing flood spammers cashassistance.com is still
there, bozo.  Try posting a real termination instead of your bounced
check list.
And what about these?  You still want to ignore them, huh?

linkcounter.com
the6habits.com
cigarfrat.com
tempdomainname.com
THEISPGUIDE.COM
hudsonezine.com
postrun.com
makeitbig.tux.nu
redirection.iscool.net
DynastyServers.com
netdomination.com
SelfReplicator.com
affiliSOFT.com
ispforrent.com
WEBTOOLS2010.COM
mydomainwiz.com
arecool.net
iscool.net

Rot with your pimps, Derwood. Tell them no one is buying the crap you
are shoveling.

William R. James



=== Other replies - 2 ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!nntp.kreonet.re.kr
 !news-xfer.nuri.net!sn-xit-03!sn-xit-01!sn-post-01!supernews.com
 !corp.supernews.com!not-for-mail
From: rule3@LinxNet.com (Jim Seymour)
Newsgroups: news.admin.net-abuse.email
Subject: Re: S2298
Date: Tue, 21 Jan 2003 01:24:20 -0000
Organization: tino
Message-ID: <v2p8a4qa55c54d@corp.supernews.com>
Mime-Version: 1.0
Sender: jseymour@LinxNet.com
X-Newsreader: knews 1.0b.1
References: <3E2C4192.2030602@verio.net> <b0i589$5m5$1@ns.osirusoft.com>
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: abuse@supernews.com
Lines: 71
Xref: uni-berlin.de news.admin.net-abuse.email:1903590

In article <b0i589$5m5$1@ns.osirusoft.com>,
        "Terry H. Gilsenan" <thg@weblistix.com.au> writes:
> On Tue, 21 Jan 2003 04:36:02 +1000, Darren Grabowski wrote:
>
>> IP-Hosts has been terminated by our customer, and Verio has reclaimed
>> the IP's assigned to IP Hosts.
>>
>> 1, 199.239.132.0 - 199.239.135.255, ip-hosts.com (Verio) 1,
>> 199.239.127.0 - 199.239.140.255, Verio (ip-hosts.com)
>>
>> darren
>> --
>> Darren Grabowski
>> Verio Security & Abuse Team
>
> Crap,
>
> All still there, and answering.
>
> try it yourself:
>
> telnet mail.ip-hosts.com 25
>
> See if it says helo....

Indeed it does...

Script started on Mon 20 Jan 2003 08:17:20 PM EST

$ telnet mail.ip-hosts.com 25
Trying 199.239.133.3...
Connected to mail.ip-hosts.com.
Escape character is '^]'.
220 ns1.ip-hosts.com ESMTP Sendmail 8.11.6/8.11.6; Tue, 21 Jan 2003 09:18:58
  -0500
quit
221 2.0.0 ns1.ip-hosts.com closing connection
Connection closed by foreign host.

$ host mail.ip-hosts.com
mail.ip-hosts.com       A       199.239.133.3

$ whois 199.239.133.3

OrgName:    Verio, Inc.
OrgID:      VRIO

NetRange:   199.236.0.0 - 199.239.255.255
CIDR:       199.236.0.0/14
NetName:    VRIO-199-236
NetHandle:  NET-199-236-0-0-1
Parent:     NET-199-0-0-0-0
NetType:    Direct Allocation
NameServer: NS0.VERIO.NET
NameServer: NS1.VERIO.NET
NameServer: NS2.VERIO.NET
Comment:    ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE
[remainder snipped]

$ exit

script done on Mon 20 Jan 2003 08:18:03 PM EST

Eight hours later and still goin'.  Some "termination," eh?

Regards,
Jim
--
Jim Seymour                          | "Some of the lies are so strange it
WARNING: The "From:" address is a    |  makes you wonder about the spammer's
spam trap.  DON'T USE IT!  Use:      |  sanity."
jseymour@LinxNet.com                 |   - Ed Foster, "The Gripe Line" 6/24/02



=== And another followup from Verio ===
Path: uni-berlin.de!fu-berlin.de!iad-peer.news.verio.net!news.verio.net
 !dfw-read.news.verio.net.POSTED!not-for-mail
Message-ID: <3E2EF2C1.6030302@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120
  Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: SPEWS S2298 - Revisited
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 13
Date: Wed, 22 Jan 2003 13:36:33 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1043264210 129.250.49.192 (Wed, 22 Jan 2003
  19:36:50 GMT)
NNTP-Posting-Date: Wed, 22 Jan 2003 19:36:50 GMT
Organization: NTT/Verio
Xref: uni-berlin.de news.admin.net-abuse.email:1905046

Spews,

Yesterday morning I made sure that the IP's assigned to IP
Hosts were down by placing a null route on the router they
connected to.  When I originally announced they were down, I
didn't double check the 199.239.133.0/24 range myself.
Please remove the blocks. Thank you.

darren
--
Darren Grabowski
Verio Security & Abuse Team



=== Yet, ip-hosts.com is STILL on Verio ===
Path: uni-berlin.de!fu-berlin.de!uni-erlangen.de!elvis.franken.de
 !chico.franken.de!news.franken.de!news.nl.linux.org!humbolt.nl.linux.org
 !surfnet.nl!rug.nl!erik.selwerd.nl!nobody
From: erik@flits102-126.flits.rug.nl (Erik Warmelink)
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S2298 - Revisited
Date: Thu, 23 Jan 2003 22:20:09 +0100
Organization: Eric Conspiracy Secret Labs
Lines: 38
Message-ID: <9amp0b.61u.ln@erik.selwerd.nl>
References: <3E2EF2C1.6030302@verio.net>
NNTP-Posting-Host: flits102-126.flits.rug.nl
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Trace: info.service.rug.nl 1043357335 28003 129.125.102.126 (23 Jan 2003
  21:28:55 GMT)
X-Complaints-To: newsmaster@rug.nl
NNTP-Posting-Date: Thu, 23 Jan 2003 21:28:55 +0000 (UTC)
X-Newsreader: knews 1.0b.1
X-Eric-Conspiracy: There is no conspiracy
Xref: uni-berlin.de news.admin.net-abuse.email:1906194

In article <3E2EF2C1.6030302@verio.net>,
        Darren Grabowski <firstinitiallastname@verio.net> writes:

> Yesterday morning I made sure that the IP's assigned to IP
> Hosts were down by placing a null route on the router they
> connected to. When I originally announced they were down, I
> didn't double check the 199.239.133.0/24 range myself.

The cheque didn't really bounce? Did the spammers renew their pink
contract? Someone lied to you and told ip-hosts was disconnected?

> Please remove the blocks. Thank you.

Please remove all spammers (like 128.242.102.0/24, who keep trying to
spam my users).

O, by the way:

$ traceroute 69.6.0.8
| traceroute to 69.6.0.8 (69.6.0.8), 30 hops max, 40 byte packets
[snip]
|  9  p1-0-3-0.r01.frnkge02.de.bb.verio.net (129.250.9.5)  14.858 ms
| 10  p4-0-1-0.r01.amstnl02.nl.bb.verio.net (129.250.2.85)  16.621 ms
| 11  p4-0-1-0.r80.nwrknj01.us.bb.verio.net (129.250.2.222)  99.954 ms
| 12  p4-1-3-0.r01.nwrknj01.us.bb.verio.net (129.250.5.41)  99.814 ms
| 13  p16-1-1-1.r21.nycmny01.us.bb.verio.net (129.250.5.13)  99.945 ms
| 14  p16-1-0-1.r21.asbnva01.us.bb.verio.net (129.250.5.99)  106.786 ms
| 15  p64-0-0-0.r20.asbnva01.us.bb.verio.net (129.250.2.34)  107.899 ms
| 16  p16-3-0-0.r00.stngva01.us.bb.verio.net (129.250.2.74)  109.589 ms
| 17  p16-0-0-0.r02.stngva01.us.bb.verio.net (129.250.5.15)  108.603 ms
| 18  p4-1-0-0.r00.miamfl01.us.bb.verio.net (129.250.2.110)  133.519 ms
| 19  ge-1-1.a03.miamfl01.us.ra.verio.net (129.250.26.199)  782.474 ms
| 20  fa-3-1.a03.miamfl01.us.ce.verio.net (157.238.179.154)  134.518 ms
| 21  69.6.0.18 (69.6.0.18)  134.472 ms
| 22  ip-hosts.com (69.6.0.8)  134.695 ms

--
erik@selwerd.nl




=== And yet another lie from Verio ===
Message-ID: <3E319E86.1080505@verio.net>
From: Darren Grabowski <firstinitiallastname@verio.net>
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.2) Gecko/20021120 Netscape/7.01
X-Accept-Language: en-us, en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: SPEWS S1573
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Lines: 10
Date: Fri, 24 Jan 2003 14:13:58 -0600
NNTP-Posting-Host: 129.250.49.192
X-Complaints-To: abuse@verio.net
X-Trace: dfw-read.news.verio.net 1043439255 129.250.49.192 (Fri, 24 Jan 2003 20:14:15 GMT)
NNTP-Posting-Date: Fri, 24 Jan 2003 20:14:15 GMT
Organization: NTT/Verio


X9 Integrated has been terminated for AUP violations.

1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio)
1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us)

darren
--
Darren Grabowski
Verio Security & Abuse Team



=== Reply ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sjc70.webusenet.com
 !news.webusenet.com!sn-xit-02!sn-xit-06!sn-xit-01!sn-post-01!supernews.com
 !corp.supernews.com!not-for-mail
From: NoLegs <no_legs01@yahoo.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S1573 [Attn: SPEWS X9 Integrated still up]
Followup-To: news.admin.net-abuse.email
Date: Fri, 24 Jan 2003 23:57:04 -0500
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <47643voca39cm4vmfhvsq8ggl15v6mlv67@4ax.com>
References: <3E319E86.1080505@verio.net>
X-Newsreader: Forte Agent 1.91/32.564
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@supernews.com
Lines: 83
Xref: uni-berlin.de news.admin.net-abuse.email:1907344

On Fri, 24 Jan 2003 14:13:58 -0600, Darren Grabowski
<firstinitiallastname@verio.net> wrote:

>X9 Integrated has been terminated for AUP violations.
>
>1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio)
>1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us)
>
>darren

X9 Integrated is still there! You did not remove them!

Regards,
NoLegs

 11   196 ms   210 ms   195 ms  p16-2-0-0.r01.dllstx01.us.bb.verio.net
[129.250.
3.29]
 12   206 ms   200 ms   210 ms  p4-1-0-0.r01.kscymo02.us.bb.verio.net
[129.250.4
.38]
 13   186 ms   210 ms   230 ms  ge-1-1-0.a00.kscymo02.us.ra.verio.net
[129.250.2
5.98]
 14   386 ms   410 ms   395 ms  ge-1-1.a02.kscymo02.us.ra.verio.net
[129.250.25.
84]
 15   210 ms   220 ms   220 ms  fa-2-5.a02.kscymo02.us.ce.verio.net
[128.242.0.2
54]
 16   250 ms   280 ms   220 ms  x9i.com [128.242.160.16]

Registrant:
    X9 Integrated
    Domain Management
    3111 Wyandotte
    Suite 202
    Kansas City, Missouri 64111
    US
    816-935-6933
    45745@whois.gkg.net

Administrative Contact:
    X9 Integrated
    Domain Management
    3111 Wyandotte
    Suite 202
    Kansas City, Missouri 64111
    US
    816-935-6933
    45745@whois.gkg.net

Technical Contact:
    X9 Integrated
    Domain Management
    3111 Wyandotte
    Suite 202
    Kansas City, Missouri 64111
    US
    816-935-6933
    45745@whois.gkg.net

Billing Contact
    X9 Integrated
    Domain Management
    3111 Wyandotte
    Suite 202
    Kansas City, Missouri 64111
    US
    816-935-6933
    45745@whois.gkg.net

    Registrar..: gkg.net (http://register.gkg.net/)
    Domain Name: X9I.COM
 Created on..............: 19-NOV-2002
 Expires on..............: 19-NOV-2003
 Record last updated on..: 09-DEC-2002

    Domain servers in listed order:

    NS1.X9I.COM         128.242.160.10
    NS2.X9I.COM         128.242.160.11


    
=== My reply ===
Path: uni-berlin.de!cust-62-219-88-92.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-Jan+nanae@2003.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S1573
Date: 25 Jan 2003 13:09:07 GMT
Organization: Private person
Lines: 53
Sender: Alexander Sheremet <usenet-Jan+nanae@2003.dolphinwave.org>
Message-ID: <slrnb3531q.631.usenet-Jan+nanae@orca.dolphinwave.org>
References: <3E319E86.1080505@verio.net>
NNTP-Posting-Host: cust-62-219-88-92.cust.bezeqint.net (62.219.88.92)
X-Trace: fu-berlin.de 1043500147 30813904 62.219.88.92 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1907468

In message <3E319E86.1080505@verio.net> Darren Grabowski wrote:

>
> X9 Integrated has been terminated for AUP violations.
>
> 1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio)
> 1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us)
>
> darren
> --
> Darren Grabowski
> Verio Security & Abuse Team

So, Darren, screwed again, the second time in just one week?

$ host x9i.com
x9i.com has address 128.242.160.16

$ wget -S -O - x9i.com
--15:02:56--  http://x9i.com/
           => `-'
Resolving x9i.com... done.
Connecting to x9i.com[128.242.160.16]:80... connected.
HTTP request sent, awaiting response...
 1 HTTP/1.0 200 OK
 2 Date: Sat, 25 Jan 2003 12:58:21 GMT
 3 Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0 PHP/4.2.3
  FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b
 4 Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT
 5 ETag: "1ff0b-3c1e-3e1f03fc"
 6 Accept-Ranges: bytes
 7 Content-Length: 15390
 8 Content-Type: text/html
 9 Age: 464
10 X-Cache: HIT from proxy.interal.co.il
11 Connection: keep-alive

<html>
<head>
<title>X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers,
Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller Hosting
Plans, Reseller Dedicated Server Plans, Budget Hosting</title>
<...>

X9 Integrated is still happily alive on the same Verio IP, 16+ hours since
the claimed "termination".

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461


 
=== Sam Spade confirms, the site is still alive ===
=== http://samspade.org/t/safe?u=http%3A%2F%2Fx9i.com ===

GET / HTTP/1.1
Host: x9i.com
Connection: close


Read 8192 bytes from host x9i.com, path /

HTTP/1.1 200 OK
Date: Sat, 25 Jan 2003 13:26:05 GMT
Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0 PHP/4.2.3 FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b
Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT
ETag: "1ff0b-3c1e-3e1f03fc"
Accept-Ranges: bytes
Content-Length: 15390
Connection: close
Content-Type: text/html

<html>
<head>
<title>X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers, 
Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller Hosting 
Plans, Reseller Dedicated Server Plans, Budget Hosting</title>
<...>



=== Explanation of this situation with X9 Integrated, by the new owner ===
Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!cyclone.mw.ipsvc.net
 !news.mw.ipsvc.net!cyclone.kc.rr.com!cyclone3.kc.rr.com!news3.kc.rr.com
 !twister.rdc-kc.rr.com.POSTED!53ab2750!not-for-mail
From: "brian" <b-news-admin-net-abuse-email@mwis.net>
Newsgroups: news.admin.net-abuse.email
References: <3E319E86.1080505@verio.net>
  <slrnb3531q.631.usenet-Jan+nanae@orca.dolphinwave.org>
Subject: Re: SPEWS S1573
Lines: 133
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2600.0000
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
Message-ID: <UdBY9.58695$Gm2.1320893@twister.rdc-kc.rr.com>
Date: Sat, 25 Jan 2003 19:05:24 GMT
NNTP-Posting-Host: 24.166.183.136
X-Complaints-To: abuse@rr.com
X-Trace: twister.rdc-kc.rr.com 1043521524 24.166.183.136 (Sat, 25 Jan 2003
  13:05:24 CST)
NNTP-Posting-Date: Sat, 25 Jan 2003 13:05:24 CST
Xref: uni-berlin.de news.admin.net-abuse.email:1907603

Darren has in fact removed the X9 Verio Circuit yesterday as of 2:10PM CST.

Allow me to explain what has happened.. Frank the owner of X9I last week
sold the assets of his company to me due to a divorce he is facing with his
wife. With the assets came his customer base more or less, which I had a
small grasp on. but then again this was an asset acquisition and I did not
count on all the customers to stay due to poor customer service they had
experienced. Come to find out X9I has been hosting a Spam provider known as
IOHOSTING.US and IOMARKETING.US(input output marketing/hosting). I have
spent most of this week becoming familiar with the customer base and had in
fact talked to Rusty the owner of IO many times over the phone and was under
the impression he was a just a Virtual Hosting provider.

Thursday night at around 9PM I received an email Darren had sent prior that
day saying that X9I's circuit would be revoked Friday at 2:00 PM CST due to
AUP violations. Of course I jumped all over this because I was not aware of
any such violations.. But it seems there were some 1200 complaints received
recently and Frank the old owner of X9I had never paid much attention to
Verio and other groups when they sent abuse complaints.. I can only assume
he was trying to milk his spammer account and figured everyone would go away
given time.

With Darren's assistance I had identified who the spammer was (IOHOSTING) by
the IP's in his abuse complaints :
128.242.160.103
128.242.160.108
128.242.160.113
128.242.160.115
128.242.160.114
128.242.160.110

I immediately turned off IO's Ethernet port and sent Rusty the owner an
email saying his service had been terminated permanently at about 11:30 AM
CST. I then proceeded to talk with Darren to see if I could salvage the
circuit as I was not done moving customers over to my Verio line and
reassigning IP's to their machines, and having the line shut down over a
weekend would more or less put me out of business. He explained that he
could not do this because of the situation, so of course like any provider I
tried looking for other possible solutions. Knowing once the X9i circuit was
canceled his IP range would become free I contacted the Verio Engineers in
charge of my circuit to see if I could obtain the IPs.

I received the OK that I could obtain his IP's and shortly after Darren shut
off his circuit Midwest Internet Services acquired one of two of X9's /24 ip
blocks which became routed to me :

Midwest Internet (NETBLK-A012-128-242-160-0) A012-128-242-160-0
                                               128.242.160.0 -
128.242.160.255
Verio, Inc. - Midwest (NETBLK-VRIO-128-242-160) VRIO-128-242-160
                                               128.242.160.0 -
128.242.167.255

Let me state for the record that if I had known about the abuse complaints I
would have shut off IOhosting prior to Friday, but I simply did not. When
trying to sell your hosting provider one of the last things I could see
being mentioned to me is that the IP range is listed on spews and that there
is a good possibility that the circuit will be turned off soon. Darren has
done his job in turning off the Circuit and also in getting the spammers off
Verios network. I however have only taken over the IP block for a short
period so that I can migrate customers to my block and rid myself of this
problem. The IP's being in use by another provider should NOT be taken in
any way that Verio is simply moving around spammers. A simple dig would
reveal that IOhosting and any of their other domains have moved to another
network not at all associated with my company and or Verio.

I hope that this will suffice in answering everyone's questions, and hope
that it will also stop the attacks on Darren's professionalism.
If there are still remaining questions, I will do my best to answer them.

Regards,

Brian

"Dolphin" <usenet-Jan+nanae@2003.dolphinwave.org> wrote in message
news:slrnb3531q.631.usenet-Jan+nanae@orca.dolphinwave.org...
> In message <3E319E86.1080505@verio.net> Darren Grabowski wrote:
>
> >
> > X9 Integrated has been terminated for AUP violations.
> >
> > 1, 128.242.160.0 - 128.242.160.255, X9 / iohosting.us (Verio)
> > 1, 128.242.158.0 - 128.242.162.255, Verio (X9 / iohosting.us)
> >
> > darren
> > --
> > Darren Grabowski
> > Verio Security & Abuse Team
>
> So, Darren, screwed again, the second time in just one week?
>
> $ host x9i.com
> x9i.com has address 128.242.160.16
>
> $ wget -S -O - x9i.com
> --15:02:56--  http://x9i.com/
>            => `-'
> Resolving x9i.com... done.
> Connecting to x9i.com[128.242.160.16]:80... connected.
> HTTP request sent, awaiting response...
>  1 HTTP/1.0 200 OK
>  2 Date: Sat, 25 Jan 2003 12:58:21 GMT
>  3 Server: Apache/1.3.27 (Unix) mod_log_bytes/0.3 mod_bwlimited/1.0
PHP/4.2.3 FrontPage/5.0.2.2510 mod_ssl/2.8.11 OpenSSL/0.9.6b
>  4 Last-Modified: Fri, 10 Jan 2003 17:33:48 GMT
>  5 ETag: "1ff0b-3c1e-3e1f03fc"
>  6 Accept-Ranges: bytes
>  7 Content-Length: 15390
>  8 Content-Type: text/html
>  9 Age: 464
> 10 X-Cache: HIT from proxy.interal.co.il
> 11 Connection: keep-alive
>
> <html>
> <head>
> <title>X9 Integrated - Web Site Hosting, IRC Hosting, Dedicated Servers,
> Broadband Connectivity, Computer Sales, Turn Key Solutions, Reseller
Hosting
> Plans, Reseller Dedicated Server Plans, Budget Hosting</title>
> <...>
>
> X9 Integrated is still happily alive on the same Verio IP, 16+ hours since
> the claimed "termination".
>
> Dolphin.
>
> --
>  URL: http://www.DolphinWave.org
> Mail: on the web page (no spam)
>  ICQ: 6615461



=== And Verio still ignores their spammers ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed2.easynews.com
 !newsfeed1.easynews.com!easynews.com!easynews!novia!newscene.com!newscene.com
 !newscene!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: More verio
Date: 14 Feb 2003 12:58:17 -0600
Lines: 68
Message-ID: <undq4v8uu65gjikdmtuo7llnc7qhmeu34t@4ax.com>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:OGNv3WOP64NsJ/iZeGtxHY00zOs=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1921707

(posted to news.admin.net-abuse.email)

Spam sent from: 129.250.225.27 (globalmedia.org / Verio)
http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&safe=off&q=globalmedia.o
 rg&btnG=Google+Search
peddling a cesspool of spammers:

www.freepass.com      129.250.225.52  (Looooong history of abuse,
verio still ignoring complaint)  See:

http://groups.google.com/groups?q=freepass.com&hl=en&lr=&safe=off&btnG=Google+Se
 arch&site=groups

www.sexgallery.com   66.230.208.20

www.pornvideos.com    129.250.225.31

Spam also included nonverio scum:
clickcash.webpower.com      205.246.203.36
www.globalpotd.com     66.230.208.20
www.blackonwhite.com      216.130.197.246  (Dynamic Pipe \Pythonvideo)
www.herbalo.com      209.134.35.63
www.asianlust.net      209.203.164.89
www.extremepenetration.net   200.24.156.211
www.adultrevenueservice.com    216.127.42.60

Full details in .sightings.

Spam headers:
====================================================
Return-path: <editorgcy@025714.freepass.com>
Envelope-to: removed
Delivery-date: Fri, 14 Feb 2003 04:56:53 -0500
Received: from stmp3.globalmedia.org ([129.250.225.27])
        by paris.dnsrouter.com with esmtp (Exim 3.36 #1)
        id 18jcaT-0007Xy-00
        for removed; Fri, 14 Feb 2003 04:56:53 -0500
Received: from localhost (localhost.globalmedia.org [127.0.0.1])
        by stmp3.globalmedia.org (Postfix) with SMTP id 513BC82503
        for <removed>; Fri, 14 Feb 2003 04:57:02 -0500 (EST)
Subject: khok - Black on White action...get your Free password now!
ueqs tmrb
To: removed
From: F R E E P A S S cyjxkkokq <editorgcy@025514.freepass.com>
MIME-Version: 1.0
Content-type: text/html; charset="iso-8859-1"
Comment: If you do not recall requesting this email,
Comment: please accept our apologies and visit
Comment:
http://www.freepass.com/php-bin/unsubscribe.php?id=89660c1f26g04eb2
for immediate removal.
Comment: 8930c1f66804eb2.16a36h351c
X-Mailer: Microsoft Outlook, Build 10.0.2627
Message-Id: <20030213095702.513BC82603@stmp3.globalmedia.org>
Date: Fri, 14 Feb 2003 04:57:02 -0500 (EST)
================================================================

Notes about the above spam:

It appears to have a random "from", presumably changing with each
email, perhaps just periodically.

It has hashbusting random codes to attempt to bypass filters.

I never requested it, of course.

Any idiot want to claim it's not spam?

William R. James




=== Verio still is clueless - forwards complaints to spammers ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-01
 !sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: George Crissman <stradsBIKINI@excite.com>
Newsgroups: news.admin.net-abuse.email
Subject: Does Verio Get It?
Date: Thu, 20 Feb 2003 14:51:42 -0800
Organization: Please remove BIKINI to send email.  Thank you.
Message-ID: <9rma5v02bmjrq2t29g1b170ljurg1abh44@4ax.com>
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-Complaints-To: abuse@supernews.com
Lines: 24
Xref: uni-berlin.de news.admin.net-abuse.email:1925551

The answer, unfortunately, is: no.

============= The Complaint ===================
Attn:  Verio De
> Received: from mail08b.verio.de (mail08b.verio.de [213.198.55.87])
Please stop your spammer.  Thank you.

============== The Response ===================
Hello Mr. Crissman,

many thanks for your mail. We informed our customer.

Best Regards,

Verio Support Team

================= Ahrrrr ======================

George Crissman

DHS Club:  The Club Built On Spam
URL:  http://www.theclubbuiltonspam.com
Got News about DHS Club activities?
stradsBIKINI@excite.com (Remove BIKINI to reply)




=== Verio plans to stop their spam-support? ===
Newsgroups: news.admin.net-abuse.email
Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!news2.euro.net!uunet
 !ash.uu.net!xyzzy!nntp
From: "R. Scott" <washingtonham@yahoo.com>
Subject: I think maybe someday Verio will be a good guy.
X-Nntp-Posting-Host: e131585.nw.nos.boeing.com
Content-Type: text/plain; charset=us-ascii
Message-ID: <3E566513.8107F182@yahoo.com>
Sender: nntp@news.boeing.com (Boeing NNTP News Access)
Content-Transfer-Encoding: 7bit
Organization: Im NOT!!!
X-Accept-Language: en
Mime-Version: 1.0
Date: Fri, 21 Feb 2003 17:42:43 GMT
X-Mailer: Mozilla 4.73 [en]C-CCK-MCD Boeing Kit  (Windows NT 5.0; U)
Lines: 15
Xref: uni-berlin.de news.admin.net-abuse.email:1926234

From an Insider I know personally and trust.  NO, I wont reveal the
source, but again, I consider him trustworthy.  It may take a little
time, you cant turn a super tanker around fast either.

[QUOTE]
Yeah, XXXXXX, we know. We are in the process of a major initiative in
regards to spammers. To that end, we have changed our AUP, we are
reviewing customer accounts for spammers and we are paying more
attention to new accounts.

This is a big issue and it's being addressed.
[\QUOTE]


Lets hope they are successful.



=== My reply ===
Path: uni-berlin.de!cust-62-219-88-50.cust.bezeqint.NET!not-for-mail
From: Dolphin <usenet-Feb+nanae@2003.dolphinwave.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: I think maybe someday Verio will be a good guy.
Date: 21 Feb 2003 19:21:27 GMT
Organization: Private person
Lines: 51
Sender: Alexander Sheremet <usenet-Feb+nanae@2003.dolphinwave.org>
Message-ID: <slrnb5cv1h.39l.usenet-Feb+nanae@orca.dolphinwave.org>
References: <3E566513.8107F182@yahoo.com>
NNTP-Posting-Host: cust-62-219-88-50.cust.bezeqint.net (62.219.88.50)
X-Trace: fu-berlin.de 1045855287 52158310 62.219.88.50 (16 [104765])
X-SPEWS: I am not
X-newsgroup: news.admin.net-abuse.email
X-PGP-key: 0xAAE2A579
X-PGP-key-fingerprint: 5B8E 3B28 7199 8CD3 4133  FA87 000B 0FB6 AAE2 A579
User-Agent: slrn/0.9.7.4 (Linux)
Xref: uni-berlin.de news.admin.net-abuse.email:1926350

On Fri, 21 Feb 2003 17:42:43 GMT R. Scott <washingtonham@yahoo.com>
 wrote in message <3E566513.8107F182@yahoo.com>:
> From an Insider I know personally and trust.  NO, I wont reveal the
> source, but again, I consider him trustworthy.  It may take a little
> time, you cant turn a super tanker around fast either.
>
> [QUOTE]
> Yeah, XXXXXX, we know. We are in the process of a major initiative in
> regards to spammers.

Yeah, like they were clueless and just found out that spamming is bad.
Suure. I little bit way too late.

> To that end, we have changed our AUP,

What? They had a very good AUP, they didn't have to change anything there.
They had to *ENFORCE* it, and that it. The only thing they had to change
is their upper management. I highly doubt that I will ever think of Verio
anything else than "THE spamhaus", as long as their pro-spam management is
still sitting there.

> we are
> reviewing customer accounts for spammers and we are paying more
> attention to new accounts.

The time will tell, but I don't look at the watches for Verio anylonger.

> This is a big issue and it's being addressed.

It was a big issue a year+ ago. Now, when Verio is blocklisted to the hell
and back, it's not an issue for the rest of the Internet anylonger. They
are welcome to follow AGIS, the path they've knowingly choosed long time
ago.

> [\QUOTE]
>
>
> Lets hope they are successful.

Their success or failure does not bother those who gave up on them. They
reape the results.

http://www.DolphinWave.org/spam/verio.txt

Dolphin.

--
 URL: http://www.DolphinWave.org
Mail: on the web page (no spam)
 ICQ: 6615461




=== What people think about it - 1 ===
Path: uni-berlin.de!fu-berlin.de!fr.usenet-edu.net!usenet-edu.net!teaser.fr
 !easynet-quince!easynet.net!easynet-post1!not-for-mail
From: "Captain Flack" <captain.flack@trumpton-firebrigade.dontevenbother>
Newsgroups: news.admin.net-abuse.email
References: <3E566513.8107F182@yahoo.com> <3E567400.DA97FB1C@yah00.c0m>
Subject: Re: I think maybe someday Verio will be a good guy.
Date: Fri, 21 Feb 2003 18:52:25 -0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Lines: 33
Message-ID: <3e5675e0$0$11986$afc38c87@news.easynet.co.uk>
Organization: [posted via Easynet UK]
NNTP-Posting-Host: 212.135.252.149
X-Trace: DXC==F;dMS7hTB=AXlcS4lE[A:_ZPoGbHe5W3nelX@LH>DP8W:QXT4nM30:
Xref: uni-berlin.de news.admin.net-abuse.email:1926298

"Jon Newton" <newt0n_j0n@yah00.c0m> wrote in message
news:3E567400.DA97FB1C@yah00.c0m...
>
>
> "R. Scott" wrote:
> >
> > From an Insider I know personally and trust.  NO, I wont reveal the
> > source, but again, I consider him trustworthy.  It may take a little
> > time, you cant turn a super tanker around fast either.
> >
> > [QUOTE]
> > Yeah, XXXXXX, we know. We are in the process of a major initiative in
> > regards to spammers. To that end, we have changed our AUP, we are
> > reviewing customer accounts for spammers and we are paying more
> > attention to new accounts.
> >
> > This is a big issue and it's being addressed.
> > [\QUOTE]
> >
> > Lets hope they are successful.
>
> Fuck Verio!
>
> They will have to pay me before I remove them from our blocks.

Well said. Said so much more concisely than I managed.

--
Support Trumpton's Striking Firemen
One day there will be a real fire and we'll need them
www.toonhound.com/trumpton-2.jpg



=== What people think about it - 2 ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!feed.news.nacamar.de
 !easynet-quince!easynet.net!easynet-post1!not-for-mail
From: <ids@conservative.com>
Newsgroups: news.admin.net-abuse.email
References: <3E566513.8107F182@yahoo.com>
Subject: Re: I think maybe someday Verio will be a good guy.
Date: Fri, 21 Feb 2003 18:48:53 -0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Lines: 26
Message-ID: <3e56750c$0$12012$afc38c87@news.easynet.co.uk>
Organization: [posted via Easynet UK]
NNTP-Posting-Host: 212.135.252.149
X-Trace: DXC=;QKcg:I@8^;_lGKIeCHY=:FnQJVd5@jR3nelX@LH>DP8W:QXT4nM30:
Xref: uni-berlin.de news.admin.net-abuse.email:1926307

"R. Scott" <washingtonham@yahoo.com> wrote in message
news:3E566513.8107F182@yahoo.com...
> From an Insider I know personally and trust.  NO, I wont reveal the
> source, but again, I consider him trustworthy.  It may take a little
> time, you cant turn a super tanker around fast either.
>
> [QUOTE]
> Yeah, XXXXXX, we know. We are in the process of a major initiative in
> regards to spammers. To that end, we have changed our AUP, we are
> reviewing customer accounts for spammers and we are paying more
> attention to new accounts.
>
> This is a big issue and it's being addressed.
> [\QUOTE]
>
>
> Lets hope they are successful.

I lose count of how many times Verio have said "yeah we lied last time but
this time our cleanup is for real".

Last time I looked they were still upstreaming wholesalebandwidth spamhaus
and a whole bundle of others. Personally I wish this supertanker would sink
because it ain't going to turn round.



=== What people think about it - 3 ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.vmunix.org!newsfeed.stueberl.de
 !peernews3.colt.net!colt.net!easynet-quince!easynet.net!easynet-post1
 !not-for-mail
From: "Captain Flack" <captain.flack@trumpton-firebrigade.dontevenbother>
Newsgroups: news.admin.net-abuse.email
References: <3E566513.8107F182@yahoo.com>
Subject: Re: I think maybe someday Verio will be a good guy.
Date: Fri, 21 Feb 2003 18:43:04 -0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Lines: 35
Message-ID: <3e5673af$0$12000$afc38c87@news.easynet.co.uk>
Organization: [posted via Easynet UK]
NNTP-Posting-Host: 212.135.252.149
X-Trace: DXC=5GN:cFhN5;`3P3k^0Z0ZPa\0F8Qd[dGL`nelX@LH>DPhW:QXT4nM30j
Xref: uni-berlin.de news.admin.net-abuse.email:1926278

"R. Scott" <washingtonham@yahoo.com> wrote in message
news:3E566513.8107F182@yahoo.com...
> From an Insider I know personally and trust.  NO, I wont reveal the
> source, but again, I consider him trustworthy.  It may take a little
> time, you cant turn a super tanker around fast either.
>
> [QUOTE]
> Yeah, XXXXXX, we know. We are in the process of a major initiative in
> regards to spammers. To that end, we have changed our AUP, we are
> reviewing customer accounts for spammers and we are paying more
> attention to new accounts.
>
> This is a big issue and it's being addressed.
> [\QUOTE]
>
>
> Lets hope they are successful.

Verio's reputation is so dire that they are in more private block lists than
any other network. So badly blocked that blackholes.us has to put a nice
clear link on the site because so many Verio customers are having their mail
bounced by admins that use it.

Don't trust anyone at Verio that tells you they're cleaning up. Why should
this time be any different to the last 10?

The world will be a better place when Verio disappears for ever.

--
Support Trumpton's Striking Firemen
One day there will be a real fire and we'll need them
www.toonhound.com/trumpton-2.jpg




=== Verio lies to their customer about their SPEWS listing ===
Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu
 !postnews1.google.com!not-for-mail
From: wcetc@webcreationsetc.com (Web Creations Etc.)
Newsgroups: news.admin.net-abuse.email
Subject: Spews Admin  Please Read
Date: 21 Feb 2003 10:43:07 -0800
Organization: http://groups.google.com/
Lines: 8
Message-ID: <30e5908f.0302211043.4ec76418@posting.google.com>
NNTP-Posting-Host: 66.1.35.26
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1045852987 10352 127.0.0.1 (21 Feb 2003 18:43:07
  GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 21 Feb 2003 18:43:07 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1926273

Recently I found out that our server ip address was listed in Spews as
relaying spam emails. I talked to Verio and they said that I had a
form program in my cgi bin that was allowing this relaying to occur.
This form program now only authorizes our domain to use it. This has
also been fixed on our other servers. Please remove us from your list.

Dee Jay Skinner
Automatit Inc.



=== Reply ===
Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!cyclone.mw.ipsvc.net
 !news.mw.ipsvc.net!cyclone.kc.rr.com!news-west.rr.com!cyclone.austin.rr.com
 !twister.austin.rr.com.POSTED!53ab2750!not-for-mail
From: Steve M -remove despam before rr for reply- <despam@houston.despamrr.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spews Admin  Please Read
Message-ID: <hfuc5v02rv2r302g8ptvi8f46bildh52q1@4ax.com>
Cancel-Lock: sha1:P9wfDrfCQxAs/fw51ygNFZY8JXg=
References: <30e5908f.0302211043.4ec76418@posting.google.com>
X-Newsreader: Forte Free Agent 1.93/32.576 English (American)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.0
Lines: 43
Date: Fri, 21 Feb 2003 19:17:50 GMT
NNTP-Posting-Host: 67.10.69.116
X-Complaints-To: abuse@rr.com
X-Trace: twister.austin.rr.com 1045855070 67.10.69.116 (Fri, 21 Feb 2003
  13:17:50 CST)
NNTP-Posting-Date: Fri, 21 Feb 2003 13:17:50 CST
Organization: Road Runner - Texas
Xref: uni-berlin.de news.admin.net-abuse.email:1926342

On 21 Feb 2003 10:43:07 -0800, wcetc@webcreationsetc.com (Web
Creations Etc.) wrote:

>Recently I found out that our server ip address was listed in Spews as
>relaying spam emails. I talked to Verio and they said that I had a
>form program in my cgi bin that was allowing this relaying to occur.
>This form program now only authorizes our domain to use it. This has
>also been fixed on our other servers. Please remove us from your list.

> Regarding my previous message, here is the ip address that needs
> to be removed from the Spews list.

> 128.121.215.228

> Dee Jay Skinner
> Automatit Inc.

Dee Jay,

Verio lied to you.  Your SPEWS listing has nothing to do with your
form program.  Verio itself is listed, not you.

Did you actually see the SPEWS "evidence" file for your IP?

http://www.spews.org/html/S2317.html

Your IP actually belongs to Verio, and is included in this SPEWS
listing:

1, 128.121.215.242, herbalmeds.org
1, 128.121.215.128/25, Verio (herbalmeds.org)

This usually happens when the ISP (here Verio) ignores repeated
complaints about a spammer (here herbalmeds.org) and then SPEWS
expands the listing to include nearby IP's.

From what I have seen, SPEWS does not punch holes for individuals who
are not spammers.  You're not going to like this, but you need to
either (a) convince Verio to drop herbalmeds.org, (b) send outgoing
email through somebody else, (c) drop Verio, or (d) live with it.

Steven



=== Attorney General complaints is the only way to get Verio to do something ===
Path: uni-berlin.de!fu-berlin.de!cox.net!cyclone1.gnilink.net
 !ngpeer.news.aol.com!audrey-m2.news.aol.com!not-for-mail
Lines: 31
X-Admin: news@aol.com
From: reinbeaux@aol.comnospam (Washington State Resident)
Newsgroups: news.admin.net-abuse.email
Date: 22 Feb 2003 01:03:33 GMT
References: <ec5d5v8uadaltkrsq3v37kmrr9752e53ar@4ax.com>
Organization: AOL http://www.aol.com
Subject: Re: Fscking Verio.Net
Message-ID: <20030221200333.15386.00000064@mb-cr.aol.com>
Xref: uni-berlin.de news.admin.net-abuse.email:1926635

Verio has recently had many Washington State AG complaints filed against them.
From the personal responses back from Verio after I let them know I filed
complaints against them, I take it they do NOT like AG complaints very much -
filing AG complaints against them has been VERY affective for me (lots quicker
than with ATT, Sprint, and Qwest)

List of State and several countries AGs:
http://www.fraud.org/info/links.htm

Colorado AG:
http://www.ago.state.co.us/
attorney.general@state.co.us

Attorney General
1525 Sherman St.
7th floor
Denver, CO 80203
(303)866-4500
FAX: (303)866-5691

Consumer Complaint Line - in Denver and Out of State - 303-866-5189
     Consumer Complaint Line - Outside of Denver but in Colorado -
1-800-222-4444

Nancy
http://members.aol.com/reinbeaux
(a Washington State Resident)
spams billed $500. each in accordance with Chapter 19 RCW
(AOL members:  DO not CC / I have aol.com blocked)
Founding Member Of  P.A.S.S. (P.eople A.gainst S.tupid S.pammers)




=== Verio makes agreements with spammers not to boot them ===
Path: uni-berlin.de!fu-berlin.de!feed.news.nacamar.de!easynet-quince!easynet.net
 !easynet-post2!not-for-mail
From: <ids@conservative.com>
Newsgroups: news.admin.net-abuse.email
References: <iafl5v4jjgkdpfuafrb4rtcqp2r4kutev4@4ax.com>
  <DQz6a.4687$Bb2.670067738@newssvr10.news.prodigy.com>
Subject: Re: wholesalebandwidth updates?
Date: Tue, 25 Feb 2003 11:17:55 -0000
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
Lines: 66
Message-ID: <3e5b5163$0$19301$afc38c87@news.easynet.co.uk>
Organization: [posted via Easynet UK]
NNTP-Posting-Host: 212.135.252.149
X-Trace: DXC=L]@2@5:IXci138G66CA^i`[CITXL[mUOmnelX@LH>DPhW:QXT4nM30j
Xref: uni-berlin.de news.admin.net-abuse.email:1928417

<darryl_INVALID@rbdms_NOSPAM.org> wrote in message
news:DQz6a.4687$Bb2.670067738@newssvr10.news.prodigy.com...
> A somewhat related side story about WHOLESALEBANDWIDTH
> Sometime in December,  I called them about a serious issue from my office.
> They were hosting a company selling generic viagra,  and their client was
> spamming my work address at Pfizer (for those of you who are not aware,
> Pfizer is the mfg and patent holder of Viagra)..
>
> When I did get thru to their main line,  It was answered very
> unprofessionally by someone who sounded like they were in their early
> twenties, who inturn passed off the phone to another twenty-something
> non-professional.
> I explained why I was calling, and connecting them with a Pfizer Attorney
> was fun (hearing the panic thru the receiver was great).
>
> However, from the whole experience..  I concluded WHOLESALEBANDWITH is the
> typical stereo-type spam-supporting operation.
> A Spews block would be appropriate to any ISP that supports them,
although
> I notice that their clients typically spam from a china isp.
>
> Here is something else that is funny:
> their DNS is screwed up... you cannot go to their website
> (www.wholesalebandwidth.com ,  which the dns has been screwed up for
> months)..
> You need to go to the IP address:   http://69.6.0.3/
> try reading their link to the AUP/TOS --   it 404s since their DNS does
not
> work...
> to read it you need to goto:   http://69.6.0.3/terms/ia/
>
> Just another point to show rule#2, and backup my impression of their
> "Professionalism"...
>
> dB The DBA
>
> btw:  a quote from WHOLESALEBANDWIDTH's AUP
> "
> a.. WholesaleBandwidth has a zero tolerance policy for Spam, and may at
its
> discretion participate in any of several anti-Spam services, including RBL
> offered by "mail-abuse.org". Customer shall establish its own anti-Spam
> policies.
> ...
> INDIRECT OR ATTEMPTED VIOLATIONS OF THIS POLICY, AND ACTUAL OR ATTEMPTED
> VIOLATIONS BY A THIRD PARTY ON BEHALF OF CUSTOMER OR A CUSTOMER'S END
USER,
> SHALL BE CONSIDERED VIOLATIONS OF THE POLICY BY SUCH CUSTOMER OR END USER.
> "
>
> funny....  I wonder where they copied the weasel words,  'cause they did
not
> think them up themselves.
>

Yes I gave them a call too. Just got some guy who sounded like the kid with
the squeaky voice who works in the burger bar on the simpsons. He assured me
he couldn't put me through to the "senior" executives of the company though
he did later admit that there is only 3 people at the company, and they work
in the same office (trailer)?

Apparently he stated with some certainly that Verio would not boot them.
That they have some form of agreement with Verio. He refused to elaborate
when I mentioned the term pink contract.




=== Verio's ongoing spam-support ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!novia!newscene.com
 !newscene.com!newscene!novia!novia!sequencer.newscene.com!not-for-mail
From: Wm James <wrjames.remove@spamreaper.org>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S2119 S2257 S1369
Date: 24 Feb 2003 22:17:10 -0600
Lines: 78
Message-ID: <avpl5vglj3muassbuaqkc52bopsmqondaa@4ax.com>
References: <3E5A70CD.6040809@verio.net>
Reply-To: wrjames.remove@spamreaper.org
Cancel-Lock: sha1:R2YpDGRA8RbP1aJAc1nCYnR4Kb4=
X-Newsreader: Forte Agent 1.8/32.548
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
X-NFilter: 1.2.1-b1
Xref: uni-berlin.de news.admin.net-abuse.email:1928301

On Mon, 24 Feb 2003 13:21:49 -0600, Darren Grabowski
<firstinitiallastname@verio.net> wrote:

>Jaze Webservices (iscool.net) has been terminated
>for AUP violations.
>
>S2119 - Merchantcentral
>
>Merchantcentral has been terminated for AUP
>violations.  Swips are coming down shortly, the
>interface is down/down.
>
>1, 130.94.244.129,
>fa1-0-vlan2.7204VXR-gw.bct.mcisi.net / currentmail.com
>1, 130.94.244.141, www.currentmail.com
>1, 130.94.244.238,
>1-1-238.customer.bct.cmailinc.com (Dead?)
>1, 130.94.244.224/27, currentmail / mcisi.net (Verio)
>1, 130.94.244.128/25, currentmail / mcisi.net (Verio)
>1, 130.94.244.0/23, Verio (currentmail / mcisi.net)
>1, 130.94.244.0/23, Verio (currentmail / mcisi.net)
>
>S2257 - cheaptrips
>
>Cheaptrips was terminated a couple weeks ago or so.
>
>2, 128.121.96.112, cheaptrips.com /
>mail.cheaptrips.com / aircourier.org (dead?)
>2, 128.121.96.0/25, Verio (cheaptrips.com /
>aircourier.org)
>
>S1369 - Paul Boes
>
>This was terminated a couple weeks ago or so.
>
>2, 129.250.226.16 - 129.250.226.31, Paul Boes /
>Digital Exposure / detourhosting.net (Verio)
>2, 161.58.238.247, Paul Boes / Digital Exposure /
>dgxinc.com / bulksupport.com / boesconsulting.net
>/ netconstruction.net
>2, 161.58.238.0/24, Paul Boes / Digital Exposure /
>dgxinc.com (Verio) (dead)
>
>
>darren

Bounced checks again Bozo?
What about the spammers you still harbor and protect after many months
of ignoring complaints? :

CashAssistance.com     128.121.126.220      Still active
SmallBizAds.com        128.121.126.220      Still active
8point.com             130.94.247.6         Still active
compu-terra.com        161.58.154.77        Still active
the6habits.com         161.58.151.84        Still active
cigarfrat.com          192.220.111.208      Still active
THEISPGUIDE.COM        204.2.35.38          Still active
postrun.com            128.121.126.220      Still active
makeitbig.tux.nu       168.143.168.162      Still active
redirection.iscool.net 168.143.168.161      Still active
netdomination.com      209.207.250.251      Still active
WEBTOOLS2010.COM       209.207.250.250      Still active
arecool.net            168.143.168.161      Still active
iscool.net             168.143.168.161      Still active
freepass.com           129.250.225.52       Still active

 Now for verio's criminal spammers who peddle porn to children...

pornvideos.com         129.250.225.31       Still active
www.sexgallery.com     129.250.225.49       Still active
And recently moved from 66.230.208.20 to 129.250.225.49 obviously to
get around blocking.  Mighty friendly of you to assist your spammers
like that, you pathetic lying spam whore.

Go crawl back under your rock.

William R. James



=== Other people report the on-going spam-suppor from Verio ===
Path: uni-berlin.de!fu-berlin.de!cox.net!cyclone1.gnilink.net!wn12feed
 !worldnet.att.net!bgtnsc05-news.ops.worldnet.att.net.POSTED!not-for-mail
Message-ID: <3E65F68C.650127AF@excite.com>
From: Buster <curiousjohn@excite.com>
Organization: none
X-Mailer: Mozilla 4.75 [en] (Win98; U)
X-Accept-Language: en
MIME-Version: 1.0
Newsgroups: news.admin.net-abuse.email
Subject: What happened to Verio cleaning up their act?
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Lines: 26
Date: Wed, 05 Mar 2003 13:05:26 GMT
NNTP-Posting-Host: 12.85.167.164
X-Complaints-To: abuse@worldnet.att.net
X-Trace: bgtnsc05-news.ops.worldnet.att.net 1046869526 12.85.167.164 (Wed, 05
  Mar 2003 13:05:26 GMT)
NNTP-Posting-Date: Wed, 05 Mar 2003 13:05:26 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:1933137

I am currently being hammered 3-4 times a day from Verio hosted spamhaus
Magic-Inbox.com, with no action from Verio to date, so I went back to
the beginning of February to see how well they handled my previous
complaints on other spammers.

Out of dozens I complained about, only one (herbalmeds.org) was shut
down and sightings showed they were able to spam for nearly two months
(from December 21 through February 18th) before Verio did anything.

Some of the worst offenders I complained about that are still on Verio
and their history in sightings (just February/March):

http://taxsaleconsultant.com - 3/4, 3/3, 3/2, 3/1, 2/25, 2/21, 2/20,
2/18, 2/16, 2/15, 2/11, 2/10, 2/9, 2/6, 2/5, 2/3, 2/2, 2/1

optinlistservices.com - 3/4, 3/3, 3/2, 2/28, 2/27, 2/26, 2/25, 2/23,
2/22, 2/21, 2/20, 2/19, 2/18, 2/14, 2/12, 2/10, 2/1

trysales.com - 3/1, 2/22, 2/18, 2/13, 2/10, 2/8, 2/7, 2/6, 2/5, 2/4,
2/2, 2/1

And now verio has picked up the prolific Norton spammer:
http://www.antiviruspros.net/mmm7.htm

Perhaps I'm just an extremist, but this doesn't appear to be the record
of someone who is trying to clean up their act...



=== Verio also continues to host the known password and credit card ===
=== stealers ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!feed3.newsreader.com
 !newsreader.com!ngpeer.news.aol.com!audrey-m2.news.aol.com!not-for-mail
Lines: 8
X-Admin: news@aol.com
From: ncalmichl@aol.comspamnott (NCalMichl)
Newsgroups: news.admin.net-abuse.email
Date: 05 Mar 2003 16:48:38 GMT
References: <3E65F68C.650127AF@excite.com>
Organization: AOL http://www.aol.com
Subject: Re: What happened to Verio cleaning up their act?
Message-ID: <20030305114838.27940.00000078@mb-fk.aol.com>
Xref: uni-berlin.de news.admin.net-abuse.email:1933216

From another thread, note that Verio is currently hosting an AOL password
"phisher" at:

http://207.67.219.78/0x28xll348x2048x3394/x01x23x09x95.x01
(Note that due to some spammer techno-tricks, the page may only read properly
when accessed _from_ AOL).

I believe that Verio has hosted quite a few AOL password phisher pages lately.



=== And other spammers ===
Path: uni-berlin.de!fu-berlin.de!nf3.bellglobal.com!sjc70.webusenet.com
 !news.webusenet.com!sn-xit-02!sn-xit-04!sn-xit-06!sn-post-01!supernews.com
 !corp.supernews.com!not-for-mail
From: Tom Betz <tbetz@pobox.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S2459 Another Verio Update
Date: Thu, 20 Mar 2003 15:30:47 -0000
Organization: Anything
Message-ID: <Xns93446AF24E450greenriverordinance@216.168.3.44>
References: <3E78EBE7.9090707@verio.net>
  <k8ki7v0kket8tlko49jd69vr9kir3hom4m@4ax.com>
User-Agent: Xnews/05.08.12
X-Complaints-To: abuse@supernews.com
Lines: 60
Xref: uni-berlin.de news.admin.net-abuse.email:1944512

Wm James <wrjames.remove@spamreaper.org> wrote in
news:k8ki7v0kket8tlko49jd69vr9kir3hom4m@4ax.com:

> On Wed, 19 Mar 2003 16:15:03 -0600, Darren Grabowski
> <firstinitiallastname@verio.net> wrote:
>
>>catalogmax has been terminated.
>>
>>1, 161.58.197.101, catalogmax.net
>>1, 161.58.197.0/25, Verio (catalogmax.net)
>>1, 198.66.199.34, catalogmax.biz / catalogmax.net
>>1, 198.66.199.0/26, Verio (catalogmax.biz /
>>catalogmax.net)
>>1, 161.58.148.41, webmail.catalogmax.biz
>>(www1119.verio-web.com)
>>1, 161.58.148.0/26, Verio (webmail.catalogmax.biz)
>>
>>darren
>
>
> However, the following checks apparently didn't bounce so verio is
> still ignoring all complaints:
>
> CashAssistance.com     128.121.126.220      Still active
> SmallBizAds.com        128.121.126.220      Still active
> 8point.com             130.94.247.6         Still active
> compu-terra.com        161.58.154.77        Still active
> the6habits.com         161.58.151.84        Still active
> cigarfrat.com          192.220.111.208      Still active
> THEISPGUIDE.COM        204.2.35.38          Still active
> postrun.com            128.121.126.220      Still active
> makeitbig.tux.nu       168.143.168.162      Still active
> redirection.iscool.net 168.143.168.161      Still active
> netdomination.com      209.207.250.251      Still active
> WEBTOOLS2010.COM       209.207.250.250      Still active
> arecool.net            168.143.168.161      Still active
> iscool.net             168.143.168.161      Still active
> freepass.com           129.250.225.52       Still active
> topikmail.com          216.167.127.240      Still active
> topiksolutions.com     128.242.204.9        Still active
> lawcomllc.com          216.40.33.117        Still active
> deepdiscountdvd.com    198.65.147.192       Still active

Not to mention:

realmarket.com          192.220.92.11           Still active

... which has been spamming me daily for weeks, and about whom I have
complained each time.

>
>  Now for verio's criminal spammers who peddle porn to children...
>
> pornvideos.com         129.250.225.31       Still active
> sexgallery.com     129.250.225.49       Still active
> And recently moved from 66.230.208.20 to 129.250.225.49 obviously to
> get around blocking.
>
>



=== And Verio listwashes for their spammers, reading reports in NANAE ===
=== but will not terminate the spammers ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sn-xit-02!sn-xit-04
 !sn-xit-01!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: Tom Betz <tbetz@pobox.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: SPEWS S2459 Another Verio Update
Date: Fri, 21 Mar 2003 21:37:34 -0000
Organization: Anything
Message-ID: <Xns9345A9218ADC7greenriverordinance@216.168.3.44>
References: <3E78EBE7.9090707@verio.net>
  <k8ki7v0kket8tlko49jd69vr9kir3hom4m@4ax.com>
  <Xns93446AF24E450greenriverordinance@216.168.3.44>
User-Agent: Xnews/05.08.12
X-Complaints-To: abuse@supernews.com
Lines: 64
Xref: uni-berlin.de news.admin.net-abuse.email:1945539

Tom Betz <tbetz@pobox.com> wrote in
news:Xns93446AF24E450greenriverordinance@216.168.3.44:

> Not to mention:
>
> realmarket.com         192.220.92.11         Still active
>
> ... which has been spamming me daily for weeks, and about whom I have
> complained each time.

Thanks (not!) for the listwash, Darren:

From bounce-message-1383937@lists.n-email.net  Fri Mar 21 14:52:13 2003
Return-Path: <bounce-message-1383937@lists.n-email.net>
X-Original-To: tbetz@cloud9.net
Delivered-To: tbetz@cloud9.net
Received: from localhost (localhost [127.0.0.1])
        by russian-caravan.cloud9.net (Postfix) with ESMTP id 2A54DAA9B
        for <tbetz@cloud9.net>; Fri, 21 Mar 2003 14:52:13 -0500 (EST)
Received: from russian-caravan.cloud9.net (localhost [127.0.0.1])
        by localhost (VaMailArmor-2.0.1.7) id 08975-400F9460;
        Fri, 21 Mar 2003 14:52:13 -0500
Received: from lyris6.neighborhoodemail.com (lyris6.neighborhoodemail.com
[63.79.72.90])
        by russian-caravan.cloud9.net (Postfix) with SMTP id 97471AA94
        for <tbetz@cloud9.net>; Fri, 21 Mar 2003 14:52:12 -0500 (EST)
Message-Id: <LYRIS-1383937-42030-2003.03.21-14.42.42--
tbetz#cloud9.net@lists.n-email.net>
X-lyris-type: goodbye
From: "Lyris ListManager" <lyris@lists.n-email.net>
Reply-To: "Lyris ListManager" <lyris@lists.n-email.net>
To: tbetz@cloud9.net
Subject: You are unsubscribed from RealMarket Today! (HTML)
Date: Fri, 21 Mar 2003 14:42:42 -0500
X-AntiVirus: checked by Vexira MailArmor (version: 2.0.1.7; VAE: 6.18.0.3;
VDF: 6.18.0.18; host: russian-caravan.cloud9.net)
Status: OR

You have been unsubscribed from RealMarket Today!

Your feedback is very important to us, so please take a
moment to tell us what you think of RealMarket Today!
by taking a one question survey -

http://www.realmarket.com/survey/survey1.html


Thank you - RealMarket (questions? - info@realmarket.com)

[ end listwash ]

Now you can start working on

email8.net/email10.net

who continue to spam me.




=== Verio refuses to accept complaints that don't provide the e-mail address ===
=== for listwashing from their spammers' lists ===
Newsgroups: news.admin.net-abuse.email
Subject: Re: Incorrect entry in spews.org
From: Socks <agent01413@my-deja.com>
References: <637a4424.0303230754.24b44377@posting.google.com>
  <b5km89$76l$1@news.directhit.com>
  <slrnb7s0lk.h8o.usenet-Mar+nanae@orca.dolphinwave.org>
Organization: Lumber Cartel
Message-ID: <Xns934787531BB19agent01413mydejacom@207.174.251.62>
User-Agent: Xnews/06.01.10
Date: Sun, 23 Mar 2003 13:10:47 -0700
NNTP-Posting-Host: 207.174.251.62
X-Trace: 23 Mar 2003 13:40:08 -0700, 207.174.251.62
Lines: 32
Path: uni-berlin.de!fu-berlin.de!newsfeed.mathworks.com!bloom-beacon.mit.edu
 !news.colorado.edu!cs.colorado.edu!csnews!coop.net!news.coop.net
 !thoth.nilenet.com!nobody
Xref: uni-berlin.de news.admin.net-abuse.email:1946395

Dolphin <usenet-Mar+nanae@2003.dolphinwave.org> wrote in
news:slrnb7s0lk.h8o.usenet-Mar+nanae@orca.dolphinwave.org:

> On Sun, 23 Mar 2003 11:09:45 -0500 Bruce Pennypacker
> <bruce@pennypacker.org>
>  wrote in message <b5km89$76l$1@news.directhit.com>:
>
> <SNIP>
>>> Can someone please let me know how this error can be remedied.
>>
>> This IP is assigned to Verio, who is about as black as an ISP can
>> get. They regularly host spammers and ignore spam complaints, so the
>> best thing you can do is move to a new provider ASAP.
> <SNIP>
>
> They do even worse. They cooperate with their spammers by actively
> helping them to get rid of those complainers (helping them to "wash"
> their spam lists from those who know how to complain), but keeping
> the spammers connected, despite on numerous complaints. For example:
> http://groups.google.com/groups?selm=Xns9345A9218ADC7greenriverordinanc
> e%40216.168.3.44 (note: Darren is the abuse person of Vario, who posts
> here sometimes, and obviously reads replies, too).


I can personally vouch for that.  Because I refuse to tell them what email
address their spam came in on, so that they can help their spammers
listwash, they won't accept spam complaints from me.  Fine. With the
exception of my spamtraps, I won't accept traffic from them.


--
Bomb Texas - - - They have oil too




=== No comments ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-04
 !sn-xit-06!sn-post-01!supernews.com!news.supernews.com!not-for-mail
From: adam brower <adam@faceville.com>
Newsgroups: news.admin.net-abuse.email
Subject: verio consults spamhaus???
Date: Wed, 26 Mar 2003 16:21:30 -0600
Organization: mypoem.com
Message-ID: <3E8227EB.AD119B9C@faceville.com>
Reply-To: adam@faceville.com
X-Mailer: Mozilla 4.77C-CCK-MCD {C-UDP; EBM-APPLE} (Macintosh; U; PPC)
X-Accept-Language: en,zh,zh-CN
MIME-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Complaints-To: abuse@supernews.com
Lines: 67
Xref: uni-berlin.de news.admin.net-abuse.email:1948615

this just in from verio, presented without comment.

++++++++++++++

As a valued business partner and reseller of Verio products, it?s
important to
share with you what we are doing internally to address the issue of spam being
sent over the Verio network.

First and foremost, we want to give you confidence that Verio is diligently
working on this issue.  Verio does not advocate doing business with spammers.
In fact, our Acceptable Use Policy (?AUP?) prohibits using the Verio
network to
send spam. You can view the Verio AUP at:
  http://verio.com/company/policies/aup.cfm.

For additional information on ways that you can further combat spam, please
visit the Reseller Backroom at:
  https://reseller.securesites.com/marketing/library/spam/spamfighting.html

We are working aggressively to remove spammers from our network. We are also
facilitating relationships and communication with the anti-spam
community and
the owners of the blacklists. Through these efforts, Verio has been able to
accelerate the termination of customers that violate our AUP and successfully
remove Verio IP?s from blacklists.  Since last November, we have terminated
more than 130 spammers.

Terminating spammers is an ongoing challenge as many known spammers are
continuously changing their company name in an effort to conceal their true
identity.   Through due diligence, education, process changes, and
training of
Verio?s sales force, we are working to eliminate the spam that is being sent
over our network. Listed below are changes we have implemented to combat
the ever increasing industry-wide issue:

a.  Using www.Spamhaus.org to provide our sales force, partners, and resellers
with a list of known spammers as a tool to screen out prospects in the
pre-sales process.

b.  Making a list of customers previously terminated for violating our AUP
available to all sales representatives.
c.  Screening all prospects during the credit review process for any
history of spamming.
d.  Screening all contracts against the list of known spammers at time
of order
entry and at time of provisioning.
e.  Providing sales representatives, partners and resellers with a list of
pre-sales questions designed to aid them in screening out those in the spam
business during the pre-sales process.

In addition, when we receive a complaint that an existing Verio customer has
sent spam, we follow a 3 step process that is listed below:

a.  Issue a warning to the customer and solicit feedback;
b.  Educate the customer at which time we ascertain if the customer has adopted
sound opt-in list practices or are willing to do so; and
c.  If we continue to receive complaints, terminate the relationship.

Please send any questions that you have about this initiative to your Reseller
Account Manager.  We hope you recognize that we take this issue
seriously.  As
always, your input and suggestions are greatly appreciated.

Best wishes,

Doug Schneider
President SME Hosting
NTT/VERIO



=== More of Verio harboring blatant spammers and ignoring complaints ===
Path: uni-berlin.de!fu-berlin.de!gail.ripco.com!news-feed.riddles.org.uk
 !sn-xit-03!sn-xit-04!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com
 !not-for-mail
From: Tom Betz <tbetz@pobox.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Verio update SPEWS S2523 S2152
Date: Sat, 26 Apr 2003 16:52:30 -0000
Organization: Some
Message-ID: <Xns936982F492AFgreenriverordinance@216.168.3.44>
References: <3EA9A8BF.4050900@verio.net>
User-Agent: Xnews/06.02.16
X-Face:
  #^=oh~^r5AV^#I3^*+(VAGoCzyvK%%w\/HM"[t&a)rHXo#NR3Z\,"/?_htmx~~gG.>v~+.I|P%it\y
 FS~<y|=8$$p9D3pL}_Em#,fSbyo9KXP+U/CWZMxR>TxS($@5b8?Rn]z3N]~!6XL9A&2T}I,]-T/8wH~
 Ye
X-Complaints-To: abuse@supernews.com
Lines: 11
Xref: uni-berlin.de news.admin.net-abuse.email:1969885

Quoth Darren Grabowski <firstinitiallastname@verio.net> in
news:3EA9A8BF.4050900@verio.net:

> Nitronet has been terminated for AUP violations.

And the email8.net/email10.net/21stcenturyalert.com/21stcenturyoptions.com/
30daysfree.com/data55.net spam consortium continues to spam me twice every
weekday, as it has done for months, and the pink contract just keeps on
pinking along, despite every single spam being reported to you.

Shameful.



=== And still no action from Verio on their spammers for MONTHS! ===
Path: uni-berlin.de!fu-berlin.de!news.tele.dk!news.tele.dk!small.news.tele.dk
 !newsfeed.icl.net!newsfeed.fjserv.net!news.netkonect.net
 !dnews0.news.legend.net.uk!not-for-mail
From: Ian Jennings <ij@microwaredata.co.uk>
Newsgroups: news.admin.net-abuse.email
Subject: Did I see Verio in here?
Date: 8 May 2003 15:24:11 +0100
Organization: Microware Data Services Ltd
Lines: 22
Message-ID: <Xns93759C93EFA00ijmicrowaredatacouk@212.41.160.119>
NNTP-Posting-Host: news.legend.co.uk
X-Trace: news.netkonect.net 1052403855 11892 212.41.160.119 (8 May 2003 14:24:15
  GMT)
X-Complaints-To: usenet@news.netkonect.net
NNTP-Posting-Date: Thu, 8 May 2003 14:24:15 +0000 (UTC)
User-Agent: Xnews/5.04.25
X-Original-NNTP-Posting-Host: easy.go-legend.net
X-Original-Trace: 8 May 2003 15:24:11 +0100, easy.go-legend.net
Xref: uni-berlin.de news.admin.net-abuse.email:1979897

Hi all,

I *thought* I saw someone from Verio in here asking for mercy on some of
their blocks.

Just received a turdlet spamvertising http://207.156.216.57/tools/zx.html
which I first bitched to Verio about on 26th March!! It's *still* alive and
kicking.

Long may they rot.

Penis enlargment pills? Pah! I've been taking them for months and I still
can't get my cock any bigger than 10 or 11".


--
************************************************************
Ian Jennings
Microware Data Services

This post is made entirely from recycled ones and noughts
************************************************************



=== Another proof for the same spammer ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.stueberl.de!peernews3.colt.net
 !colt.net!easynet-thlon3!easynet.net!easynet-post1!not-for-mail
From: <ids@conservative.com>
Newsgroups: news.admin.net-abuse.email
References: <Xns93759C93EFA00ijmicrowaredatacouk@212.41.160.119>
Subject: Re: Did I see Verio in here?
Date: Thu, 8 May 2003 17:32:40 +0100
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Lines: 30
Message-ID: <3eba86b1$0$20850$afc38c87@news.easynet.co.uk>
Organization: [posted via Easynet UK]
NNTP-Posting-Host: 212.135.252.149
X-Trace: DXC=I[MWdIJcUQ@jGg]L48[_lG\0F8Qd[dGL@nelX@LH>DPHW:QXT4nM30J
Xref: uni-berlin.de news.admin.net-abuse.email:1980025

"Ian Jennings" <ij@microwaredata.co.uk> wrote in message
news:Xns93759C93EFA00ijmicrowaredatacouk@212.41.160.119...
> Hi all,
>
> I *thought* I saw someone from Verio in here asking for mercy on some of
> their blocks.
>
> Just received a turdlet spamvertising http://207.156.216.57/tools/zx.html
> which I first bitched to Verio about on 26th March!! It's *still* alive
and
> kicking.
>
> Long may they rot.
>
> Penis enlargment pills? Pah! I've been taking them for months and I still
> can't get my cock any bigger than 10 or 11".
>
>
> --
> ************************************************************
> Ian Jennings
> Microware Data Services
>
> This post is made entirely from recycled ones and noughts
> ************************************************************

Me too, the very same, sent it off to Darren at Verio. Lets hope their check
bounces next month.



=== Replies ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!news.cis.ohio-state.edu
 !nntp.service.ohio-state.edu!not-for-mail
From: "Jay Stuler" <no@no.thanks>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Did I see Verio in here?
Date: Thu, 8 May 2003 12:58:55 -0400
Organization: Ohio State University
Lines: 17
Sender: stuler.1@dhcp065-024-140-061.columbus.rr.com
Message-ID: <b9e244$43j$1@charm.magnus.acs.ohio-state.edu>
References: <Xns93759C93EFA00ijmicrowaredatacouk@212.41.160.119>
  <3eba86b1$0$20850$afc38c87@news.easynet.co.uk>
NNTP-Posting-Host: dhcp065-024-140-061.columbus.rr.com
X-Trace: charm.magnus.acs.ohio-state.edu 1052412868 4211 65.24.140.61 (8 May
  2003 16:54:28 GMT)
X-Complaints-To: abuse@osu.edu
NNTP-Posting-Date: 8 May 2003 16:54:28 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1158
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2800.1165
Xref: uni-berlin.de news.admin.net-abuse.email:1980058


<ids@conservative.com> wrote in message
news:3eba86b1$0$20850$afc38c87@news.easynet.co.uk...
*snip*
>
> Me too, the very same, sent it off to Darren at Verio. Lets hope their
check
> bounces next month.

If they get listed in SPEWS, then Verio will trade them with another ISP for
one of their spammers.
That's how it works - shuffle the spammers around like baseball teams
trading players.
No interruption in pay, minimal interruption for "legitimate" customers.
Swapping spammers is the new pink contract.



=== Even domain registrars kill spammers' domains faster than Verio! ===
=== http://spews.org/html/S2638.html ===

lowlowmortgagequotes
|--------------------
2, 128.121.124.187, lowlowmortgagequotes.com / "pandam.tempdomainname.com" (dead)
2, 128.121.124.128/25, verio.net (lowlowmortgagequotes.com)
0, 128.121.110.0 - 128.121.138.255, verio.net (lowlowmortgagequotes.com)
---------------------|

Spamming.  Host refuses to act on reports of abuse.

UPDATE:  Even DOTSTER kills the domain faster than Verio (secure.net)
         the site!!!
======================================================================
http://www.lowestratesaround.net/index.php?a=richpoo
  http://128.121.124.187/mrt/index.php?a=richpoo

http://www.lowlowmortgagequotes.com/index.php
  => http://128.121.124.187/mrt
======================================================================
   Julio Remirez
   9987 Southwood Dr.
   Dallas, TX 75424
   US

   Registrar: DOTSTER

   Domain Name: LOWLOWMORTGAGEQUOTES.COM

      Created on: 01-MAY-03
      Expires on: 01-MAY-04
      Last Updated on: 01-MAY-03

   Administrative, Technical Contact:
      Remirez, Julio  jremirez@yahoo.com
      9987 Southwood Dr.
      Dallas, TX  75424
      US
      361 887 8969

   Domain servers in listed order:
      NS1.NAMERESOLVE.COM 
      NS2.NAMERESOLVE.COM 
      NS3.NAMERESOLVE.COM 
      NS4.NAMERESOLVE.COM 

   Last Updated on: 12-MAY-03
   Domain servers in listed order:
      NS1.SPAMSHUTDOWN.COM (Dotster kill)
      NS2.SPAMSHUTDOWN.COM 
======================================================================
Received: from 204-117-69-248-dsl.etv.net (204-117-69-248-dsl.etv.net [204.117.69.248])
        by []; Sat, 3 May 2003 12:52:54 -0700 (PDT)
Received: from  [97.5.23.162]
        by 204-117-69-248-dsl.etv.net with ESMTP id 31966618;
        Sat, 03 May 2003 20:50:47 +0000
Message-ID: <v809bm55a-lmf889841h8-x-t-3-9@d70b.frl>
From: "Feel Better" <naturalhealth@yahoo.com>
To: []
Subject: get that girl or guy you always wanted
Date: Sat, 03 May 03 20:50:47 GMT
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 5.00.2919.6700
MIME-Version: 1.0
Content-Type: multipart/alternative;
        boundary="C7CB.35F4DC5"

<HTML><P ALIGN=CENTER><FONT  SIZE=2 PTSIZE=10 FAMILY="SANSSERIF" FACE="Arial" LANG="0"><A HREF="http://www.lowlowmortgagequotes.com/index.php?a=Lender5">Free Mortgage Quote!</A>

<BR>There are over 89,000 mortgage companies in the U.S., which means the process of finding the best loan for you can be a very difficult one.Let us do the hard work for you!
<BR>
Simply spend 2 minutes filling out a short form, press the submit button, and we take it from there... finding the best deals possible, and getting the lenders to contact you! It's short, it's simple, it's free, and it will save you thousands of dollars!
<BR><A HREF="http://www.lowlowmortgagequotes.com/index.php?a=Lender5">Click here for your free quote</A><BR>




If you would believe you received this email in error, or never subscribed to Great Weekly Offers you may unsubscribe by <A HREF="http://ui1.jsuati.com/VLD/unsub/unsub.cfm?">Clicking Here.</A></P></FONT></HTML>
======================================================================



=== Verio forwards all the complaints data to their spammers ===
Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu
 !postnews1.google.com!not-for-mail
From: lloyd.frombriz@caramail.com (Lloyd From Brisbane)
Newsgroups: news.admin.net-abuse.email
Subject: Verio sends your ID to the spammer
Date: 23 Jul 2003 21:30:19 -0700
Organization: http://groups.google.com/
Lines: 17
Message-ID: <62b55418.0307232030.445e3444@posting.google.com>
NNTP-Posting-Host: 152.98.224.135
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1059021020 25525 127.0.0.1 (24 Jul 2003 04:30:20
  GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 24 Jul 2003 04:30:20 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:2032838

So I get spammed, and report the spam to verio. And report. And
report. Finally a human replies and I have to post some evidence on
the web because it's a bitmap, and Verio's system automatically
deletes attachments. I *ask* them to copy the bitmap & use it as they
like, but DO NOT GIVE THE URL TO THE SPAMMER. What happens? Revenge
spam within 48 hours, although to their credit, after A MONTH the
spammer's website is finally dead. My own bloody webpage cut & pasted
right into a turdlet... It took two tries to get an explanation out of
verio (cci'ng legal@ seems to help)...and what did they say?

"We use information sent to us, according to our own discretion to aid
us in enforcing our AUP.  The site is currently not hosted with us."

So NEVER give anything to Verio that can be used by a spammer...they
pass it right along.

LFB.



=== Verio keeps their proxy-hijacking spammers despite on complaints ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!newsfeed2.easynews.com!newsfeed1.easynews.com!easynews.com!easynews!sn-xit-02!sn-xit-06!sn-post-01!supernews.com!corp.supernews.com!not-for-mail
From: rfg@monkeys.com (Ronald F. Guilmette)
Newsgroups: news.admin.net-abuse.email
Subject: Meet The Bullet-Proof Proxy Hijacking Licht Brothers - Daniel and Ernst
Date: Fri, 25 Jul 2003 08:18:54 -0000
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <vi1pvep3jlil1f@corp.supernews.com>
X-Complaints-To: abuse@supernews.com
Lines: 111
Xref: uni-berlin.de news.admin.net-abuse.email:2033605


About three weeks ago I reported to Verio abuse that I had picked up clear
evidence of really MASSIVE criminal open proxy hijacking activity
originating from the following four IP addresses on Verio's network:

161.58.176.134
161.58.176.138
161.58.176.145
161.58.176.154

According to Verio's rwhois server, these all are assigned to one Daniel
Licht of Fleetwood, Pennsylvania:

..
network:IP-Network-Block:161.58.176.138 - 161.58.176.138
network:Org-Name:Daniel Licht
network:Street-Address:12 West Pine St
network:City:Fleetwood
network:State:PA
network:Postal-Code:19522
network:Country-Code:US
..

Now, today, I have been compiling a list of the Top 40 most prolific
open proxy hijackers on the net at the present time.  And what do I
find?  Well, among other things, I find the following three IPs that
have been spewing big-time over the past 48 hours from dialtoneinternet.net,
in Florida.  (I already told dialtoneinternet.net about these criminals
over three weeks ago, but they haven't done squat about that report,
apparently.)

    69.0.231.42    ns.5centdeposit.com
    69.0.231.114   ns.ernstlicht.com
    69.0.231.120   ns5.mojoent.com

These are the *only* three IP addresses that are spewing at the present
time from dialtoneinternet's 69.0.231/24 block.

Now, check the reverse DNS name on that middle one.  Then check the WHOIS
data for `ernstlicht.com':

=====================================================================
Ernst Licht Embroidery and Imports (ERNSTLICHT-DOM)
   347 Main Street, POBox 255
   Oley, PA 19547
   US

   Domain Name: ERNSTLICHT.COM

   Administrative Contact:
      Weidner, Denise  (DW8381)         licht@ENTER.NET
      Ernst Licht Embroidery and Imports
      347 MAIN ST # 255
      OLEY, PA 19547-8779
      US
      (610) 987-3298
   Technical Contact:
      Corsa, Larry  (LC118)             lcorsa@ENTER.NET
      815 N 12TH ST
      ALLENTOWN, PA 18102-1318
      US
      (610) 437-2221 fax: 123 123 1234

   Record expires on 21-Jul-2009.
   Record created on 17-Oct-2002.
   Database last updated on 25-Jul-2003 03:30:44 EDT.

   Domain servers in listed order:

   DNS.ENTER.NET                63.65.0.2
   NS2.ENTER.NET                63.65.0.3
=====================================================================


Well, well, well!  So it seems that Ernst just lives about five miles
south of Daniel there in Pennsylvania!  (I know.  I checked the map.)
How nice!  Brothers should stick together don't cha think?  That's
especially true if they are both involved in the exact same criminal
activies.

Remember, brothers who spam together stay together.


Regards,
rfg


P.S.  I'll bet that Daniel is really happy to be getting bulletproof
hosting on Verio, and that Ernst is real happy to be getting bullet-
proof hosting from dialtoneinternet.net.  Both are still very busy,
hijacking open proxies like crazy, and pumping out the spam, even
as we speak, even though I reported both to their respective providers
over three weeks ago.


P.P.S.  Ernst has a cute little web site, www.ernstlicht.com.  How
does one spell `spam' in Bavarian?

P.P.P.S.  The evidence suggests that the Spamming Licht Brothers either
are, or are in league with whoever owns MOJOENT.COM.  And the spamming
that has been connected to THAT domain goes all of the way back to
January 1999:

http://www.google.com/groups?hl=en&lr=&ie=UTF-8&oe=UTF-8&selm=19990129101214.03043.00000405%40ngol02.aol.com&rnum=2

I really would like to get the Licht Brothers in the back room and under
some hot lights and ask them a few pointed questions.

Is anybody here physically near to this part of Pennsylvania?  I'll give
$75 bucks for an _authentic_ picture or either Licht brother, provided
it is close enough to make out facial details, and not too grainy.




=== And Verio still ignores complaints, sending their usual lies ===
Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu
 !postnews1.google.com!not-for-mail
From: iebsk001@sneakemail.com (Spam Reporter)
Newsgroups: news.admin.net-abuse.email
Subject: Open response to Verio
Date: 4 Sep 2003 06:29:31 -0700
Organization: http://groups.google.com/
Lines: 118
Message-ID: <f63cd5a8.0309040529.78f55c10@posting.google.com>
NNTP-Posting-Host: 68.23.215.31
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Trace: posting.google.com 1062682173 13825 127.0.0.1 (4 Sep 2003 13:29:33 GMT)
X-Complaints-To: groups-abuse@google.com
NNTP-Posting-Date: 4 Sep 2003 13:29:33 GMT
Xref: uni-berlin.de news.admin.net-abuse.email:2061709

Response is to a Verio drone for the spam complaint that is excerpted
at the end of the message.  I'm surprised I even got a response -
maybe it's my personal bitchlist of about 150 Verio email address
contacts finally wearing them down?

> -----Original Message-----
> From: Levent Oyken support@viaverio.com
> Sent: Thursday, September 04, 2003 9:03 AM
> To: x
> Subject: Re: [IDS-5801810] UBE: WARNING - OFFICIAL NOTICE
>
> Dear Webmaster,
>
> Thank you for contacting the Abuse Department.
>
>  We have received your complaint regarding unsolicited E-mail from
> someone using our services. Be assured that the appropriate actions
> (Warning, suspension or deletion) have been taken to resolve
> this issue. We apologize for any inconvenience that this may
> have caused you or your company.
>
> Why Bulk E-mail is Bad Business http://www.twowriters.net/spam.htm
>
> Best Regards,
>
> Account Abuse

Which would explain why there is another spam report posted into NANAS
just hours ago:

http://groups.google.com/groups?selm=_xB5b.15693%24R32.531957%40news2.tin.it

Which would explain why the website still connects just fine with or
witthout the redirect.

What action did you take?  Why on earth is this website still up?
Let's look at the reasons why it should be down:

* There are four spam complaints in NANAS.

  Each posted complaint represents hundreds of complaints
  that were not posted, thousands of spams that were not
  complained about and tens of thousands of spams that were
  not delivered.

* There are over 50 SpamCop reports.

  You would have received more of them if you accepted
  munged reports, and you would get more unmunged
  reports if you didn't have the reputation for sending
  complaints to your customers for listwashing.

* All of the spam reports are from open proxies and relays.
* The website employs a redirect that, given the above
  facts, is slimy as hell and you know it.

Let's examine the reasons why you should keep this website up:

* Their checks are still good.
* Verio lies about taking action (you probably didn't even "warn"
  the spammers).
* Verio provide spam support and doesn't care who knows it.
* Verio are as bad as the spammers.

You will continue to get spam reports shotgunned to every address I
can find for your company and your mail will forever not be welcome on
my servers as long as you refuse to actually address abuse issues.

This reply is being posted to NANAE in the hopes that it will be used
as evidence for the IDP that Verio so richly deserves.


> ==== Excerpt from your message received 8/31/2003 10:24:23 EDT ====
> >ORIGIN: 220.124.102.2
> > ==> support@kornet.net, postmaster@kornet.net, abuse@kornet.net,
> >     spamrelay@certcc.or.kr, ip@ns.kornet.net
> >
> >URL: http://www.pc-man.biz [216.168.224.70 /
> wf.networksolutions.com]
> >==> pezoll@attglobal.net, abuse@networksolutions.com,
> >     privacy@networksolutions.com, noc@netsol.com,
> >     postmaster@networksolutions.com, postmaster@netsol.com
> >
> >URL REDIRECTS TO: http://www.manpc.com [198.66.213.69 /
> ussa3.com] ==>
> >wgalway@attglobal.net, speigee@attglobal.net, Verio Bitch-list
> >
> >X-Apparently-To: x via web80202.mail.yahoo.com; 31 Aug 2003 07:02:45
> >-0700
> >(PDT)
> >X-YahooFilteredBulk: 220.124.102.2
> >Return-Path: <abc-777720250julia_aom@yahoo.com>
> >Received: from yipvmc-ext.prodigy.net  (EHLO yipvmc.prodigy.net)
> >(207.115.63.30)
> >  by mta806.mail.yahoo.com with SMTP; 31 Aug 2003 07:02:45
> -0700 (PDT)
> >X-Header-Overseas: Mail.from.Overseas.source.220.124.102.2
> >X-Header-NoReverseIP: IP.name.lookup.failed[220.124.102.2]
> >X-Originating-IP: [220.124.102.2]
> >Received: from 220.124.102.2 ([220.124.102.2])
> >by yipvmc.prodigy.net (8.12.9/8.12.3) with SMTP id h7VE2gCU574042
> >for <x>; Sun, 31 Aug 2003 10:02:43 -0400
> >Message-ID: <20030821896.27284.qmail@yahoo.com>
> >Date: Sun, 31 Aug 2003 08:11:02 -0700
> >From: "PC-man" <abc-777720250julia_aom@yahoo.com>
> >Subject: WARNING - OFFICIAL NOTICE
> >To: <x>
> >MIME-Version: 1.0
> >Content-Type: text/html; charset=iso-8859-1
> >
> ><HTML><P ALIGN=CENTER><FONT  SIZE=3 PTSIZE=10><BR> </FONT><FONT
> >COLOR="#ff0000" SIZE=4 PTSIZE=11>Computer holding NOW looking for
> >partners WORLDWIDE !</FONT><FONT  COLOR="#000000" SIZE=3
> PTSIZE=10><BR>
> ><BR> <BR>
> ></FONT><FONT  SIZE=4 PTSIZE=11><B>Want to do business with us?<BR>
> ></B>We are ready to offer you the best conditions of business. ...
>



=== Verio moves their block-listed spammers to new IPs ===
Newsgroups: news.admin.net-abuse.blocklisting
Path: uni-berlin.de!fu-berlin.de!logbridge.uoregon.edu!newsfeed.stanford.edu
 !zorac!blocklisting.com!robomod!not-for-mail
From: Claes T <nanabl@nejtillspam.cjb.net>
Subject:  Re: Spews removal request
Approved: NANAB Moderators <moderators@blocklisting.com>
Content-Type:  text/plain; charset=us-ascii
X-Newsreader: Forte Agent 1.9/32.560
X-Complaints-To: abuse@abc.se
Sender: nanab@zorch.sf-bay.org (Scott Hazen Mueller)
Nntp-Posting-Date: Thu, 20 Nov 2003 02:14:51 +0000 (UTC)
Content-Transfer-Encoding:  7bit
NNTP-Posting-Host: h30n5c1o299.bredband.skanova.com
Organization:  DoNotSpam, eventhough e-address IS valid
Message-ID:  <so7orvg8a5lm519k34pp6gg8fbhqufsb6g@4ax.com>
References:  <b9f13df9.0311191227.4b1a739a@posting.google.com>
X-Trace: oden.abc.se 1069294491 28070 217.211.246.30 (20 Nov 2003 02:14:51 GMT)
Mime-Version:  1.0
Date: Thu, 20 Nov 2003 00:19:41 GMT
X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting
Lines: 41
Xref: uni-berlin.de news.admin.net-abuse.blocklisting:2641


S1358

On Wed, 19 Nov 2003 23:26:10 GMT, bimal_linux@yahoo.com (Bimal) wrote:

>Few of our customers started complaining that they are not able to
>receive mails from our mailserver. We recently shifted to the new n/w
>and fond that our IP range (198.87.242.0 - 198.87.242.254) is blocked
>by Spews few months back. We are not performing spamming and please
>remove our IP from the black list.

1, 198.87.240.0 - 198.87.240.255, mach10hosting.com
(genesisinvestmentcapital.com) (Verio)
0, 198.87.241.24, allpreapproved.com (dead)
2, 198.87.241.0 - 198.87.241.255, mach10hosting.com
2, 198.87.238.0 - 198.87.242.255, Verio (mach10hosting.com)

Oh, seems like mach10hosting.com is still at Verio:
  Dig mach10hosting.com@ns2.mach10hosting.com (204.1.28.59) ...
  Authoritative Answer
    mach10hosting.com A (Address) 204.1.29.81
    ns1.mach10hosting.com A (Address) 204.1.28.11
    ns2.mach10hosting.com A (Address) 204.1.28.59
    mail.mach10hosting.com A (Address) 204.1.28.201
(some snipped)


*You* are not listed, Verio is. At the moment, it seems the IPs Verio
let you use are listed just at "level2". Not many ar expected to block
on level2-listings. If Verio keep this spammer as customer, the
listing may well be changed to a level 1. You may want to talk to
Verio before that happens, explaining you won't accept paying for
spam-infested/listed IPs. You may want to ask Verio to provide you
with new IPs each time the old IPs is listed. Or you may want to
use/rent a mail relay outside Verio-space.

I guess Verio won't be delisted until this spammer is booted from
Verio (and not just moved around). I could be wrong.

Claes T



=== Verio's so-called "SPEWS updates", pretending to remove spammers ===
Newsgroups: news.admin.net-abuse.blocklisting
From: Darren Grabowski <firstinitial.lastname@verio.net>
Subject: SPEWS - Another round of Verio updates
Approved: NANAB Moderators <moderators@blocklisting.com>
Content-Type: text/plain; charset=us-ascii
X-Complaints-To: abuse@verio.net
User-Agent: KNode/0.7.2
Sender: nanab@zorch.sf-bay.org (Charlie Root)
Nntp-Posting-Date: Wed, 10 Dec 2003 18:01:27 GMT
NNTP-Posting-Host: 129.250.49.192
Content-Transfer-Encoding: 7Bit
Organization: NTT/Verio
Message-ID: <XbJBb.2876$5M.75698@dfw-read.news.verio.net>
X-Spamscanner: mailbox3.ucsd.edu  (v1.4 Oct 30 2003 22:20:52, 0.4/5.0 2.60)
X-Spam-Level: Level 
X-Trace: dfw-read.news.verio.net 1071079287 129.250.49.192 (Wed, 10 Dec 2003 18:01:27 GMT)
Mime-Version: 1.0
X-Mailscanner: PASSED (v1.2.8 65651 hBAI1TlS084072 mailbox3.ucsd.edu)
Date: Wed, 10 Dec 2003 16:02:51 GMT
X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting
Lines: 72


Spews,

Here is another round of updates from Verio.

S1014 - There have been no hits in .sightings since 2002 for both of these,
plus these websites are no longer on these IP's.  We have also not received
complaints on these since 2002.

1, 198.65.242.185, streetline.com
1, 198.65.242.0/24, streetline.com (Verio)
1, 161.58.21.89, edebtcntr.com
1, 161.58.21.0/24, edebtcntr.com (Verio)

S1053 - Server Arts has been doing a good job on keeping spammers off their
network.  I think it's safe to remove these.

1, 130.94.243.0 - 130.94.243.255, Server Arts
1, 130.94.247.0 - 130.94.247.255, Server Arts (given to another spam house)

S1156 - I didn't see any hits in .sightings for jmsfood.com or
1-food-storage.com.  In July they reported that they had a customer who did
the spamming and they were terminated.

1, 128.121.221.201, jmsfood.com / 1-food-storage.com
1, 128.121.231.104, jmsfood.com / 1-food-storage.com

S1168 - Part of this is dead.

1, 209.168.60.128/25, eroticamail / Aeroweb (dead?)

S1312 - This is dead as well.

2, 198.63.28.0 - 198.63.28.255, nextgroup.net (RDAI.COM/verio.net)

S1485 - I think Jack gave up on his journal.  Well, on the .net, .com still
works, but it is not on Verio.

1, 128.242.235.230, jacksjournal.net / mjwebdesigns.com
1, 128.242.235.228 - 128.242.235.231, jacksjournal.net / mjwebdesigns.com
2, 128.242.235.0 - 128.242.235.255, jacksjournal.net / mjwebdesigns.com
(Verio)

S1677 - Just a note, images2.laih.com is no longer on 128.242.107.114.

2, 128.242.107.114, images2.laih.com (Mirror Image)

2650 - This is dead.

1, 207.156.222.222, atldev.com (dead)

S716 - Hotticker is no longer resolving.

2, 216.42.80.26, hotticker.com / io.netsville.com
2, 216.42.80.33, hotticker.com / colossus.netsville.com
2, 216.42.80.38, hotticker.com / jupiter.netsville.com

S755 - This is dead.

2, 192.220.171.247, shopityourway.com (dead)

S859 - This is dead.

1, 216.42.83.9, bargainmall2001.com (domain dead)
2, 216.42.83.0/25, bargainmall2001.com (Verio)

S938 - These are dead as well.

2, 209.168.123.23, casinos-today.com (dead)
-- 
Darren Grabowski
Verio Security & Abuse Team



=== And what it really means: moving the spammers around ===
Newsgroups: news.admin.net-abuse.blocklisting
Path: uni-berlin.de!fu-berlin.de!headwall.stanford.edu!newsfeed.stanford.edu
 !zorac!blocklisting.com!robomod!not-for-mail
From: Safari <y7pt9001@sneakemail.com.gov.invalid>
Subject: Re: SPEWS - Another round of Verio updates
Approved: NANAB Moderators <moderators@blocklisting.com>
X-Complaints-To: abuse@mail.suomi.net
User-Agent: slrn/0.9.8.0 (Linux)
Reply-To: safari@linuxmail.orgies
Cancel-Lock: sha1:B23sWpOd78GfW4vojLrLhlOPI4E=
Sender: nanab@zorch.sf-bay.org (Charlie Root)
NNTP-Posting-Host: adsl-82-141-70-99.kotinet.com
Nntp-Posting-Date: Wed, 10 Dec 2003 22:42:45 +0000 (UTC)
Content-Transfer-Encoding: 7BIT
Organization: Oulun Puhelin Oyj - Baana
Message-ID: <slrnbtf8b5.lis.y7pt9001@safari.homelinux.net>
References: <XbJBb.2876$5M.75698@dfw-read.news.verio.net>
X-Trace: plaza.suomi.net 1071096165 26800 82.141.70.99 (10 Dec 2003 22:42:45
  GMT)
Date: Thu, 11 Dec 2003 01:36:23 GMT
X-Robomod: STUMP, ichudov@algebra.com (Igor Chudov), C++/Perl/Unix Consulting
Lines: 154
Xref: uni-berlin.de news.admin.net-abuse.blocklisting:3112

On Wed, 10 Dec 2003 16:02:51 GMT, Darren Grabowski
  <firstinitial.lastname@verio.net> wrote:
> Spews,
>
> Here is another round of updates from Verio.
>
> S1014 - There have been no hits in .sightings since 2002 for both of these,
> plus these websites are no longer on these IP's.

translation: you moved them to non-SPEWSed netblocks after spamrun finished
and they got their own SPEWS record.

> We have also not received complaints on these since 2002.

translation: you are not terminating them because they pay the bill.

> 1, 198.65.242.185, streetline.com

$ host streetline.com
streetline.com has address 64.7.93.27

webperception, verio, AS2914

$ lynx -dump http://streetline.com | head -n 5

   Life insurance leads, debt leads, financial planning leads. __________
   __________ Life insurance leads, debt leads, financial planning leads.

                                                 [1][Life_lead_free.gif]


> 1, 198.65.242.0/24, streetline.com (Verio)
> 1, 161.58.21.89, edebtcntr.com

$ host edebtcntr.com
edebtcntr.com has address 199.239.231.240

[rwhois.verio.net]
Verio Web Hosting - STNGVA01 (NETBLK-VRIO-199-239-231) VRIO-199-239-231
                                               199.239.231.0 - 199.239.231.255
Verio Web Hosting - Sterling (NETBLK-W062-199-239-224) W062-199-239-224
                                               199.239.224.0 - 199.239.255.255
Verio Inc. (NETBLK-VRIO-199-236) VRIO-199-236    199.236.0.0 - 199.239.255.255


$ w3m -dump http://edebtcntr.com/ | head -n 3

[logo]                            # Debt Consolidation | Identifying a debt
                                                Problem | FAQ

> 1, 161.58.21.0/24, edebtcntr.com (Verio)
...
> S1677 - Just a note, images2.laih.com is no longer on 128.242.107.114.
>
> 2, 128.242.107.114, images2.laih.com (Mirror Image)

$ host images2.laih.com
images2.laih.com is an alias for p.mii.instacontent.net.
p.mii.instacontent.net has address 168.143.179.114

(and when querying from another place)
$ host images2.laih.com
images2.laih.com is a nickname for p.mii.instacontent.net
p.mii.instacontent.net has address 81.22.34.114
p.mii.instacontent.net has address 81.22.34.114

[rwhois.verio.net]
Mirror Image (NETBLK-C052-168-143-179-0) C052-168-143-179-0
                                               168.143.179.0 - 168.143.179.255
Verio Data Centers - Sterling/Dulles (NETBLK-C052-168-143-176) C052-168-143-176
                                               168.143.176.0 - 168.143.183.255
Verio Inc. (NETBLK-VRIO-168-143) VRIO-168-143    168.143.0.0 - 168.143.255.255


Searched Groups for group:news.admin.* images2.laih.com.
Results 1 - 10 of about 163. Search took 2.61 seconds

latest hit on Dec 4, 2003.

$ wget http://images2.laih.com/creatives/stunt/SRC_550x550_top_100703.gif
--23:51:46--  http://images2.laih.com/creatives/stunt/SRC_550x550_top_100703.gif
           => `SRC_550x550_top_100703.gif'
Connecting to 127.0.0.1:3128... connected.
Proxy request sent, awaiting response... 200 OK
Length: 1,616 [image/gif]

100%[=================================================>] 1,616         --.--K/s

23:51:46 (15.41 MB/s) - `SRC_550x550_top_100703.gif' saved [1616/1616]

...
> S938 - These are dead as well.
>
> 2, 209.168.123.23, casinos-today.com (dead)

$ host windowscasino.com
windowscasino.com has address 209.39.167.11

same IP as on 9 Dec 2002.
http://groups.google.com/groups?selm=at35hl0fm7%40drn.newsguy.com&oe=UTF-8&outpu
 t=gplain

[rwhois.verio.net]
1-800-HOSTING Services Inc. (NETBLK-NET-800HOSTING-2) NET-800HOSTING-2
                                                 209.39.166.0 - 209.39.167.255
Verio Data Centers - Dallas (NETBLK-C109-209-039-164) C109-209-039-164
                                                 209.39.164.0 - 209.39.167.255
Verio, Inc. - Dallas/Fort Worth (NETBLK-ONRAMP-BLK2) ONRAMP-BLK2
                                                   209.39.0.0 - 209.39.255.255

$ w3m -dump http://windowscasino.com/
--FRAME--
    main
    fg
    Windows Casino - Online Casino Windows Casino, Online Casino Of The Year
    featuring over 193 casino games
    plus multiplayer poker and bingo



    HTML frames support is required to view this site.



and as usual, non-SPEWSed spammers who pay the bill don't get terminated.
http://groups.google.com/groups?selm=20030930001433.32027.qmail%40linuxmail.org&
 oe=UTF-8&output=gplain

$ host www.genericviagra4u.com
www.genericviagra4u.com has address 198.170.243.145

$ host www.pharmagenltd.com
www.pharmagenltd.com is an alias for pharmagenltd.com.
pharmagenltd.com has address 204.200.196.119

$ w3m -dump http://www.pharmagenltd.com/|head -n 5
          Home | About Us | Contact Us | For Women |
                        Chemical Assay
          Testimonials | Sildenafil Citrate | FAQs |    #  My Cart
                        World Shipping
                         | Order Now |

$ w3m -dump http://www.genericviagra4u.com/ | head -n 5
           Home | About Us | Contact Us | For Women | Chemical Assay
           Testimonials | Sildenafil Citrate | FAQs | World Shipping
                                 | Order Now |
PHARMAGEN INTERNATIONAL Ltd.
[vigre]WE Discount" the Price"



--
Safari - y7pt9001@sneakemail.com.gov.invalid - Reply-To to reply (remove 'ies')
"Really, I'm not out to destroy Microsoft.
 That will just be a completely unintentional side effect." - Linus Torvalds



=== Verio spams for their services, themselves ===
Path: uni-berlin.de!fu-berlin.de!newsfeed.news2me.com!sjc1.usenetserver.com
 !news.usenetserver.com!border1.nntp.sjc.giganews.com!nntp.giganews.com
 !local1.nntp.sjc.giganews.com!nntp.netlojix.com!news.netlojix.com.POSTED
 !not-for-mail
NNTP-Posting-Date: Fri, 30 Apr 2004 12:06:01 -0500
From: Jay Hennigan <jay@west.net>
Organization: Disgruntled Postal Workers Against Gun Control
Subject: Verio's Edward Brooks spams, lies about it...
Date: Fri, 30 Apr 2004 10:05:37 -0700
User-Agent: Pan/0.14.2 (This is not a psychotic episode. It's a cleansing moment
  of clarity.)
Message-ID: <pan.2004.04.30.17.05.37.210559@west.net>
Newsgroups: news.admin.net-abuse.email
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
X-Original-NNTP-Posting-Host: 207.71.234.101
X-Original-Trace: 30 Apr 2004 10:05:38 -0800, 207.71.234.101
Lines: 92
NNTP-Posting-Host: 205.254.224.3
X-Trace:
  sv3-xvJmMgtp5RSReU+rmiRN3TMz1TfdUNaniYzCPi6tUJqItsVln8zpdn8M0T7xZhHt7AcQ6NpgtMi
 UXQ0!4GxZYTMWK+DSkRnu2K1ANzAGelsvKSgRMh7mITlf1bqJZtI/0qb9rqcP1LsKt65zYHkgDhb9TJx
 s!AQCMuSY=
X-Complaints-To: abuse@netlojix.com
X-DMCA-Complaints-To: abuse@netlojix.com
X-Abuse-and-DMCA-Info: Please be sure to forward a copy of ALL headers
X-Abuse-and-DMCA-Info: Otherwise we will be unable to process your complaint
  properly
X-Postfilter: 1.1
Xref: uni-berlin.de news.admin.net-abuse.email:2193497

Spam received from Verio touting Verio.  When confronted, spammer
claims it was a "personal email, just like a phone call, not spam."

Yet, other network operators got the same spam with just the name
and domain changed.  Rule Number One validated.

Delivered-To: jay@west.net
Received: from psmtp.com (exprod5mx71.postini.com [12.158.34.223])
        by acme.west.net (Postfix) with SMTP id B3B201A103
        for <jay@west.net>; Thu, 29 Apr 2004 10:14:21 -0700 (PDT)
Received: from source ([129.250.36.44]) by exprod5mx71.postini.com
    ([12.158.34.245]) with SMTP;
        Thu, 29 Apr 2004 10:14:22 PDT
Received: from [129.250.36.62] (helo=dfw-mmp2.email.verio.net)
        by dfw-smtpout4.email.verio.net with esmtp
        id 1BJF78-00010y-BU
        for jay@west.net; Thu, 29 Apr 2004 17:14:22 +0000
Received: from [209.207.210.36] (helo=USSPFDVA01TJP21)
        by dfw-mmp2.email.verio.net with esmtp
        id 1BJF70-0006OP-7Z
        for jay@west.net; Thu, 29 Apr 2004 17:14:14 +0000
From: "Edward Brooks" <ebrooks@verio.net>
To: <jay@west.net>
Subject: transit
Date: Thu, 29 Apr 2004 13:14:21 -0400
Message-ID: <01d401c42e0d$6a357f80$3d02140a@corp.verio.net>
MIME-Version: 1.0
Content-Type: text/plain;
        charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
X-Priority: 3 (Normal)
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook, Build 10.0.6626
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
Importance: Normal
X-pstn-levels:     (S:84.12134/99.90000 P:95.9108 M:96.4339 C:93.8525 )
X-pstn-settings: 4 (1.5000:1.5000) p m c
X-pstn-addresses: from <ebrooks@verio.net> [3894/169]

Jay,

I wanted to take this opportunity to introduce myself and Verio to WestNet.


Verio operates a global Tier 1 IP network (AS2914) that provides Internet
communications and VPN services for many enterprises throughout the US,
Europe and Asia.
more competitive rates because of our parent company, NTT Communications.

I would like to discuss your network topology and how Verio might be able to
increase performance.

I look forward to speaking with you soon.

Regards, Ed

...............................
Edward Brooks
NTT/VERIO
Account Executive,
Enterprise Broadband Services

Toll Free - 866.292.2695 x6667
Direct - 703.333.6667
Mobile - 703.967.5581
Fax - 703.333.6746
Email - ebrooks@verio.net
AIM - brookse23


In a followup, he lies...


Date: Fri, 30 Apr 2004 09:25:07 -0400
From: Edward Brooks <ebrooks@verio.net>
To: 'Jay Hennigan' <jay@west.net>
Subject: RE: SPAM COMPLAINT (Verio) transit (fwd)

Jay,

My email was a personalized meant just for you....just like a call on the
phone or postal mail...not spam.

It's apparent that you are not interested and I will not send you any more
emails.

Ed

Ed Brooks
703.333.6667



=== 1st reply ===
Path: uni-berlin.de!fu-berlin.de!news.maxwell.syr.edu!sn-xit-03!sn-xit-06
 !sn-post-01!supernews.com!news.supernews.com!not-for-mail
From: "yukio" <yukio@aol.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Verio's Edward Brooks spams, lies about it...
Date: Fri, 30 Apr 2004 14:17:15 -0700
Organization: Posted via Supernews, http://www.supernews.com
Message-ID: <1095ggu3g8j958@news.supernews.com>
References: <pan.2004.04.30.17.05.37.210559@west.net>
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1409
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1409
X-Complaints-To: abuse@supernews.com
Lines: 12
Xref: uni-berlin.de news.admin.net-abuse.email:2193611


"Jay Hennigan" <jay@west.net> wrote in message
news:pan.2004.04.30.17.05.37.210559@west.net...
> Spam received from Verio touting Verio.  When confronted, spammer
> claims it was a "personal email, just like a phone call, not spam."
>
> Yet, other network operators got the same spam with just the name
> and domain changed.  Rule Number One validated.

His IP's already made it to Spamcop.



=== 2nd reply ===
Path: uni-berlin.de!samidi.ucar.EDU!not-for-mail
From: Richard Johnson <rnews@whirlpool.river.com>
Newsgroups: news.admin.net-abuse.email
Subject: Re: Verio's Edward Brooks spams, lies about it...
Date: Sat, 01 May 2004 00:36:37 -0600
Organization: Whirlpools Suck the Breath Out of You
Lines: 95
Message-ID: <c6vght$gg0db$1@ID-205492.news.uni-berlin.de>
References: <pan.2004.04.30.17.05.37.210559@west.net>
Reply-To: rnews@river.com
NNTP-Posting-Host: samidi.ucar.edu (192.43.244.133)
X-Trace: news.uni-berlin.de 1083393406 17301931 I 192.43.244.133 ([205492])
X-Orig-Path: rnews
User-Agent: MT-NewsWatcher/3.2 (PPC Mac OS X)
X-Nospam: To reply via email, make sure you don't enter the whirlpool on river
  left.
Xref: uni-berlin.de news.admin.net-abuse.email:2193752

In article <pan.2004.04.30.17.05.37.210559@west.net>,
 Jay Hennigan <jay@west.net> wrote:

> Spam received from Verio touting Verio.  When confronted, spammer
> claims it was a "personal email, just like a phone call, not spam."
>
> Yet, other network operators got the same spam with just the name
> and domain changed.  Rule Number One validated.
>
> Delivered-To: jay@west.net
> Received: from psmtp.com (exprod5mx71.postini.com [12.158.34.223])
>         by acme.west.net (Postfix) with SMTP id B3B201A103
>         for <jay@west.net>; Thu, 29 Apr 2004 10:14:21 -0700 (PDT)
> Received: from source ([129.250.36.44]) by exprod5mx71.postini.com
>     ([12.158.34.245]) with SMTP;
>         Thu, 29 Apr 2004 10:14:22 PDT
> Received: from [129.250.36.62] (helo=dfw-mmp2.email.verio.net)
>         by dfw-smtpout4.email.verio.net with esmtp
>         id 1BJF78-00010y-BU
>         for jay@west.net; Thu, 29 Apr 2004 17:14:22 +0000
> ...
> From: "Edward Brooks" <ebrooks@verio.net>
> To: <jay@west.net>
> Subject: transit
> Date: Thu, 29 Apr 2004 13:14:21 -0400
> ...
> ...............................
> Edward Brooks
> NTT/VERIO
> Account Executive,
> Enterprise Broadband Services
>
> Toll Free - 866.292.2695 x6667
> Direct - 703.333.6667
> Mobile - 703.967.5581
> Fax - 703.333.6746
> Email - ebrooks@verio.net
> AIM - brookse23



The blatant spamming followed by false claims of 'personal email' by
that spamming Verio employee make their corporate network [1] a prime
candidate for firewalling, permanently.

Unless, of course, Verio management care to fire that spammer's ass, or
otherwise suitably discipline him.  Will they?

Didn't think so.

So much for removing verio.blackholes.us from our default blocklists.
Verio is clearly still in the spamming business for themselves.  As
expected, their "cleanup" was just a sham.

Hey Verio!  That slam you just heard was the mainsleaze corporate
direct-spam vault door on our firewall.  Sucks to be you, doesn't it?


Richard

-------
PS - I'll be lobbying against your participation in NLR, simply
pointing out to participants that you're still inveterate spammers.
Enjoy!

-------
[1]

%rwhois V-1.5:0078b6:00 rwhois.verio.net (Vipar 0.1a. Comments to
  vipar@verio.net)
network:Class-Name:network
network:Auth-Area:129.250.36.0/23
network:ID:NETBLK-VRIO-OLAY-1.127.0.0.1/32
network:Handle:NETBLK-VRIO-OLAY-1
network:Network-Name:VRIO-OLAY-1
network:IP-Network:129.250.36.0/23
network:In-Addr-Server;I:C60-VRIO-HST.127.0.0.1/32
network:In-Addr-Server;I:U60-VRIO-HST.127.0.0.1/32
network:IP-Network-Block:129.250.36.0 - 129.250.37.255
network:Org-Name:Verio Technical Operations
network:Street-Address:1950 Stemmons Freeway, Suite 202
network:City:Dallas
network:State:TX
network:Postal-Code:75207
network:Country-Code:US
network:Tech-Contact;I:VERIO-ISS-VIPAR.127.0.0.1/32
network:Created:1999-09-14 19:39:11+00
network:Updated:2003-10-23 20:46:08+00

%ok

--
To reply via email, make sure you don't enter the whirlpool on river left.

My mailbox. My property. My personal space. My rules. Deal with it.
                        http://www.river.com/users/share/cluetrain/