You do know that BellSouth offers service in more states than just
Florida, don't you Mr. Anonymous, "I know so much about the Internet,
spammers and fighting spam, but I don't know what SPEWS S2134 means."

Have you no shame, Bob, following up your own post in NANAE.  Are you
*sure* that you aren't a spammer involved in a pissing contest with
some Florida spammers/competitors.  If you were a true spam fighter
you wouldn't offer to stop hitting spammy's spamvertised websites once
he stopped spamming your domain.

What is your domain anyway?  It shouldn't be a problem mentioning it
if spammy already knows what it is.  You keep referring to "we" and if
you have partners in this one lone website.  Do you perhaps have a
frog in your pocket?

You are posting from,

NNTP-Posting-Host: 63.207.207.234

Pac Bell Internet Services PBI-NET-7 (NET-63-192-0-0-1)
                                  63.192.0.0 - 63.207.255.255

STAN FISHER SBCIS-100531-182148 (NET-63-207-207-232-1)
                                  63.207.207.232 - 63.207.207.239

So, Stan, why do you also go by the name of Bob and what do you need 8
IP's for if you only have one website?

CustName:   STAN FISHER
Address:    303 Second Street
City:       San Francisco
StateProv:  CA
PostalCode: 94107
Country:    US
RegDate:    2000-06-01
Updated:    2000-06-01

NetRange:   63.207.207.232 - 63.207.207.239
CIDR:       63.207.207.232/29
NetName:    SBCIS-100531-182148
NetHandle:  NET-63-207-207-232-1
Parent:     NET-63-192-0-0-1
NetType:    Reassigned
Comment:    
RegDate:    2000-06-01
Updated:    2000-06-01

Hmm, you've had this /29 for four years and you've just started
posting in NANAE sounding like either a tenured regular or a tenured
spammer.  Bob, did you hijack this IP block from Stan?

Your posting IP resolves to   151.164.243.21

        60 ms   70 ms   84 ms   64.200.89.70    
washdc5lcx1-pos11-0.wcg.net.    245     UNITED STATES
11      61 ms   70 ms   79 ms   64.200.95.114  
washdc5lcx1-sbc-pos.wcg.net.    244     UNITED STATES   Unix: 23:39:44. 26
12      60 ms   69 ms   79 ms   151.164.191.137
bb2-p2-0.hrndva.sbcglobal.net.  243     UNITED STATES   Unix: 23:39:44.214
13      68 ms   75 ms   85 ms   151.164.243.21  
bb1-p6-0.hrndva.sbcglobal.net.  242     UNITED STATES   Unix: 23:39:45.267

::::    or are you this spammer?    ::::

 Google Search: 151.164.243.21

http://groups.google.com/groups?q=151.164.243.21&hl=en&lr=&ie=UTF-8&s...

::::    which leads to    ::::

Registrant:
 none>>>>>>>>>>>>>>>>>>>>>>>>>>ATTN: DIRECTNIC.COM
 1516 Horrell Ave
 Mckinleyville, CA 95519
 US

 Domain Name: THEANSWERTO.COM

Monteforte, Patrick & Tracy  gtp...@northcoast.com
    1516 Horrell Ave
    Mckinleyville, CA 95519
    US
    707-840-9517

 Registration Service Provider:
    Intercosmos Media Group Inc. dba directNIC.com,
supp...@directnic.com
    504 679 5173
    http://www.directnic.com

 Record last updated on 20-Mar-2002.
 Record expires on 02-Sep-2002.
 Record Created on 02-Sep-2000.

::::    NEW REGISTRATION    ::::

Registration Service Provided By: WTPowers
Contact: doma...@wtpowers.com

Domain name- theanswerto.com

Nameservers-
    NS3.PLUGIT.COM
    NS4.PLUGIT.COM

Start of registration- Sat Sep 02 2000 00:41:28
Registered through- Thu Sep 02 2004 00:41:28

Registrant Contact-
   WTPowers
   Patrick Monteforte   (p...@wtpowers.com)
   +1.7078409517
   FAX- +1.7078399559
   2617 Northbaink RD
   PO Box 2490
   Mckinleyville, CA 95519
   US

Administrative Contact-
   WTPowers
   Patrick Monteforte   (p...@wtpowers.com)
   +1.7078409517
   FAX- +1.7078399559
   2617 Northbaink RD
   PO Box 2490
   Mckinleyville, CA 95519
   US

Billing Contact-
   WTPowers
   Patrick Monteforte   (p...@wtpowers.com)
   +1.7078409517
   FAX- +1.7078399559
   2617 Northbaink RD
   PO Box 2490
   Mckinleyville, CA 95519
   US

Technical Contact-
   WTPowers
   Patrick Monteforte   (p...@wtpowers.com)
   +1.7078409517
   FAX- +1.7078399559
   2617 Northbaink RD
   PO Box 2490
   Mckinleyville, CA 95519
   US

Say, Bob, aren't you that "phool" who claims to be new here?

Google Groups: View Thread "[proxy hijacking] theplanet.com /
valueweb.net / atr..."

<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=2f0f6d90.0...>

Say what?  You're new here?  Oh, really!

If you are new here then why do you know so much about whois, LARTing,
dig, reporting chains, etc.?

Let's have a look and see if it's you and examine some of the cr@p you
have been spewing in NANAE the last few days.  Seems you have been
having a bit of a go with the good folks in NANAE.

Google Search: author:Anonym...@domain.invalid

<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=author:Anonymous...>

It would appear that you know a great deal about spammers and fighting
spam for someone who claims to be new here, "don'tja," Bob?

:: Re: How Millionaire gets 20,000 visitors a day

:: Re: repost Morely if UUNET is Bad then WHY are you WORSE???

Why would someone as "clued" as you use such an address then, hmm,
Bob?

Say, Bob, didn't you say that 100% of your spam in the last month was
from that Russian spam gang?  Make up your mind, Bob!

:: Re: webrider.ru - Russian Spam Gang

Interesting, Bob, you know all of this but you don't know that S2134
refers to a SPEWS record number.  Total cr@p, Bob, just more and more
pure 100% prime government inspected bullsh!t from you.

:: Re: Reveal who is behind SPEWS

That's about the same kind of believable cr@p you have been spewing
here in NANAE the last few days.  Why, Bob, why are you acting like
such a "phool" claiming to be so concerned about a Russian spam gang
and that *you* are responsible for "inspiring" InterCosmos.com to
cancel spammy's domains.  You do realise that most people don't know
that InterCosmos.com is DirectNIC.com and that ab...@DirectNIC.com
uses a DirectNIC email address, not an InterCosmos.com address, don't
you, Bob?  How about you post some of the email, along with headers
adnd responses, you have been sending (sic) to DirectNic.com
concerning this Russian spam gang.

:: Re: SUCCESS!

You're full of cr@p, Bob.  Prove it!  Post your email exchange with
DirectNic.com complete with headers.  Otherwise, it's all just spammer
speak coming from an idiot/k00k like yourself.

:: Re: Spam Surge?

Make up your mind, Bob, is it 100% or 93% ?

And, Bob, we?  Do you have a frog in your pocket or are you talking
about your sock puppet, bfs, who used to be tube...@hotmail.com?  Oh,
wait, that's not a sock puppet, it's *you* "idnit," Bob and Mr.
Anonumous is the real sock puppet.

:: Re: [mainsleaze] Now Target is spamming

You are talking out of your arse again, Bob.  You keep fabricating
"facts" on the fly, sounding much like those pr0n spammers that try to
con AOL newbies into downloading trojan spamming viri disguised as
FREE webcam viewers.

Bob, *you* are the conspiracy k00k!

:: Re: Godaddy http://www.kevinsmit#.us domains

You know, Bob, it all makes sense now.  You are spouting, "down with
the Russian spam gang!" and "look at me, I'm a super fscking spam
fighter who got the Russian spam gang's domains shut down at
Intercosmos.com!"  And at the very same time you question the link
between SPEWS S2134 and thePlanet.com;  why is that, Bob?  Is it
because Phil Doroff / SPEWS S2134 and the Russian spam gang are
competitors?

You follow spam fighting and the Russian spam gangs, don't you, Bob?
Remember almost one year ago when spammy was DDoSing Spamhaus,
Osirusoft, Monkeys.com and a few other anti-spam sites, that
Spamhaus.org said that it was two different spam gangs doing the DDoS
attacks, one Russian and one American?

Hmm, let's see, Phil Doroff of SPEWS S2134 is suspect in some of those
DDoS attacks as was a Russian spam gang.  Now here you are in NANAE
thumping yo' little chest and alerting the entire world how successful
a spam fighter you are,  bragging about how badly you are hurting
spammers, especially the Russian spam gang recently posted about here
in NANAE, and at the very same time questioning the only poster who is
linking SPEWS S2134 and thePlanet.com together.

Oh, yea, let's not forget that also at the very same time you are
saying that you are *new* here in NANAE and don't understand how to
interpret SPEWS S2134.  One thing is for sure, Bob, you have the very
same stench of humour that the "isoles" of the old isolate.net spam
gang have and the same entertainment value that John Morrison Johnson
and Joshua Dean Stewart of SPEWS S1620 / S1758 have.

Say, Bob, where are those two "isoles" anyway.  They were very vocal
at one time in NANAE too, just like you, always making posts talking
about themselves, how "intelligent" they were, how they were anti-spam
and always trying to impress the good folks of NANAE and baffle them
with bullsh!t.  You are just as "whacked" as they are, maybe even more
so.

:: Re: [proxy hijacking] theplanet.com / valueweb.net / atrivo.com

news:Xns953CDB7517AA91116243242@24.25.9.43...

Now see, Bob; see how stupid you look/sound when the good folks of
NANAE can plainlysee all of the cr@p you have spewed in NANAE in one
post.

Here you are responding to your own sock puppet who made three posts
in the very same thread with either a one-time posting addresses or as
a X-No-archieve poster.

Correction, bfs isn't your sock puppet, it's *you* Bob and *this* is
simply an alias you created within the last few days to have a go with
some of the regulars.  It's your form of amusement.  You are a
spammer, Bob, plain and simple and you used to post as
tube...@hotmail.com and an expose' on you is forthcoming.  Soon, Bob,
very soon.   :-)

So you know everything there is to know about spam fighting, you are a
one k00k dog and pony show that single-handedly is putting a Russian
spam gang in their place, you are trying to persuade people to use
Spam vampire, and yet you don't know if S2134 "is a tracking number
for a particular SPEWS-blocked spammer?"

You've been busted, Bob!   :(

Here you are following up to your very own post which was made by you,
bfs, with X-No-Archieve causing it not to be available via google.

<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&threadm=bxkQc.628%...>

And here's your sock puppet's third post in that very same thread
where you morphed from "b...@nowhe.re" to "r...@nowhe.re"...

::::    <quote>    ::::

rss <r...@nowhe.re> Bob, who read the previous article but wouldn't
answer the questions posed to him, morphed once again, changed his

Bob, you forgot to answer the above question.  :(

Why?

You go first.

You seem afraid to answer these questions as well, Bob.  Why is that?

Let's hear it, Bob.  What is your concern with SPEWS S2134?
Are you a sock puppet for Doroff?

No problem, Bob.  You need to answer a few questions
before anyone will take you seriously, that's all.

What's your problem with spamblocked.com?  You afraid of Morely or
just a spanked spammer who is intimidated by someone like him who
doesn't take any sh!t from k00ks like you?

Do you have some sort of problem with this posting address as well?

Say, Bob, why do you keep morphing posting email addresses, and why
did you drop your initials this time?  You must be some kind of head
case, or be involved with "head" in some other way.

Bob, is that your name or what you do?

You're a bad dog!

Cheers,

SuN

--
A cani tintu catina curta.

Do you speak Sicilian, Bob?
If not, it says, "To bad dogs, a short chain is placed."
It means you are unreliable and can't be believed.

::::    </quote>    ::::

OK, Bob, you changed your initials from post to post from 'bfs' to
'rss'  but kept the domain "nowhe.re"

The 'b' to 'r' is easy, you changed the 'b' for Bob to 'r' for Robert.
 Whys the change from "f" to "s" with your middle intial?  Did you
decide to change your middle name from "fscktard" to "sh!thead?"

:: Re: New Bout of x-no-archive stalker (wilhelp) SPAM <-- Tietjens
...

Interesting, Bob, what one k00k says about a troll, especially what
one k00k who used x-no-archieve commenting on someone else who uses
x-no-archieve.  This is particularly in light of the fact of what you
have said about spamblocked.com under your Nom-de-NANAE, bfs.  Hmm,
another comment concerning spamblocked.com, eh Bob.  Who and what you
post about says a great deal about your motives for being here in
NANAE.

Spoken like  *true* chickenboner, Bob.  There's that "we" again.  Just
how many frogs do you have in your "widdle itty bitty" pants pockets.
You talk cr@p, Bob.  You *are* cr@p, Bob!  You pr0n spammers all have
that "thingie" about being such great orators and just love to see
your words in print "above the line" as Stewart like to say.  And you
"get off" by pretending to be some "hot babe" in a chat room on AOL
whilst talking to a *male* about sex.  Talk about the "bottom" of the
barrel.  Bubba's gonna like yo' spammy arse when his "thingie" gets to
your bottom.  You're a botton, right Bob, you should "feel" right at
home as Bubba's b!tch.

Sounds reasonable, Bob, if one can be honest with oneself and others.
What is *your* ultimate goal and why are *you* here now in NANAE?  Is
it to persuade others to help eliminate your competition, a particular
Russian spam gang?

Take your own advice, Bob.  After all, it's worth what you paid for
it.  Maybe that's why it didn't help you.

:: Re: 66.209.64.0/19 removal

You "Shirley" know a great deal about what spammers are doing these
days, "don'tcha," Bob.  All of that knowledge about the web and the
Internet and you still couldn't figure out how SPEWS creates their
record designations.  You are pathetic, Bob and *very* Rules 1-3
challenged.

:: Re: SPEWS Periodic Weedout, Ezzi.net

::::    <quote>    ::::

news:630e418f.0408042026.35852aa7@posting.google.com...

Unless he IS the FBI... oooh, now we'll have the conspiracy nuts
coming out
of the woodwork!

Here, let's wind them up a bit, and see where they spin:

NANAE IS BEING WATCHED BY THE FBI !!!

That ought to do it... stand back, everyone, while the kooks and
trolls
gyrate.

::::    </quote>    ::::

There's that isolate.net stench of humour again, Bob.  You *are* one
of those k00ks and trolls that you speak of.  Are you still gyraing
for us (tinu), Bob?

:: Re: SPEWS - Please remove our IP from your List

::::    <quote>    ::::

news:41112700.8030207@mail.tds.net...

Hi, Brad.

How did you do it with uu.net? I'm always on the lookout for
effective
techniques, if I can tweak my LART reports so they get a better
response,
based upon what I learn from you (or anyone able to get uu.net,
savvis.net,
hanaro.net, telefonica.br, etc. to respond), that'd be great.

Thanks for any help you can provide...

::::    </quote>    ::::

Where are your LARTS posted, Bob?  You talk the talk, but you don't
seem able to walk the walk, or at least prove it to any believable
degree.  Admit it, Bob, you are just here to pump NANAE regulars for
information, intel for your cause which is spamming and spam support
and of course, trying to motivate folks to help "take out" your
competition.

Be honest, Bob, you've read Sun-Tzu, haven't you, and you are
practicing Book 13.

:: Re: AOL User spamming AOL Users via Windows Messaging Serivce

news:o141h0tlr3mri3g3b0q6mcgo9ehj9q06tq@4ax.com...

There's that "isole" stench of humour, again, Bob.  You're making fun
of Spitzer since he settled with Snotty, "orangeya?"  Hmm, maybe you
know Snotty personally, do you, Bob?

:: Re: Ricon Associates Mortgage spamming thru open proxy

"Bananas in the Falklands" <banana....@fk.nospam> wrote in message
news:ceokk2$a7b$1@sparta.btinternet.com...

So that's it.  You are doing all of this to gather intel for "them."
You're one of "them" and not one of us (tinu).  Shame on you, Bob.
You *are* here on a Book 13 (Sun-Tzu, The Art of War) mission.

:: Re: spam@uce

Well, aren't you the helpful little chickenboner, Bob.  The best place
to hide is in plain sight, "idnit."  Perhaps you aren't that stupid
after all.  Wait, you made that stupid chickenboner comment about
spamblocked.com so you really *are* that stupid.

Send the FTC a list of which ISP's are sending the spam?  Well, that
won't impact the spammers who use stolen resources such as trojanned
boxen, now will it?  You funny, Bob, very funny.

::  SpamVampire...

Isn't that you, aren't *you* Mr. Anonymous?  You're a spammer and
spammers steal whatever they want from the Internet, code, images,
resources, don't they, Bob?

Amazing, absolutely fscking amazing that someone could know so much
about coding and the Internet and not know how SPEWS designates its
records.  Wait, Bob, now you are talking about multiple domains and
websites.  Previously you spoke in the singular.  That's typical of a
spammer, vacillating between singular and plural.

The experience you talk about was most likely gained from the other
end.  You've learned what makes a spammer listwash and stop
domain/return address forging certain folk in spam runs from having
those things done to you.

What's in it for you?

:: Re: newbe question

::::    <quote>    ::::

"IntentionallyLeftBl...@no.no" <intentionallyleftbl...@no.no> wrote in
message news:Xns9539ED130267GoTo@212.83.64.166...

Yes, it's effective, but only if you find a way to strip the URL down
so
any identifying information that can be traced back to you is no
longer
there.

For instance, say a spam is advertising the following URL:
http://www.spamvertisedwebsite.com/01209ldio1kco/
or:
http://www.spamvertisedwebsite.com/?uid=01209lkio1kco

Then you'd have to strip out that last part or change it so it can't
be
traced back to your email address, causing you to get more spam, and
possibly get attacked by the spammer.

It is best if you visit the spamvertised website via anonymous proxies
(use
an anonymous proxy rotator program like MultiProxy), and in a browser
that's been locked down so any scripting capabilities are either
disabled
or are under your immediate control.

Of course, it's time consuming, and it becomes more effective if more
people do it, so invite your friends to join you in a Saturday night
form-flood party. Get chips, dip, music, and have a contest to see who
can
fill in the most forms in a certain amount of time. Winner takes the
prize
(perhaps a 'Spammers suck' T-shirt?).

The spammers will never know that it's all coming from the same
computer or
computers, since the anonymous proxy rotator program is changing the
IP
addresses they see on a random basis. Thus, since they don't know that
it's
all from the same computer, they'll have to take the time to track
down
each lead and verify it, costing them time and money.

In the whole scheme of things, it's a small annoyance to the spammers.
But,
if that's as far as you're willing to go to take down spammers, then
every
contribution to the cause is appreciated.

::::    </quote>    ::::

This is a particularly revealing post by you, Bob.  Once again, you
responded to a one-time poster.

 Google Search: author:intentionallyleftbl...@no.no

<http://groups.google.com/groups?hl=en&lr=&ie=UTF-8&q=author:intention...>

Results 1 - 1 of about 2 for author:intentionallyleftbl...@no.no  

That would be two posts in the same thread for this one-time poster
who was clever enough to use a posting email address like
"IntentionallyLeftBl...@no.no" in a thread about "filling out the
form/questionnaire with bogus info, including bogus name, e-mail,
crdit card info, etc" *and* this one-time poster made almost the
identical post twice in the same thread.

Let's have a look at them, shall we.

::::    <quote>    ::::

From: intentionallyleftblank (intentionallyleftbl...@no.no)
Subject: newbe question

View this article only  
Newsgroups: alt.spam
Date: 2004-08-02 13:11:46 PST

Hi All,

I'm pretty much of a newbe here, so I hope this question makes some
sense.

Someone I know, suggests to respond to each and every spam you receive
by going to their website and filling out their forms with *bogus*
answers
(including false name, crdit card details., etc.). If everybody would
do
so, then the spammer would spent whole day sifting through all of
these
bogus responses, just to find the real ones. Is that right? Or is she
wrong?

Any response much appreciated.

[and]

From: IntentionallyLeftBl...@no.no (intentionallyleftbl...@no.no)
Subject: newbe question

View this article only  
Newsgroups: alt.spam
Date: 2004-08-02 14:08:14 PST

Hi All,

I am a newby, so I hope this question makes sense.

Somebody suggested to me that the best way to fight spam is to
response to
each and every spam mail by going to their site and filling out the
form/questionnaire with bogus info, incluing bogus name, e-mail, crdit
card
info, etc.

On the other hand, a general principle is that you should not lie.
What do
you think?

Best regards,

<void>

::::    </quote>    ::::

Interesting, in one post the OP spelt newbie as "newbe" and in another
"newby" which is odd, Bob, just like you.

Also interesting is the great detail with which you gave to a "newbie"
who you must admit, would have no idea what you were talking about.
It would appear that your response was intended for others and that
the information you gave was bogus.

Lettuce (tinl) think about the validity of what you have posted.  You
know so much about spamming, spammers and the Internet and yet you
misled everyone about filling out forms.  First of all, the only forms
that require the information you mentioned would be mortgage forms
which one arives at if one clicks on a spamvertised link in mortgage
spam.

Hmm, Phil Doroff / SPEWS S2134 / bitpushers / five-elements /
reflected.net is a mortgage spammer who used to spam via *stolen* AOL
accounts, but has recently switched to other means of delivery and has
also moved back to LMIHosing.com resources.

 Google Search: SPEWS S2134 mortgage

Results 1 - 10 of about 67 for SPEWS S2134 mortgage

<http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&scoring=d&q=S...>

As you can see, Phil changes spamvertised domains on a regular basis,
which is the MO for both LMIHosting and five-elements / reflected.net
/ SPEWS S2134.

 Google Search: SPEWS S2134 mortgage LMIHosting

Results 1 - 8 of about 17 for SPEWS S2134 mortgage LMIHosting

<http://groups.google.com/groups?hl=en&lr=&ie=ISO-8859-1&scoring=d&q=S...>

LMIHosting is generally regarded as a morph of the isolate.net spam
gang.  From

 http://www.spews.org/html/S2170.html

Spammers & spammer hosts.

<http://groups.google.com/groups?selm=20031012221913.29999.00000249%40...>

::::    <quote>    ::::

Spamhaus tells us (TINU) that there are under 200 hard core spammers
in ROKSO
who are responsible for 90% of the spam received by Europe and North
America.
SPEWS has almost 3,000 records.  This implies that some ROKSO and
other
spammers must have more than one record in SPEWS under an alias.
Spammers
morph when one identity becomes known or have more than one criminal
enterprise
of their own, or in partnership with other chickenboners.  It's hard
to tell
some players even with a programme.  There's no greater reason to
morph than
being sued.  What happens to a spammer/spam gang when it gets sued?
What
happens to their resources?  Speaking of John Doe defendants...

What ever happened to those bad boy spammers known as isolate.net?
Dan Ivans
never appeared in NANAE to defend himself, nor has he posted anywhere
about
anything that anyone knows of.  Known porn spammer and highly
suspected AOL
account thief John Johnson of SPEWS S1620, known to some as John Doe,
claims to
know all about young Dan, even giving an interview about the MSN vs.
isolate.net lawsuit.  John says Dan did it for the money.  Dan says he
didn't
do it and he's not a spammer and there could be some truth to that.
He could
simply be a spam supporter profiting from someone else pulling his
strings
and/or pretending to be him while using his name(s) and Internet
resources.
What has happened to isolate's net space?

Maybe this, which just found its way into spam traps set up last year
to
monitor the spew and movements of isolate.net and verynicetits.com,
spamvertising

[snip]

These name servers implicate other spammers and/or SPEWS records, but
who is
John Doe.  That doesn't sound very Hispanic.  In fact, it sounds like
someone
who is trying to hide his identity or who has been sued, or *both*  
In a round
of recent MSN lawsuits, MSN sued isolate.net and defendants "John
Doe's 1 - 20"
 They were sued, but never identified.  Remember Tony Montana and the
Principality of Sealand (SPEWS S2134) who used a bastardization of
Steve
Lindford/Spamhaus' address on Taggs Island to register their spammy
domains at
DirectNic.com (InterCosmos.com).  How arrogant and Rule 3 challenged
was it for
Dan Ivans to register all of those spamming domains in his real name?
Smell
familiar?  It's the pungent isolate.net stench of humour.  Their MO is
to
taunt, to tease.  It's more than a "bidniz" for them, it's a sickness.
 They
seem to feel a need to harass and annoy anyone who attempts to stand
in their
way of forcing anyone and everyone worldwide to accept their spew,
their will
at the expense of all others.  They appear to have a control issue.
It shan't
be long before mental health professionals announce that spamming is a
mental
disease.

Here's another John Doe registration.

domain: IMPROVEITNOW.COM.BR
owner: John Doe Enterprises
ownerid: 077.337.733/0001-40
responsible: John Doe Enterprises
address: r das camelias, 123,
address: 12460-035 - sao jose - sp

[snip]

Are these spammers known as lmihosting.com really the isolate.net
defendants.
They are using their IP's and MO.  If it's not them, they know who is.
 The
evidence suggests a strong connection/working relationship.  It will
indeed be
very interesting to learn who John Doe and his 19 clones are when MSN
drags
them into court.

::::    </quote>    ::::

Now, Bob, consider that an AOL niche spammer, which Phil Doroff is as
well as Johnson and Stewart, wouldn't care about the IP from which
their spam was sent because it is either sent from a *stolen* AOL
account or a controlled trojanned box.

AOL niche spammers harvest fresh email addresses nightly/daily in AOL
chat rooms and AOL users rarely, if ever, report spam outside of AOL.
This means that everything you have said in the last few days is
irrelevant when it comes to AOL niche spammers and it lends credence
to theory that you you are simply trying to increase revenues whilst
at the same time causing harm to your competitors.

Now let's examine why you would be recommending that people fill out
bogus mortgage forms a bit more closely.  Spammers don't check the
mortgage forms except to see that they appear legimate/valid enough so
that whomever they sell them to won't complain.  You just advised
everyone to fill out multiple form with "real" sounding/looking
information using an IP randomiser so that each "bogusly" filled out
form would appear to be from a different person/lead so that your
profits, you *are* most likely a mortgage spammer, Bob, will increase
since you are paid per lead.

Aren't you ashamed of yourself for trying to "phool" everyone in NANAE
and alt.spam into making money for you and doing your bidding by
helping to curb your competitors' spamming activities.

:: Re: spammer honeypots

::::    <quote>    ::::

news:cel4ve$8tp$1$8302bc10@news.demon.co.uk...
...but regrettably I'm not in a position to support it properly at the
moment (and I haven't been for about a year now). If some Java
developer
is interested in taking it on, I will gladly provide the source.

Oh, hi, Jack! I didn't realize that was you. Yeah, JackPot is running
great... spammy is still filling the mail queue pretty quickly, no
matter
how big I make it, but I'm assuming that since JackPot just drops the
message when the mail queue is filled, there's no way for it to be
relayed,
so I might as well just let it run with a full mail queue.

If anyone is interested in running JackPot, I give a hearty
recommendation
to do so... every spam we can prevent being delivered is another barb
in
the spammers' collective ass. If you want to get a look at what the
logfiles look like, you can check mine out:
http://63.207.207.234:52/hcm/hosts.html?sort=ip

I use several antispam techniques... JackPot is a big part of it, but
I've
also redone the code from aa419.org's Lad Vampire (used to hit 419
sites),
and added a throttle so it doesn't take all the available bandwidth.
You
can check that out here:

http://www.hillscapital.com/antispam/index.htm

Feel free to grab the source code and use it against your own
spammers. The
code runs just as well from the local computer as it does from a web
page.

    -SpamSlayer

::::    <quote>    ::::

This is your second post in NANAE as Mr. Anonymous and you still
hadn't quite figured out how to properly quote the poster you are
responding to.  At least you did improve with practice, but you were
still quite easy to spot/identify as a troll/k00k.

All of that talk about running Jackpot and where are the results of
your efforts posted in NANAE to help the cause?  Oh, wait, *your*
cause in learning and running Jackkpot was to successfully code a
detection routine to defeat/avoid Jackpot for spamwear.  You're a
fake, Bob, and everyone knows it now.  Those who do utilise honeypots
do so to help the collective spam fighting effort, not just themselves
and they don't make a phool of themselves posting in NANAE as you have
done.

:: Strike back against the spammers...

::::    <quote>    ::::

Hi, all.

I've taken the Lad Vampire (aa419.org) code (used to hit 419 sites),
and
changed it for my own uses. I use it to hit spamvertised websites.
Here's
the logic:

For businesses:
If you cost a spammer more money (in increased bandwidth and hosting
bills)
than they can 'earn' from spamming your domain, the spammer will leave
your
domain alone. I've proven this with our domain. At the beginning of
the
year, we received over 3000 spams/month for all our email addresses.
We are
now at 47 / month, and have been as low as 8 / month (we've got one
exceptionally stupid Russian spammer that I'm trying to knock a clue
into).

For individuals:
If you cost a spammer more money (in increased bandwidth and hosting
bills)
than they can 'earn' spamming you (let's hope the amount they can earn
is
$0), then they'll listwash you, and not spam you anymore.

This all hinges upon the spammee contacting the spammer, and telling
them
that their website(s) will be hit because they spammed an off-limits
email
address or domain. You can get the spammer's email address by doing a
WHOIS
on the spamvertised website URL, and looking for the Registrant's
email
address. This should be the spammer's email address. If your
nasty-gram
email to this address goes through, you've warned the spammer to leave
you
alone (use an email address other than the one you usually use), and
if it
bounces or is an address of an innocent bystander, you can contact
their
Registrar, and get the website registration yanked for invalid
registration
information, effectively shutting down that website.

It really works better than anything else I've tried, and I've tried
it
all.

Anyway, feel free to grab the source code and enter in the URLs of the
spammers bothering you. The source code is public domain, since it was
originally donated to aa419.org by an anonymous donor, and I'm
releasing my
code changes as public domain, as well. Have fun.

http://www.hillscapital.com/antispam/index.htm

::::    </quote>    ::::

Hmm, there's that, "Hi, all" again that your other socks used to set
up some of your responses.  You may have read Book 13, but you simply
aren't that good at this sort of subterfuge, Bob.

This was your first post as Mr. Anonymous and *no one* responded to
it, so you kept trying until you garnered an audience and some folks
fell for your FUD.  But now everyone can see what you are doing here
in NANAE, so your audience will be a little more skeptical and a
little more cautious, except, of course, for those in NANAE who enjoy
toying with trolls like you.

To view Bob's BIG picture even more clearly, read "all" of Bob's posts
in NANAE.  The Google results used in preparing this post only listed
Bob's last post in each thread.  Bob's quite the funny man and he is
an entertaining read.  Unfortunately, he's just not believable in the
slightest.

Bob, you are either a mortgage spammer yourself or you support, or
have a vested interest in, the mortgage spam industry.  Tell us (tinu)
the truth, Bob, you're here with a hidden agenda, "orangeja?"

Cheers,

SuN

--
Essiri sempri lu santu fora la chiesa.