http://www.nnseek.com/e/news.admin.netabuse.bulletins/ Posts for news.admin.netabuse.bulletins Thu, 18 Sep 2008 19:07:04 PDT http://www.nnseek.com/ http://www.nnseek.com/img/64.png 64 64 NNSeek http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_fri_sep_19_12_07_04_2008_259438087t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_fri_sep_19_12_07_04_2008_259438087t.html
Sending mail to the from address of this post will automatically list you in the SORBS DNSbl as a spammer
To contact someone about this mail please post in "news.admin.net-abuse.email" with a subject starting
with "[SORBS]", or use the mailform at: http://www.dnsbl.sorbs.net/cgi-bin/mail

SORBS Listing Summary for the last 24 hour period follows:

Database Totals
===============

Unique HTTP based proxy server ports open: 25636
Unique SOCKS based proxy server ports open: 32589
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 6203
Unique Open Relay ports open: 56
Unique IP addresses blocked for sending or supporting spam: 704424
Unique hacked/insecure server ports (includes FormMail scripts): 1380327
Total Open Proxy Server ports: 64428
Total Blocked Ports/Addresses: 2149235

Database Totals for Removed/Closed ports
========================================

Unique HTTP based proxy server ports closed/unblocked: 176340
Unique SOCKS based proxy server ports closed/removed: 96233
Unique miscellaneous (ftp/telnet etc) proxy server ports closed/removed: 10458
Unique Open Relay ports closed/removed: 104
Unique IP addresses unblocked/removed from spam database: 1626
Unique hacked/insecure server ports closed/removed: 2113655

Additions/Updates for blocking in the past 24 hours
===================================================

Unique HTTP based proxy server ports open: 0
Unique SOCKS based proxy server ports open: 0
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 0
Unique Open Relay ports open: 0
Unique IP addresses blocked for sending or supporting spam: 1
Unique hacked/insecure server ports (includes FormMail scripts): 0
Total Open Proxy Server ports: 0
Total Blocked Ports/Addresses: 1


Additions/Updated (retested).
=============================
69.50.160.0/32 [spam/spam support] updated/added: Thu Sep 18 19:12:58 2008


--
All postings to news.admin.net-abuse.bulletins are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

http://www.killfile.org/~tskirvin/nana/

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Thu, 18 Sep 2008 19:07:04 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_fri_sep_19_12_00_02_2008_259437575t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_fri_sep_19_12_00_02_2008_259437575t.html
Sending mail to the from address of this post will automatically list you in the SORBS DNSbl as a spammer
To contact someone about this mail please post in "news.admin.net-abuse.email" with a subject starting
with "[SORBS]", or use the mailform at: http://www.dnsbl.sorbs.net/cgi-bin/mail

SORBS Listing Summary for the last 24 hour period follows:

Database Totals
===============

Unique HTTP based proxy server ports open: 25636
Unique SOCKS based proxy server ports open: 32589
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 6203
Unique Open Relay ports open: 56
Unique IP addresses blocked for sending or supporting spam: 704424
Unique hacked/insecure server ports (includes FormMail scripts): 1380327
Total Open Proxy Server ports: 64428
Total Blocked Ports/Addresses: 2149235

Database Totals for Removed/Closed ports
========================================

Unique HTTP based proxy server ports closed/unblocked: 176340
Unique SOCKS based proxy server ports closed/removed: 96233
Unique miscellaneous (ftp/telnet etc) proxy server ports closed/removed: 10458
Unique Open Relay ports closed/removed: 104
Unique IP addresses unblocked/removed from spam database: 1626
Unique hacked/insecure server ports closed/removed: 2113655

Additions/Updates for blocking in the past 24 hours
===================================================

Unique HTTP based proxy server ports open: 0
Unique SOCKS based proxy server ports open: 0
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 0
Unique Open Relay ports open: 0
Unique IP addresses blocked for sending or supporting spam: 1
Unique hacked/insecure server ports (includes FormMail scripts): 0
Total Open Proxy Server ports: 0
Total Blocked Ports/Addresses: 1


Additions/Updated (retested).
=============================
69.50.160.0/32 [spam/spam support] updated/added: Thu Sep 18 19:12:58 2008


--
All postings to news.admin.net-abuse.bulletins are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

http://www.killfile.org/~tskirvin/nana/

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Thu, 18 Sep 2008 19:00:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_2_4_258572039t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_2_4_258572039t.html Posting-Frequency: monthly
Last-modified: 1999/09/30
Version: 1.75
URL: <URL:http://www.killfile.org/faqs/cancel.html>

Cancel Messages
Frequently Asked Questions
Part 2/4

This document contains information about cancel messages on Usenet, such
as who is allowed to use them, how they operate, what to do if your
message is cancelled, and the like. It does not contain detailed
instructions on how to cancel a third party's posts. It is not intended
to be a fully technical document; its audience is the average Usenet user,
up to a mid-level administrator.

This document is not meant to be a comprehensive explanation of Usenet
protocols, or of Usenet itself, but a basic knowledge of these concepts
is assumed. Please refer to news.announce.newusers, RFC1036, and/or
RFC1036bis if you wish to learn them.

Disclaimers: The information contained within is potentially hazardous;
applying it without the permission of your news administrator may cause
the revocation of your account, civil action against you, and even the
possibility of criminal lawsuits. The author of this document is in no
way liable for misuse of the information contained within, nor is he in
any way responsible for damages related to the use or accuracy of the
information. Proceed at your own risk.


Table of Contents > = In other parts of the FAQ
================= * = Changed since last update
>I. What are cancel messages?
>II. How do cancels work?
>III. So your post was cancelled...
IV. What does it take to cancel messages?
A. I want to cancel posts! How do I do it?
B. I'm not kidding; I really do want to do it. How do I do it?.
C. What is a cancelbot?
D. Sounds cool. Where do I get one?
E. What? Why not?
F. Fine then, I'll write it myself.
* G. Right; I've got a cancelbot. Now what?
V. That idiot forge-cancelled my posts!
A. My post is gone; it was forge-cancelled, wasn't it?
* B. No, I'm sure, it was cancelled. Why?
C. How do I track the bastard down?
* D. Who's done this before?
E. What, are there only bad guys?
F. Is there anything I can do on my own?
VI. What moral issues are involved with cancel messages?
>VII. What's going to happen to cancels in the future?
>VIII. What about these other things?
>IX. What are the current cancel issues?

>Changes
>To Do
>Contributors
>Pointers

>Appendix A: Dave the Resurrector
>Appendix B: Retromoderation


IV. What does it take to cancel messages?
=========================================
A. I want to cancel posts! How do I do it?

You must be kidding.


B. I'm not kidding; I really do want to do it. How do I do it?

*sigh* Well, I'll bet you really haven't thought about it very
much yet. Read this section before you do anything, alright?

Anyway...

On a small scale, you can issue them by hand - see the Newsgroup
Care Cancel Cookbook (<URL:http://www.xs4all.nl/~rosalind/faq-care.html>)
for the details and warnings you'll need to get started. On a bigger scale,
you're going to want a cancelbot.


C. What is a cancelbot?

A cancelbot is a program that searches for messages matching a
certain pattern and sends out cancels for them; it's basically an
automated cancel program, run by a human operator.


D. Sounds cool. Where do I get one?

If you have to ask, you're probably going to have a hard time
getting one, and even if you do you probably won't be impressed with
the quality. I wouldn't even consider using a cancelbot unless you've
written it yourself or know exactly what it's doing (in which case you
might as well have written it yourself anyway).


E. What? Why not?

Giving out a cancelbot is like handing out loaded guns with no
safeties. Even if the recipient is well-intentioned, screw-ups are
fatal; you need the proper training first. There may be people out there
that will still give you that gun without the training, of course, but
it's a good idea to question their motives...

In general, until you know *exactly* how to use a cancelbot, you
shouldn't be experimenting with one - and most people that write the 'bots
know this. Cancelbots are dangerous, and can be used irresonsibly; more
than that, if you screw up with a cancel-bot you can cause *large*
problems, and it's fairly easy to screw up. For these and other reasons,
it's generally accepted that only those that are willing and able to
write their own cancelbot will ever actually get one.

Sidenote: even if you trust the source of the code, it's not a
good idea to trust it blindly. What security holes might it have? What
bugs may be in it? Is it optimized for the ways that you're planning on
using it? It's a lot safer to write your own code than to rely upon others;
not only is it easier to modify for yourself, but you at least then have an
idea what's still wrong with it...


F. Fine then, I'll write it myself.

Sure, go right ahead, but a word of wisdom: make sure you know
what you're doing.

Richard Depew, Usenet's current main bincanceller, was one of
the first people to use cancelbots in a large way. One of the most famous
bot-related incidents of all time was his ARMM cascade, in which a simple
spelling error on his part caused a large spew in news.admin.policy for
several hours before it was turned off. It was generally considered a Big
Oops.

Richard's incident was also far from the worst; that honor would
have to go to the incident where a misconfigured cancelbot was auto-
cancelling everything from netcom.com. Bigger Oops. And these examples
just scratch the surface of what can go wrong when writing a
cancelbot...

Before you test out your cancelbot on actual Usenet stuff,
double and triple check to make sure it *works*. Make sure that you've
gone through all the potential bugs and vulnerabilities - add safeties,
redundancies, internal logic checks, and what have you. Start a local
group, test the 'bot out in that group *only*. Whatever. Just remember,
you only get one chance at this, so do it right...

While writing a cancelbot, make sure you follow the conventions
that you plan on using ($alz, etc). In addition, once you've got the
basics down, mail Chris Lewis (clewis@ferret.ocunix.on.ca). He'll give
you some more tips.


G. Right; I've got a cancelbot. Now what?

Well, the obvious thing is to start using it. Don't. Before you
do so, make sure you've considered *everything*; cancels raise plenty of
interesting questions, and using a cancelbot isn't something to enter
into lightly.

Before you do anything, make sure you've thought a _lot_ about
_all_ of the following issues. Trust me, you'll need it.

1. Who is going to be affected by this, and how will they react?

Cancelbots tend to affect a lot of people. By running one, you
are messing with a lot of people - and, generally, making them
upset. Many are going to complain. Some are going to retaliate.

Succinctly, before you start up your cancelbot, make sure you can
handle any incoming mailbombs, that your network's security is
strong enough to stand up to persistent cracking attempts, that
you're on good enough terms with your bosses and administrators
that they won't fire you or drop your account the second they
get any complaints about you, that you've gotten your phone
number made unlisted, and that you've got a good lawyer handy.

That's a start, at least.

2. What kinds of problems will this cause legally?

In the USA, at least, the current best information/guess about
the legality of cancel messages says that non-content-based third
party cancels are legal, and that content-based ones are illegal.
However, this has just plain not been tested in anything resembling
a court of law, and wouldn't apply to other countries even if it
had been tested.

Even if cancels are legal in your place of work, of course, this
doesn't mean that you won't face legal harassment. It's almost
trivially easy to find some reason to sue somebody today; if you
hork somebody off by cancelling their posts, there is a chance
that they'll try this on you. Remember, to many it often doesn't
matter if they're going to win or lose the lawsuit; all that is
important is that they have forced you to spend money and time
to respond to the charges.

Regardless - there is definitely some legal risk associated with
third-party cancels. This risk is probably enough that you should
talk with your higher-ups first, or, if possible, a lawyer. It
could save you a lot of trouble down the line.

3. Is this a moral thing to do?

Even if cancel messages were perfectly legal, they still aren't
the nicest thing in the the world. By issuing a cancel you are
deleting somebody else's words; many would call this censorship,
and, even if their use is justified, they may be right.

The most commonly used moral argument about cancels is known as
the "slippery slope". The use of cancel messages leads down the
road to censorship, which is a Bad Thing; however, it may be
possible to keep the system under control by staying near the top.
The further cancels go, however, the more likely it is that they
cannot be controlled - and once that happens, any benefit they may
have once held will be gone.

Common practice says that non-content-based cancels are not
censorship. Instead, they are based on how "loud" the message
was said; it's not censorship to stop someone from blaring their
message out in the middle of the night using a megaphone. This
hopefully means spam cancels and their like are not yet out of
control, and that we haven't gone so far down that we can't return;
then again, this point is certainly up to debate.

4. Do I really have the time to deal with this?

Operating a cancelbot takes a lot of time. Just on a technical
level, the 'bot has to be written, the parameters have to be set
and constantly updated, and the thing watched to make sure it works;
that, though, is the least of your worries.

Once you get the 'bot running, people are going to take notice.
Result: you will get comments, you might get praise, and you will
probably get complaints. You *must* listen to them if you want to
continue running your 'bot responsibly. No, you don't have to
respond to everything, especially the more juvenile flames, but
you do have to make sure you listen to suggestions and problems;
after all, if your 'bot is cancelling something it shouldn't be
cancelling, you'll only find out when somebody tells you.

If you don't have time to deal with these comments and complaints,
then just give up now. Trust me, you'll be better off.

5. Do I know for *sure* what this program will be used for?

If people don't accept the purpose of your cancelbot, then your
cancelbot will not be effective for anything except getting a
whole lot of flames and your account nuked. As such, before you
start cancelling you should make sure you won't get rejected from
the job. Make yourself some rules:

- What kinds of posts will I be cancelling?
- Will I be expanding these criteria later?
- How accountable will I be?
- What if somebody asks me to include (or exclude) their
hierarchy?
- Will I give out my code to others?

Get these rules down now, before you run out of time to think
of them later on down the line. This way, when you're called on
them you can respond appropriately.

(Recap: the standard uses for third-party cancels are spams,
spews, moderated group cleanup, binaries in non-binary groups, and
forgeries. See section I.D. for details.)

6. Have I double- and triple-checked my code?

Again, screwing up your code can cause *big* problems. Before
you're ready to go operational, make absolutely sure that you know
that the code works 100%% of the time. I'd personally recommend
asking yourself "could I operate this while drunk?" There are no
second tries here; don't give yourself a chance to screw it up.

This is, of course, especially important if your code is ever
going to be even viewed by another human being...

7. Do I know what's happened in the past?

The history of Usenet and cancels goes back a long, long way; it's
not only fairly interesting stuff, but it teaches interesting
lessons. Before you start the cancelbots, you should probably
know what they were used for before; with knowledge comes power,
after all, and this way you won't start repeating the mistakes of
your predecessors.

8. Am I following all of the rules?

While they may not be conventions, there are certain basic rules
that are usually followed by operators of cancelbots that should
probably be followed. A notice of the cancels should be posted
to news.admin.net-abuse.bulletins; the original poster and their
postmaster should be notified; a representative copy, or link to
such, should be appended to the notice of cancellation. You should
have a reliable contact address, so as to be fully accountable for
your actions. And, as usual, all of the official conventions
should be followed exactly.

If you're not doing them "nicely", you're going to get more
complaints than otherwise - and rightfully so. And if you aren't
capable of doing them nicely, then you probably shouldn't be issuing
cancels at all.

Remember, it has been proven time and again that nice, polite
cancel notifications make less enemies than angry, flamish ones.
It's probably a good idea to make your notifications as kind as
possible - though they should always include as much information
(or links to information) as you can possibly fit in.

9. Do I actually have to do *this*?

If you hadn't figured it out already, cancelbots are a pain in
the butt. For this if no other reason, you should probably
reconsider whether this is really necessary.

If your problem has to do with too much off-topic or irrelevant
traffic, maybe cancels aren't the solution. Talk about moderation
with the regulars of the newsgroup you're worrying about; someone
might be willing to help moderate the group, or maybe they have
another idea to solve the problem. Maybe mailing the offenders a
polite message saying "your message is off-topic" would help, or
perhaps it will take mailing the posters' administrators before
they'll stop; either way might be more effective than cancels.

Even if reasoning with everyone you can think of doesn't work, you
can still try other approaches. Post about it to news.admin.net-
abuse.usenet; the regulars there have trained themselves to deal
with obnoxious sites, and will help you if necessary. In many
cases, you can stop the problem with judicious use of killfiles.
And, if all else fails, you can always try NoCeM (section VII.D.).

In general, just make sure you've tried *every* alternative before
you start cancelling anything. It's a pain to start, it's a bigger
pain to continue, and the biggest pain comes when you finally want
to stop...



V. That idiot forge-cancelled my posts!
=======================================
A. My post is gone; it was forge-cancelled, wasn't it?

Before you do anything, check section III; double-check to make
sure that someone really *did* cancel your post before you get all upset.
Remember, no cancel message, no cancel.


B. No, I'm sure, it was cancelled. Why?

There are as many reasons to cancel a post as there are cancel
messages. Most cancels are issued for valid reasons (which are detailed in
previous sections), but sometimes they are done for what many people would
consider illegitimate reasons. The people that issue such cancels are known
as "rogue cancellers"; these are the ones to worry about.

Why do they do it? It depends. One popular excuse, started by the
infamous Church of Scientology, is that the message was a "Trade Secret" which
must be protected. Another excuse has become prevalent in recent years is
"if one may cancel, all may cancel" - the theory being that cancel messages
themselves are evil and must be stopped, and the way to do this is to abuse
the hell out of them so that sites will turn them off. Oddly, both of these
excuses generally lead to cancels aimed at those the cancellers have declared
"enemy", and usually end up backfiring.

All of those reasons, though, are pretty much just excuses. What
are the *real* reasons that somebody would do something like this? Simple:
they want to keep something out from under public scrutiny, they didn't like
what you said, or they just want to destroy a few messages.

And yes, those are very bad reasons.

In any case, rogue cancellers such as the above are *not* accepted
by the Usenet community. End of story. The hunts to track down rogue
cancellers often reach near-epic proportions, the searchers often spanning
the globe, and virtually all such quests end with, at the very least, the
cancels ending.


C. How do I track the bastard down?

If you have the cancel message, the best first step to tracking
down the canceller is to post a (single) copy of the message to news.admin.
net-abuse.usenet with a brief explanation of what's going on. The people
on that group are veterans at tracing Usenet messages; they can probably
help. While they're at it, they may also explain why your message may have
been cancelled legitimately, in case there's anything you missed.

For rudimentary analysis of who cancelled your post, check the
NNTP-Posting-Host: header of the cancel. While it is possible to forge
this header, it generally will say which machine was used to issue the
cancel message. Other, less-forgable headers include the Path: and
Sender: headers, and occasionally the Message-ID: header.


D. Who's done this before?

In the past, there have been many rogue cancellers of various
skill, competence, and intelligence. Some are gone; others are still on
the run, but appear occasionally. Here are a few of the most famous.

o Kevin Jay Lipsitz: "Krazy Kevin", as he called himself in his
spams, cancelled many posts on news.admin.net-abuse.misc
concerning his spams. His theory was that, by cancelling the
posts, it would take more effort to shut him down; on this point
he failed miserably, instead merely causing the implementation
of Dave the Resurrector (see Appendix A). During his time as
a spammer Kevin was kicked off of many ISPs, but he has not
been heard of for several months.

o CrackerBuster: in December of 1994, an unknown computer person
decided that he didn't like alt.2600, and decided to declare war
on the group and anyone that supported it. In one of the first
mass newsgroup attacks, CB issued cancels for every message in
alt.2600 and alt.current-events.net-abuse and then flooded the
groups with thousands of his own messages, effectively ruining
them. Chris Lewis did much of the work cleaning up the mess;
after he was done, he realized that he had himself a fully
working cancelbot; after getting some updated detection software
from Jonathan Kamens, Chris began work as Usenet's most prominent
major spam canceller.

o Crusader: Crusader's actions began with a very large neo-Nazi
mass email, sent several times to just about every email address
in existance. There were many systems involved in the sending of
this unprecedented attack, most of which were cracked; this didn't
stop a team of news.admin.* regulars from deciding they were going
to track the perpetrators down. To slow down the trace, the people
behind Crusader began to cancel all of the messages about the mass
mailings; this merely forced the creation of a short-term mailing
list and furthered the group's resolve to stop the attack. While
the trail stopped at a cracked system in Italy, the mailings
eventually stopped and the cancels ended.

o Ellisd: soon after the passing of the Communications Decency
Act, an anonymous user on Netcom decided to cancel everything in
alt.binaries.pictures.erotica.* and alt.sex.* as "indecent filth".
The account was shut down within hours; however, Ellisd continued
to forge cancels from other machines, forging them to appear to
come from his (now non-existant) Netcom account. Ellisd was
entirely stopped within another couple of days; his only real
effect had been to show that the cancellation of "morally
questionable" material would not be tolerated.

o The Pseudosite Incident: September of 1996 was a hard month for
Usenet. Having endured many varied newsgroup and mail bombs, the
next assault came in the form of tens of thousands of cancel
messages. Possibly modeled after the ellisd incident of several
months before, several parties unknown began issuing cancels using
several new pseudosites such as "geekcancel" (in comp.*) and
"kikecancel" (in soc.culture.israel). Needless to say, this
resulted in a whole pile of ticked off people. The cancels
stopped a few days later, and Chris Lewis reposted virtually all
of the cancelled messages, but the damage was done.

The pseudosite attack has started up several more times since its
initial run, most prominently in the "Michael Franowski" continuing
forgeries and the cancel/voter fraud attack upon news.lists.nocem.
This latter attack eventually forced UUNet to close down its open
news port.

o The CancelBunny: the Church of Scientology, a remarkably
paranoid organization, has several "secret scriptures" that have
long been distributed over Usenet. To stop this, the evidence
shows that they have called in someone with computer knowledge
to cancel posts that contain any of their scriptures -- or
anything that they didn't like. This brought the entire religion
to the attention of Usenet, and alt.religion.scientology is a
very well-read (and high traffic) group as a result.

The cancels, however, were generally accepted to be Bad Things.
Therefore, a group of people decided that they were going to hunt
down the (anonymous) CancelBunny, as it had been named, by checking
from bunches of sites. Several CancelBunnies have been tracked
down and lost their accounts; more keep popping up, only to be
bashed back down just as quickly.

The cancels by the CancelBunny are generally on comp.org.eff.talk
and alt.religion.scientology. Cancels to a.r.s are reported by
Lazarus (VIII.C).

o NewsAgent: HipCrime, an anonymous programmer with fairly
anarchist views, one day decided to write a publicly available
Usenet cancellation engine. His stated reason was the standard
"if one may cancel, all may cancel" excuse; however, when he
first unleashed his 'bot, he targeted moderated groups, anything
administration-related, and everything else that he personally
disliked. It quickly became apparent that his work was merely
intended to destroy Usenet; as such, some of Usenet's more
prominent anti-administration kooks joined him in what they
saw as the final anti-Usenet war.

It surprised them to no end when they soon found that their
cancels had stopped being effective, because too many sites
knew how to fight the attack.

Since then, NewsAgent has morphed and become more public-domain.
The software no longer issues cancel messages; instead, it issues
long randomly-generated messages with Supersedes: headers, which
destroy posts in a less-tracable and more-destructive manner
(and which are almost immediately themselves cancelled, and
the original messages reposted). Hipcrime has also written
other variants of NewsAgent which send out other Control
messages, creating thousands of bogus newsgroups on unwatched
servers or causing a few individuals to be mailbombed but
otherwise doing little damage. More worrisome is that older
versions are in the hands of many people who wish to use the
software maliciously, who are now using it to attack individual
newsgroups. Even this is generally stopped after a couple of
days, however.

Overall, NewsAgent has merely made life a bit more difficult
for news administrators and a bit more chaotic for standard
Usenet users. Too bad.


E. What, are there only bad guys?

No, of course not; they're just the most prominent. There are
plenty of important good guys, too -- the ones that perform the thankless
job of cancelling spam, spew, MMF, and all the rest, basically keeping
Usenet usable.

Among the most famous spam cancellers include the CancelMoose
(moose@cm.org) [the first major spam canceller, author of NoCeM, now
retired from cancelling], Chris Lewis (clewis@ferret.ocunix.on.ca) [the
most prominent spam canceller of all time], and Jonathan Kamens
(jik@mit.edu) [writer of the best spam detection software to date]. Most
of the other cancellers can be found on news.admin.net-abuse.*.


F. Is there anything I can do on my own?

Of course.

1. Notify the postmaster at the offending site, or upstream site.

If you can determine where the cancels are coming form, mail
the postmaster at that site (or abuse@site, if present) with your complaints,
If this doesn't work, you may want to try notifying the people that give
the site its newsfeed; for details on how to determine this, read the Spam
Tracking FAQ.

2. Alias out the offending site.

Your news administrator may be capable of making your machine not
accept posts from a certain other machine. If necessary, this can be
used to ignore the cancel messages on your own site.

3. Ignore the cancels.

Most major cancel attacks are fairly easy to categorize, based on
a common header or message body. It is possible to run software, such as
Cleanfeed (<URL:http://www.exit109.com/~jeremy/news/antispam.html>), to
ignore those cancels based on the common pattern; if you've got the time
to update your filters fairly often, you may even be able to head off
further attacks.

4. Write and run a Resurrection 'bot.

It is possible to run a 'bot that reposts everything that is
cancelled; the most famous example of this is Dave the Resurrector, which
protects the news.admin.* hierarchy and is detailed in Appendix A. If you
want to do something similar, you can be a great help at stopping rogue
cancel attacks.

5. Call in the official authorities.

As was previously said, forged cancels are in a legal grey area.
If you want to call in the legal authorities, you probably can, and
something may be done.

The general recommendation of this, though, is "don't do it".
Any kind of legal judgment on this matter sets a precedent; at this point,
we're almost happier without one.



VI. What moral issues are involved with cancel messages?
========================================================

I'll answer this question succinctly:

Lots.

The moral issues related to cancel messages are among the most
interesting, and distressing, part of the issue. Third-party cancels,
spam and binary cancels, retromoderation, moderators in general, the
full "slippery slope" argument, the "Usenet is an anarchy" argument, "you're
violating my first amendment rights!" and "without cancels, Usenet would
have died under the weight of the spam long ago"...

This FAQ, though, isn't really the best place to get into it.

For lack of space and time, I cannot get into these issues in
detail here, however important they may be. If you want a start on this
matter, read the news.admin.net-abuse FAQ, along with the newsgroups.
It's at least a start.

--
Copyright 1999, Tim Skirvin. All rights reserved.
<URL:http://www.killfile.org/faqs/cancel.html>

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Mon, 15 Sep 2008 00:45:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_4_4_258571783t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_4_4_258571783t.html Posting-Frequency: monthly
Last-modified: 1999/09/30
Version: 1.75
URL: <URL:http://www.killfile.org/faqs/cancel.html>

Cancel Messages
Frequently Asked Questions
Part 4/4

This document contains information about cancel messages on Usenet, such
as who is allowed to use them, how they operate, what to do if your
message is cancelled, and the like. It does not contain detailed
instructions on how to cancel a third party's posts. It is not intended
to be a fully technical document; its audience is the average Usenet user,
up to a mid-level administrator.

This document is not meant to be a comprehensive explanation of Usenet
protocols, or of Usenet itself, but a basic knowledge of these concepts
is assumed. Please refer to news.announce.newusers, RFC1036, and/or
RFC1036bis if you wish to learn them.

Disclaimers: The information contained within is potentially hazardous;
applying it without the permission of your news administrator may cause
the revocation of your account, civil action against you, and even the
possibility of criminal lawsuits. The author of this document is in no
way liable for misuse of the information contained within, nor is he in
any way responsible for damages related to the use or accuracy of the
information. Proceed at your own risk.


Table of Contents > = In other parts of the FAQ
================= * = Changed since last update
>I. What are cancel messages?
>II. How do cancels work?
>III. So your post was cancelled...
>IV. What does it take to cancel messages?
>V. That idiot forge-cancelled my posts!
>VI. What moral issues are involved with cancel messages?
>VII. What's going to happen to cancels in the future?
>VIII. What about these other things?
>IX. What are the current cancel issues?

>Changes
>To Do
>Contributors
>Pointers

Appendix A: Dave the Resurrector
1. What is Dave the Resurrector?
2. Why is Dave necessary?
3. What cancels are authorized?
4. What messages are reposted?
5. What is the format of the reposts?
6. So how do I cancel my own posts when Dave is around?
7. What about other Resurrector bots?

Appendix B: Retromoderation
1. What is retromoderation?
2. Why is retromoderation so popular?
3. What's wrong with retromoderation?
4. When is retromoderation alright?


Appendix A: Dave the Resurrector
================================

1. What is Dave the Resurrector?

Dave the Resurrector is a program written and run by Chris Lewis
(clewis@ferret.ocunix.on.ca) that reports on and reposts messages cancelled
in the news.admin.net-abuse.* hierarchy. Dave's code was written after a
particularly obnoxious run of cancels in news.admin.net-abuse.misc sent
by Kevin Lipsitz (since charged with fraud and other offenses); the name
was suggested by Tim Skirvin, and Chris accepted the name in honor of
Dave Hayes, of news.admin.* fame.

Dave's reposting activities are occasionally extended to include
the rest of news.* and other hierarchies, to resurrect messages removed by
large-scale rogue cancellers. From time to time Dave's presence has also
been requested in other newsgroups.


2. Why is Dave necessary?

The news.admin.* hierarchy has always been the target of massive
forged cancel attacks, (see section V.D. for details). Dave neutralizes
these attacks, though at the cost of allowing people to cancel their own
posts effectively.


3. What cancels are authorized?

In the context of Dave, an "unauthorized cancel" is a cancel by
someone other than the originator, the originator's system administration,
the moderator of the group, or an accepted spam canceller. Of necessity,
given the ease in which cancels can be forged, Dave cannot determine the
authenticity of cancels per-se, so will resurrect all cancelled articles
except those which:

o are cancelled by an accepted spam canceller, or
o contain a "X-No-Repost: yes" header, or
o are deemed by Dave to be unsafe to resurrect - where "unsafe"
is determined at the discretion of Dave's operator.

Dave's operator routinely scans Dave's normal haunts, and will
manually recancel articles that appear to have been resurrected in
error. Other spam cancellers who've been introduced to Dave can do this
as well.

When Dave is armed to cope with a rogue canceller cancelling in
other groups, a best-effort attempt will be made to avoid reposting spam
and other postings that are undesirable to resurrect.


4. What messages are reposted?

According to the news.admin.net-abuse.* charters, "All messages
removed by unauthorized cancels in the hierarchy will be automatically
reposted by Dave the Resurrector or a similar program, at the discretion
of the group moderator or, for the unmoderated groups, the operator of
the resurrector program."

Every cancel message in the news.admin.* hierarchy prompts Dave to
create a repost of the original message; however, not every repost is
injected into the news system. Before Dave submits an article to be
reposted, the bot runs a few extra checks:

o If there have been more than n reposts this "run" (the amount of
time since Dave was started, which is usually several days), do not
submit the repost. As of the the time this section was written,
"n" was 30; this number is, of course, subject to change.
o If the original is more than n days old, do not submit the repost.
"n" was 4 as of the time this section was written, and is again
subject to change.
o If the cancel was from an authorized spam canceller, as determined
by Dave's operator, do not submit the repost.
o If the article is unsafe to resurrect (for technical or other
reasons), do not submit the repost.

If the circumstances warrant it, some or all of these heuristics
may be turned off - for instance, the maximum reposts per run section may
be taken out to stop a massive forged-cancel bomb. Also, all articles not
submitted by Dave are still subject to later perusal (and possible
posting) by Dave's operator, as he sees fit.


5. What is the format of the reposts?

In the past, Dave modified the body and headers of the message to
allow for easy notice of rogue cancels. It was eventually pointed out,
however, that this policy broke PGP signatures (VII.E.) and the pseudo-
headers used by FAQ maintainers; to solve this, Dave's policy has been
changed to 'least-disturbance'. As such, reposts of cancelled messages
are as similar to the original message as possible:

o The original Path and Message-ID are renamed to X-Path and X-
Message-ID (respectively).
o A series of X-Comment headers, including 'X-Comment: DtR repost:"
are added, to explain that the message is a repost.
o The Message-ID of the repost consists of the original Message-ID
with a prepended "REPOST.". It should be noted
that this change, while necessary, does break PGP-signed control
messages and is not compatible with PGPMoose.
o The Path of the article is set to 'ferret.ocunix.on.ca!resurrector'
(at injection). The Path may also include the site responsible
for the cancel, which helps break cancel-repost loops if a rogue
canceller tries to cancel the reposts and allows other sites to
alias out the cancelling site and ignore the reposts if they wish.
o At present, 'REPOST: ' is prepended to the Subject line of all
reposted articles; this is likely to change in the near future.
o The Newsgroups header is trimmed to only include news.admin.*
groups, so as to prevent cancel-repost wars with policy-enforcement
bots in other groups (ie groups such as foo.general will be removed
from the Newsgroups: header, even if it was present in the original
article). This has the side benefit of stopping people from using
Dave to "protect" their cross-posted flamewars by including a news.
admin.* group.
o The body is posted intact, with the cancel message that trigged Dave
appended at the end of the message.
o All other headers are left intact.


6. So how do I cancel my own posts when Dave is around?

If it were possible, Dave would let you cancel any article that
you wrote without a repost; however, due to the practical problem of
cancels being trivially easy to forge, this can't happen without removing
Dave's use. As such, Dave errs on the side of caution, and reposts most
articles it sees cancels for. However, there are ways around Dave, if you
really want to cancel your posts.

o The presence of an 'X-No-Archive: yes' header will prevent Dave
from reposting your article (excepting attacks by targeted rogue
cancellers); see your newsreader's manual for instructions on how
to automatically add this header to your messages.

o If you cancel or supersede your article soon enough after the
original posting, you _may_ be able to remove the message before
a copy is saved by Dave. Of course, it should be noted that
cancel messare are rarely going to be fast enough to keep anybody
from reading the message anyway.

Mail to Dave's operator is not encouraged when a cancel is
required; even in the case of forgeries in your name, a post to the proper
news.admin.* group indicating that the messages are forged will do more
good.


7. What about other Resurrector bots?

As previously noted, DtR can be extended to other newsgroups and
hierarchies by request. Astute observes might note that the
news.admin.net-abuse.* charters allow for other Resurrector bots if the
situation warrants it. This was done on purpose, to allow for a
replacement for Dave if necessary. At this time, however, no other
Resurrector bots seem to be necessary.




Appendix B: Retromoderation
===========================
1. What is retromoderation?

Technically, retromoderation is moderation that takes place after
the messages are posted. All posts are initially distributed normally,
either through standard Usenet channels or through a simple mail-to-news
gateway; the moderator later checks the group, and deletes those messages
that were inappropriate.


2. Why is retromoderation so popular?

In a normally moderated newsgroup, the combination of a simple
moderator-bot and retromoderation allows for focused and on-topic discussions
and keeps the group (mostly) spam-free, all while not requiring large
workloads for a moderator and allowing message distribution to be kept
high. In an otherwise unmoderated newsgroup, retromoderation allows for
some level of topic and spam control, while not forcing the centralization
required by standard moderation and not requiring a formal moderation
process.

In short, retromoderation is a quick and easy way of accomplishing
most of the benefits of standard moderation, and people appreciate this.


3. What's wrong with retromoderation?

Though it may be tempting, retromoderation should never be entered
into lightly. It is plagued with problems, affecting everything from its
effectiveness to the long-term future of Usenet.


o Retromoderation does allow for messages deemed inappropriate by
the moderator to be displayed for a time. This defeats the purpose
of the moderation in many cases, such as high-speed 'announce' news-
groups or groups for school-aged children.

o Retromoderation is not 100%% effective. Not all sites honor cancel
messages, and even less honor NoCeMs; as a result, it may not be
possible to delete a message after it has been posted.

o While all news software recognizes the difference between a moderated
and an unmoderated newsgroup, there is no way to tell from software
whether a group is retromoderated; as such, there is no official way
to indicate whether a group is retromoderated or not, nor to tell
who is the moderator or moderators. Similarly, there is no official
way to make an otherwise unmoderated newsgroup retromoderated.

o Most reasonable people will understand if their messages are never
posted; the concept is fairly apparently to most of the population
due to past experiences with newspaper and magazine editors and
their ilk, and few consider it censorship. This is less true when
an article is posted and subsequently deleted.

o News administrators rarely want to deal with the specifics of Usenet
news, especially in regards to cancel messages. As such, many news
admins will delete a retromoderated newsgroup and/or disable cancel
messages on their servers, rather than worry about the issues
involved with the retromoderation.

o Retromoderation in an otherwise unmoderated newsgroup gives credence
to those that would like to cancel messages that they merely don't
like on Usenet as a whole.


4. When is retromoderation alright?

Even though retromoderation has its problems, it is still widely
accepted and used in several circumstances.

o Retromoderation is not questioned in already moderated newsgroups if
performed by the group moderator or those who they designate. Mod-
erated Big-8 newsgroups, alt.* groups accepted as moderated by 80%%+
of Usenet sites, and private hierarchies may all be retro-moderated
by their respective moderators or controllers.

o Spam-trap groups, such as alt.sex.cancel, are specifically chartered
so that any message crossposted to them is considered fair game for
cancellation. This form of retromoderation is considered mostly
legitimate, so long as the newsgroup name makes clear that the group
is moderated.

o As only those sites that explicitly want to follow the moderation will
have to do so, any individual can retromoderate any newsgroup that
they choose using NoCeM rather than cancel messages.

o Although still hotly contested, there is a movement to allow robot
keyword retromoderation of alt.* groups, in which any post not
containing a key word or phrase, decided upon by the group, is
automatically cancelled. Keyword retromod was invented by Dick
Depew (red@redpoll.mrfs.oh.us) and is currently being used on
several newsgroups, such as alt.sex.cthulhu. This form of retromod
is considered radical, and (in the opinion of this author) shouldn't
be done; standard moderation is probably a better answer.
--
Copyright 1999, Tim Skirvin. All rights reserved.
<URL:http://www.killfile.org/faqs/cancel.html>

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Mon, 15 Sep 2008 00:45:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_1_4_258571527t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_1_4_258571527t.html Posting-Frequency: monthly
Last-modified: 1999/09/30
Version: 1.75
URL: <URL:http://www.killfile.org/faqs/cancel.html>

Cancel Messages
Frequently Asked Questions
Part 1/4

This document contains information about cancel messages on Usenet, such
as who is allowed to use them, how they operate, what to do if your
message is cancelled, and the like. It does not contain detailed
instructions on how to cancel a third party's posts. It is not intended
to be a fully technical document; its audience is the average Usenet user,
up to a mid-level administrator.

This document is not meant to be a comprehensive explanation of Usenet
protocols, or of Usenet itself, but a basic knowledge of these concepts
is assumed. Please refer to news.announce.newusers, RFC1036, and/or
RFC1036bis if you wish to learn them.

Disclaimers: The information contained within is potentially hazardous;
applying it without the permission of your news administrator may cause
the revocation of your account, civil action against you, and even the
possibility of criminal lawsuits. The author of this document is in no
way liable for misuse of the information contained within, nor is he in
any way responsible for damages related to the use or accuracy of the
information. Proceed at your own risk.


Table of Contents > = In other parts of the FAQ
================= * = Changed since last update
I. What are cancel messages?
A. What are cancel messages?
* B. Are cancel messages the only way to delete a message?
C. Where can I find cancel messages?
D. Who is generally allowed to issue cancels?
* E. When and why are cancel messages allowed?
F. How are they issued?
G. How do I cancel my own post?
* H. Who decided on these rules?
II. How do cancels work?
A. What is control? control.cancel? How do I receive them?
B. What standards are there for cancelling posts?
C. What is the format of a cancel message?
D. Do all news sites accept all forms of cancels?
E. How do I alias out a pseudosite?
III. So your post was cancelled...
A. Why was my post cancelled?
B. I have the cancel message right in front of me. Why was it cancelled?
C. But I wasn't doing anything wrong! Why was it cancelled?
D. Look, pal, I said I wasn't doing anything wrong, and I meant it. I
didn't break any rules that I can see. *Why was my post cancelled?*
E. *sigh* Then what do I do about it?
>IV. What does it take to cancel messages?
>V. That idiot forge-cancelled my posts!
>VI. What moral issues are involved with cancel messages?
>VII. What's going to happen to cancels in the future?
>VIII. What about these other things?
>IX. What are the current cancel issues?

>Changes
>To Do
>Contributors
>Pointers

>Appendix A: Dave the Resurrector
>Appendix B: Retromoderation


I. What are cancel messages?
============================
A. What are cancel messages?

Cancel messages are a specialized form of message to Usenet
that, when they arrive at a server, request that the post bearing the
Message-ID contained within be deleted. In essence, a cancel message,
if heeded, cancels another post. Hence the name.


B. Are cancel messages the only way to delete a message?

No. Usenet is transitory; not every message will be on all news
servers at all times. In fact, cancels are fairly rare; the cause of a
missing message is very rarely a cancel.

First of all, it takes some period of time for a message to
propagate to all news servers that wish to carry the message. This is
inherent in the Usenet system; messages take time to arrive. In some
cases, they do not arrive at all.

More commonly, messages are deleted after a certain period of time
so that more messages can take their place - this process is known as
expiration. The amount of time that a post exists varies from server to
server, and is usually based on the size and content-type of the article
and the newsgroups to which it was posted; servers typically save posts
for anywhere from a day to several weeks. As this happens on all news
servers and is not consistent, expiration is the number one cause of
"missing" messages.

As time goes on, the software itself has begun to change. Messages
posted in HTML, messages containing picture attachments, anything posted
more than a few times, even messages with more than about five newsgroups
in their headers, all of these are subject to automatic filtering by newer
news software; ask your news administrators for details about what is done
at your site.

Finally, there are more specific causes for missing messages.
Your message may have been replaced by another post using a Supersedes:
header; your news administrators may be running NoCeM, which selectively
deletes posts when used on a server level; your message could have been
filtered before it was even posted. Ask your administrators for more
information about your system's policies, expiration times, and so forth.

In summary: if your post is missing, do not instantly assume that
your message was cancelled. A good rule of thumb is "no cancel message,
no cancel". If you can find the cancel, then your post was cancelled; if
you can't, it probably wasn't.


C. Where can I find cancel messages?

As you must have a cancel message to show that your message was
cancelled, it is a good idea to know where to look for them. The best
answer, in the short term, is to search control for the cancel (see
section II.A. for details). If you are unable to find them there, the
Usenet search engines may be able to help - using Dejanews (www.dejanews.com>) or AltaVista (<URL:http://www.altavista.com>), search
for your email address and the string 'cancel', and you may be able to
find any cancels issued for your posts.

It should be noted that, for various reasons, the above methods
of finding cancel messages are becoming increasingly ineffective. Any
suggestions or technical help in solving this problem would be greatly
appreciated by the Usenet community.


D. Who is generally allowed to issue cancels?

In general terms, the only people that are always authorized to
issue cancels for a message are the original author of the message and
the postmaster at the site the message was posted from. However, there
are rules that allow third-party cancels in specific circumstances, such
as group moderation, spam and spew cancellations, article forgeries, and
a few other limited circumstances; those people in charge of these
duties are generally authorized to issue cancels directly relating to
the job.


E. When and why are cancel messages allowed?

When Usenet was created, cancels were meant to be only issued by
the original poster of a message. They were implemented so that someone
could take back their words, remove information that was no longer
accurate, replace inaccurate information, and other, similar purposes.

As time went on, more uses for cancel messages have been found.
Third party cancellations are now generally allowed if they are not
content-based; posting private mail is often more than frowned upon, and
newsgroup voting fraud may be stopped with a forged cancel; in the more
extreme cases, ads to inappropriate groups are cancelled, threads that
are crossposted to too many groups go away, and some even cancel in
order to just disrupt a newsgroup. This is not to say that this is
accepted; on the contrary, cancelling based on a new criterion is usually
more than hotly contested.

RFC1036bis, section 7.1, is the most "authoritative" list of valid
reasons for cancel messages; however, because it is not a formal RFC and
because Usenet changes so quickly, it should not be considered the final
word on such matters. The following reasons are probably the most apt to
be considered valid by any random news administrator:

1. First person cancels are performed by the original poster of a
message. They are explicitly allowed by the news system - a user
is always authorized to cancel anything that he or she posts, for any
reason, within the limits imposed by his or her administrators, the
moderators or maintainers of those groups affected by the cancels, and
the user's individual moral code. This authority extends to messages
written on another system.

2. Second person cancels are performed by those people officially "in
charge" of a user - the user's news administrator, the newsgroup
moderators and hierarchy maintainers affected by the user's posts,
or any party authorized to act on their behalf by said user or
administrator. These cancels, too, are officially authorized.

3. Third person cancels are generally frowned upon, unless they are
made based on one of the following criteria:

a. Moderator cancels
The moderator of a newsgroup has absolute authority over that group.
This includes the right to issue cancels for posts that he or she
did not authorize. Retromoderation is a subset of this, in which
the group is moderated only by the issuing of cancel messages;
private hierarchies may generally be considered retromoderated by
the hierarchy administrators, while in most most other hierarchies
the legitimacy of retromoderation is still up for debate. For more
information on creating moderated groups, see news.groups and/or
news.groups.questions.

b. Spam/EMP cancels
Spam or EMP, a message posted to Usenet separately multiple times,
is generally accepted as a major threat to Usenet. Therefore,
anything posted too many times is automatically cancelled, with no
regard to the content of the post. The current spam cancellation
threshold is 20 posts; for more information, see the Spam Thresholds
FAQ.

c. Spew cancels
A spew is a long series of similar articles posted over and over
again, due either to a malfunctioning program or malicious intent.
They are almost universally considered to be a good use for cancels.
However, there has yet to be an accepted broad definition of the
term "spew" - right now, it mostly fits under "I know it when I
see it". For more discussion of spews, see news.admin.net-abuse.
policy.

d. ECP cancels
ECP, or Excessive Cross-Posting, is when a message is posted to too
many groups at the same time. Much the same as spam cancellations,
if a message is crossposted to too many groups, it will be cancelled
without regard to content. Currently, the cancellation threshold is
a BI of 20 (the BI is "the sum of the square roots of the number of
newsgroups in which each of the postings appears"); as with spam/
EMP cancels, see the Spam Thresholds FAQ for details.

e. Binaries in a non-binary group
Much of Usenet does not want binary messages, usually for disk space
and performance reasons. To accommodate those sites that do want
binaries, the alt.binaries.* and comp.binaries.* hierarchies were
created. However, there are still some binary messages posted to
other Usenet groups; these are often cancelled without regard to
content, based on the size of the binary. For more information, see
news.admin.net-abuse.policy, where the specifics are being debated.
The bincancel FAQ concerns binary cancels in particular.

f. Forgeries in the user's name
It has become more and more common for people to post messages with
false attribution lines. If a message is attributed to a user, they
may cancel it or authorize others to cancel it as if they had posted
it themselves.


F. How are they issued?

Cancel messages are sent out as a standard Usenet post, except
they contain a "Control: cancel " header. If a system that
accepts cancels receives the message, the post with the specified
message ID is deleted from that system.

Most major newsreaders allow readers to cancel their own posts
with a key press. Third-party cancels are more complicated, and must
follow several conventions; please refer to section II.B for details.


G. How do I cancel my own post?

Most major newsreaders allow you to cancel your message with a
few keypresses. To cancel your own post, press the following key
(depending on your newsreader) while reading your message:

Unix
rn/trn: 'C' tin: 'D'
gnus-emacs: 'C' nn: 'C'
slrn: Esc-^C pine: none

Unix/X
xrn: 'Cancel' button
knews: Post/Cancel Article
Pan: Articles/Cancel

OpenVMS
Anu News 'cancel'
newsrdr 'cancel'

PC/Windows
Free Agent - pre-v1.1: Article/Cancel
- v1.1+: Message/Cancel Usenet Message
Agent - v0.99g,v1.5: Post/Cancel Usenet Message
- 1.9 or newer: Post/Cancel Usenet Message
- other: Message/Cancel Usenet Message (other versions)
Waffle: type CANCEL at the inter-message prompt
News Xpress: Article/Cancel Post
Turnpike: Article/Cancel Article
WinVN: Article/Cancel
News Xpress (Win3.1): Article/Cancel Post
Anawave Gravity: Article/Cancel
Outlook Express: Right Click on Message/Cancel
Internet News: File/Cancel Message
40tude Dialog: Post/Cancel Usenet message

PC/OS/2
NR/2: Article/Cancel

Macintosh
Nuntius: Articles/Cancel Article
NewsWatcher: Special/Cancel Message
MacSOUP: Message/Cancel
most browsers: Special/Cancel Message

Amiga
Thor 2.6: Event Commands/Cancel Message

Web Browsers
Netscape: Edit/Cancel This Message (most versions 2.0+)
Mosaic: none
Lynx: none
Internet Explorer 4.0: compose/cancel messages

Generic/Multi-System
Yarn: 'c'


If you know of any other news readers that allow cancels, have
corrections for any of the above readers, or whatever, please mail
tskirvin@killfile.org with the information.


H. Who decided on these rules?

Usenet is a cooperative venture of many thousands of sites world-
wide. It was designed with the principle of mass communication in mind;
not much thought was put into security, because it didn't seem necessary
at the time. As the need to control the system became evident, so too did
the potential for abuse; out of these two needs, these rules grew.

As for who actually designed the rules: each site owns its own
machines, and can set set policy over its own systems and users. Each
site can decide their own expiration policies, what other sites to accept
messages from, what control messages they will accept, and so forth;
however, it's generally much easier to have a standard set of rules to
work with, to improve efficiency and promote some level of consistency
across the network. These rules were designed by the system administrators
in charge of the systems that Usenet runs on and the users that Usenet
serves, in order to give a framework under which to run Usenet as a whole.
In short: the rules were made by your administrators and those that they
choose to listen to.

And if you have any problems with this, you should see if you can
make your administrators listen to you.


II. How do cancels work?
========================
A. What is control? control.cancel? How do I receive them?

control is a pseudo-newsgroup made up of all posts on a news
system containing the Control: header, which is used to create or delete
newsgroups, perform internal systems checks, cancel posts, and so forth.
It is mostly an administrative convenience.

On many systems, control is broken up into several components
automatically by the software. If this is true, there are several
newsgroups: control.newgroup (for the creation of new groups),
control.rmgroup (for the removal thereof), control.cancel (for cancel
messages), and so forth. If the software is configured this way, cancel
messages will appear in control.cancel.

All cancels are either recorded in control or control.cancel,
depending on the system type. If a post was cancelled recently enough, a
record of the cancel *will* be here - if there is no cancel in the group,
then either there was no cancel or the cancel message itself has expired
(see section I.B.).

Unfortunately, the latter situation has become more and more
common as time passes. Most major news servers have begun to expire
control messages after extremely short time periods, ranging from a couple
of days to a couple of hours; even the major Usenet search engines have
begun to cut short their cancel message archives. The rule of "no cancel
message, no cancel" still holds, but more burden for finding the cancel
message is being placed on the reader.

If you cannot read control (or control.cancel), ask your news
administrator for help.


B. What standards are there for cancelling posts?

When cancelling your own post, the only standards are the
software requirements, which should be done automatically by whatever
software you are using. Third-party cancels, however, have certain
standards that should be followed.

There are three main reasons for following these standards when
using third-party cancels. First is to identify the canceller, which
gives the practice accountability. The second is to make sure that a
particular message is only cancelled once. Finally, some news
administrators would rather not accept certain cancels, and a standard
will allow them to opt out of the system.

The first standard is simple to fulfill; all legitimate third-
party cancels include an "X-Cancelled-By:" header, containing the email
address where the canceller can be contacted. This also implies that the
canceller is willing to respond to comments and complaints; if the mail is
simply ignored, the canceller is violating this first standard.

The second problem is solved much more creatively. The $alz
convention (named after Richard Salz, the creator of INN), specifies
that the message ID for a cancel message prepend the message ID of the
original message with the string "cancel.". For example:

Original Message ID: <48u6e8$lqi@vixen.cso.uiuc.edu>
Cancel Message ID: vixen.cso.uiuc.edu>

The third problem, that of sites wanting to opt out certain
types of cancels, can be solved by adding certain "pseudo-sites" to the
path of the cancel; if a particular site wishes to not accept cancels
of that type, they can alias out that pseudo-site. For information on
how to do this, see section II.E.

The commonly accepted pseudo-sites are as follows:

cyberspam!usenet Spam/EMP cancels (universal)
spewcancel!cyberspam!usenet Spew cancels
mmfcancel!cyberspam!usenet Make.Money.Fast cancels
bincancel!cyberspam!usenet Binary (in a non-Binary group) cancels
adcancel!cyberspam!usenet Ad cancels (for the biz.* hierarchy only)
retromod!cyberspam!usenet Retro-Moderation cancels

The `!usenet' part denotes that something must come after that
part of the path; it is not strictly necessary for it to be `usenet'.
Multiple pseudo-sites may be used in one message.

For more information on cancel formatting, please refer to the
Newsgroup Care Cancel Cookbook by Rosalind Hengeveld <URL:http://www.
xs4all.nl/~rosalind/faq-care.html>.


C. What is the format of a cancel message?

Here's an example, a spam cancel by Chris Lewis, that follows
all of the standard conventions (plus a few extras), reformatted to fit
into 80 columns:
--
Date: 8 Jun 1997 15:43:37 GMT
Path: vixen.cso.uiuc.edu!ais.net!newsfeed.direct.ca!News1.Vancouver.iSTAR.net!
news.istar.net!n1van.istar!hammer.uoregon.edu!nrchh45.rich.nt.com!bcarh8ac.
bnr.ca!despams.ocunix.on.ca!cyberspam!not-for-mail
From: clewis@ferret.ocunix.on.ca (Chris Lewis)
Approved: clewis@ferret.ocunix.on.ca
X-Cancelled-by: clewis@ferret.ocunix.on.ca
Sender: Photorep45@ibm.net
Newsgroups: alt.recovery.aa
Subject: cmsg cancel <5ne625$f2b$25@news.internetmci.com>
Control: cancel <5ne625$f2b$25@news.internetmci.com>
X-No-Archive: Yes
X-Spam-Type: WOODSIDE
Lines: 7

WOODSIDE spam cancelled by clewis@ferret.ocunix.on.ca
Original Subject: Sell YourPhotosNYC.Agency
Total spams this type to date: 1.758
Total this spam type for this user: 1041
Total this spam type for this user today: 503
Originating site: internetmci.com
Complaint addresses: spamcomplaints@mci.net postmaster@mci.net
--

Points to note: the 'Sender' line matches the original author of
the message, while the 'From' line points at the canceller, as does the
'X-Cancelled-By' header. The Message-ID follows the $alz convention, and
the proper pseudo-site is present in the 'Path' header. It should also be
noted that the 'X-Spam-Type' and 'X-No-Archive' headers are optional, as
is all information in the body of the cancel.


D. Do all news sites accept cancels?

No. Many news sites have decided that, for whatever reason, they
do not want cancels; others merely do not want certain types of cancels.
Dave Hayes, for example, runs a "Site of Virtue", which not only ignores
cancels but drops them without distributing them; patches for INN to do this
are available from his Freedom Knights Homepage, at <URL:http://www.jetcafe.
org/~dave/usenet/>. America Online, Dejanews, Zippo, and many other news
sites do not honor cancels of any sort.


E. How do I alias out a pseudosite?

INN v1.5 and beyond include shunning mechanisms out of the box;
just edit the 'newsfeeds' file and follow the instructions from the
comments. Other, older news server software is less likely to include such
mechanisms.

(If anyone's got information for other news servers, I'd love to
include it.)



III. So your post was cancelled...
==================================
A. Why was my post cancelled?

It probably wasn't.

Unless you can find a copy of the cancel in control, it is very,
*very* unlikely that your post was actually cancelled. Before you begin
to worry about a forged cancel, figure out the expiration times for
articles on your system and note whether or not your newsreader just
refuses to show you articles marked as 'read'; these are the most common
causes for "missing" articles.


B. I have the cancel message right in front of me. Why was it cancelled?

Most cancels nowadays are for cleanup of various forms of net-abuse.
If you posted your message to too many places, or too many times, it will
generally be cancelled, regardless of the content of the post.

For details about what is cancelled and why, read news.admin.
net-abuse.usenet, or check the news.admin.net-abuse FAQ. Also, if you
received a mail on the subject from a spam cancellers, read it carefully;
it should probably explain why your message was cancelled.


C. But I wasn't doing anything wrong! Why was it cancelled?

There's still legitimate reasons beyond official net-abuse to
cancel posts.

o The moderator of a moderated newsgroup is permitted to cancel any
messages in his newsgroup that he does not approve of. There really
isn't much recourse in this case; it's pretty much impossible to
impeach a moderator, and the only thing you can really do about their
actions is complain for a while or make a competing group.

o Individual newsgroups and hierarchies, especially local hierarchies,
may have rules permitting them to cancel messages posted there. Again,
there isn't much you can do about these cases, beyond reasoning with the
administrators and/or not using the hierarchy.

o Your post may have inadvertantly triggered the searching criteria for
a continuing spam. If you contact the spam-canceller in such a case,
you can usually get your post re-posted and can be helped in making
sure it won't happen again.

o Your postmaster may have decided that they didn't like your post. In
this case, the only real recourse you have is to get a new service
provider.


D. Look, pal, I said I wasn't doing anything wrong, and I meant it. I
didn't break any rules that I can see. *Why was my post cancelled?*

I don't know.


E. *sigh* Then what do I do about it?

Post about it to news.admin.net-abuse.usenet. Make sure to
include the full headers and text of the cancel, an explanation of what
the article was about, and any possible motives for the cancelling that
you can think of. The administrators there will, if you're polite, try
to help.

For more information, read section V.

--
Copyright 1998, Tim Skirvin. All rights reserved.
<URL:http://www.killfile.org/faqs/cancel.html>

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Mon, 15 Sep 2008 00:45:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_3_4_258571271t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/cancel_messages_frequently_asked_questions_part_3_4_258571271t.html Posting-Frequency: monthly
Last-modified: 1999/09/30
Version: 1.75
URL: <URL:http://www.killfile.org/faqs/cancel.html>

Cancel Messages
Frequently Asked Questions
Part 3/4

This document contains information about cancel messages on Usenet, such
as who is allowed to use them, how they operate, what to do if your
message is cancelled, and the like. It does not contain detailed
instructions on how to cancel a third party's posts. It is not intended
to be a fully technical document; its audience is the average Usenet user,
up to a mid-level administrator.

This document is not meant to be a comprehensive explanation of Usenet
protocols, or of Usenet itself, but a basic knowledge of these concepts
is assumed. Please refer to news.announce.newusers, RFC1036, and/or
RFC1036bis if you wish to learn them.

Disclaimers: The information contained within is potentially hazardous;
applying it without the permission of your news administrator may cause
the revocation of your account, civil action against you, and even the
possibility of criminal lawsuits. The author of this document is in no
way liable for misuse of the information contained within, nor is he in
any way responsible for damages related to the use or accuracy of the
information. Proceed at your own risk.


Table of Contents > = In other parts of the FAQ
================= * = Changed since last update
>I. What are cancel messages?
>II. How do cancels work?
>III. So your post was cancelled...
>IV. What does it take to cancel messages?
>V. That idiot forge-cancelled my posts!
>VI. What moral issues are involved with cancel messages?
VII. What's going to happen to cancels in the future?
A. What are authenticated cancels?
B. Are there any other Usenet methods to delete messages?
C. Why are some people turning off cancels altogether?
D. What is NoCeM?
E. What is PGP?
VIII. What about these other things?
A. What is Lazarus?
B. What is Dave the Resurrector?
C. What was the Judges-L mailing list?
D. What is the UDP?
IX. What are the current cancel issues?
A. What are the cancel-on-sight rules?
B. Are HTML postings cancellable?
C. What happened to copyright cancels?
D. What should be done about unaccountable spam cancellers?
E. What should be done about open news servers?
F. How should hierarchies opt out of spam cancels?

Changes
To Do
Contributors
Pointers

>Appendix A: Dave the Resurrector
>Appendix B: Retromoderation


VII. What's going to happen to cancels in the future?
=====================================================
A. What are authenticated cancels?

Usenet was not built with security in mind; the fact that it's
relatively simple to forge a cancel proves this.

As time goes on, though, the need for security is becoming more
and more obvious. One way of making this security would be to change
the software to only accept cancels that include verification of a match
between the poster and the canceller; such verification might take the
form of a PGP-signature or some other similar method.

There have been many methods proposed to accomplish this; at
this point, none are in wide use. If anyone would like to write some
software to accomplish this, please do so, and discuss it on news.admin.
misc; the CancelMoose has a few suggestions for authenticated cancels on
his web page at <URL:http://www.cm.org/>.


B. Are there any other Usenet methods to delete messages?

Of course.

1. How does the Supersedes: header work?

Commonly used for periodic postings and other information
updates, the Supersedes: header replaces an old message with a new one.
It is especially useful for FAQ maintainers, who use it to replace old
versions of the FAQ with more up-to-date ones - this FAQ, for example,
uses it. To replace the message <4b6uce$ou7@vixen.cso.uiuc.edu>, you would
want to add the header:

Supersedes: <4b6uce$ou7@vixen.cso.uiuc.edu>

The use of Supersedes: is otherwise basically the same as a
cancel message, and third-party superseding should be treated the same
as third-party cancels.

2. How does the Expires: header work?

By adding the Expires: header to your post, you can override the
standard expiration time on most systems and make your message be deleted
from most systems at a time of your choosing. This is especially useful for
time-dated information and FAQs which are meant to be reposted on a regular
basis. If you want your message to expire at 7:50:06pm (PST) on 2/11/96, add
the following header (the format must be followed exactly):

Expires: Sun, 11 Feb 1996 19:50:06 PST

Your message should expire by this date. It may expire earlier,
depending on the system setup and expiry times.

3. What is the Also-Control: header?

The Also-Control: header acts just like a standard Control:
header, except that the post is also filed in whatever groups it was
posted to, as opposed to being filed in control. Otherwise, the two are
interchangeable, though the former is very rarely used.


C. Why are some people turning off cancels altogether?

Until authenticated cancels catch on, there are no options to
avoid forged cancels and allow unforged ones. One option, advocated by
a few, vocal people that don't want to allow such forgery, is to not
accept cancels at all. If you want to do so, you're welcome to, but it
probably isn't the best option, at least in the near future.


D. What is NoCeM?

NoCeM, pronounced "No See-Umm", is a piece of news software
written to mostly replace cancel messages. Instead of deleting the
messages automatically, NoCeM works by allowing anyone to send out a
message that basically states "you don't want to read this". Indiviual
news systems or users may then act on these messages as they see fit,
from deleting the messages or marking them as read, to merely ignoring
the advice altogether, to even marking those messages to be read as soon
as possible. The idea is being hailed as a worthy replacement for
third-party cancels by many news administrators, and it is slowly gaining
support.

CancelMoose (moose@cm.org) authored the client software, which is
currently available for most Unix clients that can use PGP (VII.E).
news.lists.nocem has been created for the distribution of NoCeM
messages; discussion of the protocol belongs in news.software.misc. For
more information on NoCeM, refer to the Moose's homepage at
<URL:http://www.cm.org/>.


E. What is PGP?

PGP stands for "Pretty Good Privacy", and is a greatly heralded
encryption program made for everyday use. It is at the heart of most
authenticated cancel schemes, NoCeM, and much other Usenet software.
Unfortunately, the import and export laws regarding the software vary,
making its availibility questionable in countries other than the USA.

PGP is a topic on its own, and as such has several FAQs of its
own, as well as several newsgroups. For more information, I recommend you
read one of these FAQs, such as the comp.security.pgp FAQ (availible at
<URL:http://www.pgp.net/pgpnet/pgp-faq/>).



VIII. What about these other things?
====================================
A. What is Lazarus?

Lazarus is a program written for use on alt.religion.scientology
by Homer Wilson Smith (homer@light.lightlink.com). It monitors control
and posts a message to a.r.s whenever it finds a message relating to the
group. The basic effect of this is that all cancels are *very* visible.

For more information on why this was necessary, refer to Ron
Newman's "The Church of Scientology vs the Net" page, at <URL:http://www2.
thecia.net/users/rnewman/scientology/home.html>.


B. What is Dave the Resurrector?

Dave the Resurrector is a program run in news.admin.* and several
other newsgroups that reposts cancelled articles. See Appendix A for
details on its creation and operation.


C. What was the Judges-L mailing list?

A while back, a guy named David Stodolsky decided that he was
going to be in charge of cancels on Usenet. He set up a mailing list to
this effect, Judges-L, and expected to start working.

The rest of the world didn't exactly want him to be Emperor of
Usenet.

After a short flamewar, an early FAQ on Cancel Messages was
written as a result of the Judges-L list; while technically accurate, it
had little influence on the creation of this FAQ. In the mean time, the
Judges-L list was dissolved; David Stodolsky is rarely seen on Usenet
anymore.


D. What is the UDP?

UDP stands for the "Usenet Death Penalty", the final weapon
against those that attempt to abuse Usenet. It is never entered into
lightly.

Originally, the UDP referred to auto-cancellation of all
messages from a certain site as a final solution to too much abuse. As
Usenet terms tend to change over time, the meaning mutated into meaning
to refer to the aliasing out of a certain site by many major sites, thus
"shunning" them off of Usenet. This latter method is now more commonly
called a "passive UDP", and is widely accepted as being only the decision
of the sites involved; the former has been renamed to "active UDP", and is
much more controversial.

Active UDPs are saved for those sites that absolutely refuse to
stop abuse from their systems. Sites which allow abuse of their system
for weeks straight are given warnings, culminating in a public discussion
of whether a UDP is warranted. If a consensus is reached that it is
necessary, the offending site is given a week to fix the problem - after
that, all articles from the site are automatically cancelled until the
abuse stops. All in all, this tactic is more politically than technically
effective, but that doesn't stop the mere threat of an active UDP from
being enough to make most ISPs clean up their act.

The ethics and morals of active UDPs are, of course, still in
debate.



IX. What are the current cancel issues?
=======================================
A. What are the cancel-on-sight rules?

If a message is guaranteed to be spam beyond the cancel thresholds,
anybody may issue a cancel for it - the problem comes with confirming that
the post is, indeed, beyond the cancel thresholds. Usually, this is done
automatically with scanning software by the major spam cancellers; they
are not perfect, however, and sometimes the software misses a few messages.
Individuals, however, must check the thresholds by hand - which takes a
great deal of time and effort.

To solve this problem, a certain class of spam has been declared -
cancel-on-sight. If a particular spam has stayed above a certain threshold
daily, and shows no signs of stopping in the immediate future, the spam is
declared cancel-on-sight - from then on, any instances of the spam may be
cancelled on sight, without requiring checking by the canceller, on the
theory that the spam must have passed the thresholds long ago.

Currently, the only spam declared cancel-on-sight is the ongoing
"Make Money Fast!" spam/scam in all its forms. Details for declaring
other spams cancel-on-sight are still being worked out in news.admin.
net-abuse.policy.


B. Are HTML postings cancellable?

Most modern web browsers allow for posting to Usenet; they also
generally offer an option to post messages in HTML, for easier viewing by
other browsers - at the expense of significantly larger post sizes and
much-increased difficulty of viewing by the rest of the Usenet community.
This poor mixing of HTML and Usenet has been fought tooth-and-nail by
Usenet readers, moderators, and administrators, but the postings continue.

One suggestion to stop HTML posting is to declare HTML posts to be
binary messages, and thus cancellable under the bincancel rules. This
idea has not been implemented, simply because HTML messages are *not* binary
messages, under current definitions, and if the definitions were changed
the consensus would probably disappear.

In short: no, postings are not cancellable merely for being in
HTML.


C. What happened to copyright cancels?

Copyright cancels were a rarely-used type of third-party cancel
where messages are cancelled for being copyright violations. The idea
behind the cancels was to stop the violations from spreading; cancels are
fairly ineffective in this respect, however, because not all sites honor
cancels. This ineffectiveness, combined with a desire by most news
administrators to stay out of legal matters, was enough to declare the
consensus regarding copyright cancels void. The only remedy for copyright
violations on Usenet has again become the real-world legal system.


D. What should be done about unaccountable spam cancellers?

The current winner of the "most cancels issued" award is Cosmo
Roadkill, a 'bot operated by "Uncle Roadkill" that single-handedly cancels
most of Usenet's spam. This was, for a time, considered a good thing;
still, the 'bot isn't perfect, and over time people have found more and
more problems with Cosmo. This too would be okay, except for one thing -
Uncle Roadkill never responds to complaints.

There still isn't really a true response to this issue, but at
least people are outraged.


E. Whae should be done about open news servers?

Most rogue cancel attacks on Usenet are performed using news
servers that allow public reading and posting. This was originally done
to allow an "open" Usenet, where people could read and post from other
servers to help guarantee better propagation and a nice atmosphere; now,
though, the potential for abuse is too great, and so most open news
servers are being shut down. This is generally considered a good thing.

There are, though, a few that will miss the old open system; as
such, there are still ideas floating around for how to allow those servers
to remain open and still not allow any significant abuse.


F. How should hierarchies opt out of spam cancels?

On July 18, 1998, the free.* hierarchy was recreated under the
theory of "no control, no cancels, no rmgroups". One of the unexpected
shocks caused by this creation was from the spam cancellers - they didn't
necessarily want to exclude free.* from their filters, and were outraged
that somebody would tell them what to do on the matter without even
discussing it ahead of time. Others responded that it was the cancellers'
responsibility to follow the wishes of the hierarchy, and that if they
wouldn't do so how were they better than the rogue cancellers?

While this particular flamewar finally burned out, the underlying
embers of the issue are still burning - how should hierarchies opt out
from spam cancels? Is it the responsibility of the cancellers to ask
permission to cancel the posts? Or must hierarchies request such things,
and work with the cancellers to ensure that it works?



Changes
=======
v1.0 -> v1.01 Updated the style slightly
Clarified the meanings of EMP and ECP
Added a section in I, "Where can I find cancel messages?"
Added some newsreaders' cancel buttons
v1.01 -> v1.1 Updated the addresses to have the HTML version
Got some information about CNews
Got approval for posting to news.answers
Fixed a few errors here and there
v1.1 -> v1.2 Added slrn to the newsreaders' cancel buttons list
Updated the section on NoCeM
Added a section on PGP
Made a few slight cosmetic changes
v1.2 -> v1.25 Added references to the Bincancel FAQ
Updated the definition of a spew
Added "unauthorized copyrighted material" to the list of
valid reasons for cancel messages (with disclaimers).
Added Agent's cancel button
Added a disclaimer for the CNews information
v1.25 -> v1.3 Added references to the Spam Thresholds FAQ
Added references to Dave Hayes' "Site of Virtue" page
Changed the definition of a 'spew'
Updated IV.E.
Added a section on the ellisd and pseudosite cancel
incidents
v1.3 -> v1.31 Updated the newsgroups, based on the recent news.admin.
net-abuse.* reorganization
Added a link to the news.admin.net-abuse homepage
Updated the cancelbot section to warn against publicly
distributed ones
Updated the information on the psuedosite cancel attack
v1.31 -> v1.4 Made lots of cosmetic changes
Removed invalid CNews information, updated INews aliasing
information
Virtually re-wrote IV.G.
v1.4 -> v1.5 Added an appendix on Dave the Resurrector
Jun 11, 1997 Added an appendix on Retromoderation
Updated the rogue cancellers section (V.D.)
Clarified the pseudosite section
Updated the 'format of a cancel' section (II.C.)
v1.5 -> v1.6 Updated I.C. and II.A. to reflect changes in finding
Dec 30, 1997 cancel messages
Removed section on copyright cancels in I.E., to follow
current consensus
Added some more readers' cancel buttons
Changed V.E. to not require me to give a full history of
spam cancellers throug the ages
Clarified and updated the UDP definition in VIII.D.
Added Section IX. on current cancel issues
Minor rewordings and updates in I.E., II.B., II.D., IV.B.,
IV.D., IV.E., IV.G., V.C., VII.B., VII.C.
v1.6 -> v1.7 Standardized the HTML tags to the standard in
Aug 10, 1998 the headers, I.C., II.D., VII.A., VII.D., VII.E., and
the links section.
Minor rewordings - IV.B., IV.G.2., IV.G.5., IV.G.7.
Added mention of server-side filtering in I.B.
Depreciated the value of RFC1036bis in I.E.
Updated the rules to include administrator preference -
for example, you can't cancel your posts in free.* even
if you want to - in I.E., along with a few other minor
wording changes.
Added another reader's cancel button.
Strengthened the X-Cancelled-By standard to require that
the address given must be read by its owner.
Reworded II.B.'s stuff on pseudosites a bit.
Changed around III.C. to be more clear on what to do with
moderators that are "abusing their authority".
Mentioned how uncustomizable freely available cancelbots
are in IV.E.
Strengthened the importance of responding to email about
your cancelbiot in IV.G.4.
Added "if one may cancel, all may cancel" to the list of
popular reasons to cancel in V.B.
Added "ignore the cancels" and "write and run a resurrection
'bot" to V.F.'s section on "what can I do?".
Mentioned that this FAQ is a good example of Supersedes:
and Expires: headers in VII.B.
Added IX.[D-F].
v1.7 -> v1.75 Reworded the expiration section of I.B.
Sep 30, 1999 Reformatted I.E., IV.G., appendix B, and V.D. to just plain
look nicer.
Changed the wording of I.E.1. to make it more obvious what
a first-person cancel actually is.
Updated the spewcancels section of I.E.3.
Significantly reworded I.H, IV.G.1 - 5
Added a section on NewsAgent to V.D.
Added Appendix C.

To Do
=====
At some point, there needs to be a version 2.0 of this FAQ. While
this will probably happen at some point in the future, it's not going to be
any time soon; as such, most of the real changes for the next while are going
to merely be cosmetic.

Still, for the future:

Fill in the technical sections in general, especially with other
software.
Add a section on things that *shouldn't* be cancelled, and why.
Expand the UDP and NoCeM sections a *lot*. Maybe they even deserve
their own FAQ...
Add a "spew" appendix.


Contributors
============
In creating this FAQ, I discovered one important thing: it's a
*lot* of work. These are the people that have helped me out in doing
it, with suggestions, moral support, or whatever.

Thank you all. I couldn't have done this without you. Literally.
And, if I missed anyone, don't hesitate to speak up...

Johann Beda j-beda@uiuc.edu
CancelMoose moose@cm.org
Ian Collier imc@comlab.ox.ac.uk
Peter Da Silva peter@taronga.com
Richard Depew red@redpoll.mrfs.oh.us
Frans P. de Vries fpv@xymph.iaf.nl
Ernie Diaz trebor@slip.net
Arnould Engelfriet galactus@stack.urc.tue.nl
J.D. Falk jdfalk@cybernothing.org
Follower of the Clawed Albino edmcdo01@terra.spd.louisville.edu
The Gentleman gentlman@alinc.com
Howard Goldstein hg@n2wx.ampr.org
Dave Hayes dave@jetcafe.org
Jim Hill jthill@netcom.com
Jonathan Kamens jik@mit.edu
Joshua Kramer jkramer1@swathmore.edu
Don Juneau djuneau@io.com
Tom Lewis thomas.lewis@me.gatech.edu
Chris Lewis clewis@ferret.ocunix.on.ca
Charles H. Lindsey chl@clw.cs.man.ac.uk
Guy Macon guymacon@deltanet.com
John Milburn jem@xpat.com
Bernhard Muenzer mue@gsf.de
Ron Newman rnewman@thecia.net
Matthew Paden mpaden@emory.edu
Joshua Putnam josh@wolfenet.com
John Rickard jrr@atml.co.uk
Chris Salter chris@loncps.demon.co.uk
Wolfgang Schelongowski [removed by request]
Bill W Smith Jr bill@srisoft.com
Keith Thompson kst@thomsoft.com
Jason Untulis untulis@netcom.com
Dimitri Vulis dlv@bwalk.dm.com
Matthew P Wiener weemba@sagi.wistar.upenn.edu
Michael Wise mjwise@unixg.ubc.ca
Patricia Wrean wrean@caltech.edu
Dick Yuknavech rey@mindspring.com


Pointers
========
For more information on cancel messages, or for information on
related issues, try checking some of the following pages:

Related FAQs
------------
news.admin.net-abuse FAQ
<URL:http://www.cybernothing.org/faq/net-abuse-faq.html>
Advertising on Usenet FAQ
<URL:http://www.danger.com/FAQs/advo.htm>

<URL:http://www.cs.ruu.nl/wais/html/na-dir/net-abuse-faq/spam-faq.html>
The Spam Thresholds FAQ
<URL:http://www.killfile.org/faqs/spam.html>
The Bincancel FAQ
<URL:http://www.geniac.net/bincancel/>
The Newsgroup Care Cancel Cookbook
<URL:http://www.xs4all.nl/~rosalind/faq-care.html>
The Moderated Newsgroups FAQ
<URL:http://www.swcp.com/~dmckeon/mod-faq.html>


Utilities
---------
Anti-Spam Software
<URL:http://www.exit109.com/~jeremy/news/antispam.html>
Apollo - News/INN, a set of news related utilities
<URL:http://www.backplane.com/news/>
Adcomplain shell script
<URL:http://www.rdrop.com/~billmc/adcomplain.html>
Purge-binaries, an anti-binary script
<URL:http://www.tju.edu/~theall1/tools/purge-binaries/>
NoCeM
<URL:http://www.cm.org/nocem.html>


RFCs
----
RFC 1036 -- Usenet Guidelines
<URL:http://www.cis.ohio-state.edu/htbin/rfc/rfc1036>
RFC 1855 -- Netiquette Guidelines
<URL:http://www.cis.ohio-state.edu/htbin/rfc/rfc1855>
RFC 1036bis (temporary)
<URL:http://www.killfile.org/faqs/rfc1036b>


Newsgroups
----------
news.announce.newusers
news.answers
news.admin.announce
news.admin.nocem
news.admin.net-abuse.bulletins
news.admin.net-abuse.email
news.admin.net-abuse.misc
news.admin.net-abuse.policy
news.admin.net-abuse.sightings
news.admin.net-abuse.usenet
news.admin.misc
news.groups


Additional/Other
----------------
Fight Spam on the Internet!
<URL:http://spam.abuse.net/>
The Jargon File
<URL:http://www.ctrl-c.liu.se/~ingvar/jargon/>
net.legends FAQ
<URL:http://www.killfile.org/faqs/legends.html>
news.admin.net-abuse homepage
<URL:http://www.killfile.org/~tskirvin/nana/>
The Free.* FAQ
<URL:http://www.killfile.org/faqs/free.html>
--
Copyright 1999, Tim Skirvin. All rights reserved.
<URL:http://www.killfile.org/faqs/cancel.html>

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Mon, 15 Sep 2008 00:45:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_wed_sep_10_13_02_25_2008_257375751t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_wed_sep_10_13_02_25_2008_257375751t.html
Sending mail to the from address of this post will automatically list you in the SORBS DNSbl as a spammer
To contact someone about this mail please post in "news.admin.net-abuse.email" with a subject starting
with "[SORBS]", or use the mailform at: http://www.dnsbl.sorbs.net/cgi-bin/mail

SORBS Listing Summary for the last 24 hour period follows:

Database Totals
===============

Unique HTTP based proxy server ports open: 26743
Unique SOCKS based proxy server ports open: 33831
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 6608
Unique Open Relay ports open: 56
Unique IP addresses blocked for sending or supporting spam: 691074
Unique hacked/insecure server ports (includes FormMail scripts): 1547852
Total Open Proxy Server ports: 67182
Total Blocked Ports/Addresses: 2306164

Database Totals for Removed/Closed ports
========================================

Unique HTTP based proxy server ports closed/unblocked: 191488
Unique SOCKS based proxy server ports closed/removed: 102507
Unique miscellaneous (ftp/telnet etc) proxy server ports closed/removed: 10407
Unique Open Relay ports closed/removed: 106
Unique IP addresses unblocked/removed from spam database: 1603
Unique hacked/insecure server ports closed/removed: 1748473

Additions/Updates for blocking in the past 24 hours
===================================================

Unique HTTP based proxy server ports open: 0
Unique SOCKS based proxy server ports open: 0
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 0
Unique Open Relay ports open: 0
Unique IP addresses blocked for sending or supporting spam: 0
Unique hacked/insecure server ports (includes FormMail scripts): 0
Total Open Proxy Server ports: 0
Total Blocked Ports/Addresses: 0


Additions/Updated (retested).
=============================


--
All postings to news.admin.net-abuse.bulletins are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

http://www.killfile.org/~tskirvin/nana/

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Tue, 09 Sep 2008 20:02:25 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_wed_sep_10_12_00_02_2008_257371399t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/sorbs_dns_blocklist_stats_wed_sep_10_12_00_02_2008_257371399t.html
Sending mail to the from address of this post will automatically list you in the SORBS DNSbl as a spammer
To contact someone about this mail please post in "news.admin.net-abuse.email" with a subject starting
with "[SORBS]", or use the mailform at: http://www.dnsbl.sorbs.net/cgi-bin/mail

SORBS Listing Summary for the last 24 hour period follows:

Database Totals
===============

Unique HTTP based proxy server ports open: 26743
Unique SOCKS based proxy server ports open: 33831
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 6608
Unique Open Relay ports open: 56
Unique IP addresses blocked for sending or supporting spam: 691074
Unique hacked/insecure server ports (includes FormMail scripts): 1547854
Total Open Proxy Server ports: 67182
Total Blocked Ports/Addresses: 2306166

Database Totals for Removed/Closed ports
========================================

Unique HTTP based proxy server ports closed/unblocked: 191488
Unique SOCKS based proxy server ports closed/removed: 102507
Unique miscellaneous (ftp/telnet etc) proxy server ports closed/removed: 10407
Unique Open Relay ports closed/removed: 106
Unique IP addresses unblocked/removed from spam database: 1603
Unique hacked/insecure server ports closed/removed: 1748471

Additions/Updates for blocking in the past 24 hours
===================================================

Unique HTTP based proxy server ports open: 0
Unique SOCKS based proxy server ports open: 0
Unique miscellaneous (ftp/telnet etc) proxy server ports open: 0
Unique Open Relay ports open: 0
Unique IP addresses blocked for sending or supporting spam: 0
Unique hacked/insecure server ports (includes FormMail scripts): 0
Total Open Proxy Server ports: 0
Total Blocked Ports/Addresses: 0


Additions/Updated (retested).
=============================


--
All postings to news.admin.net-abuse.bulletins are unconfirmed and
unverified unless stated otherwise by the moderators. All opinions
expressed above are considered the opinions of the original poster,
not the moderators or their respective employers.

http://www.killfile.org/~tskirvin/nana/

Posted In: news.admin.netabuse.bulletins

no comments

Reply

]]> Tue, 09 Sep 2008 19:00:02 PDT http://www.nnseek.com/e/news.admin.netabuse.bulletins/faq_current_usenet_spam_thresholds_and_guidelines_256600327t.html http://www.nnseek.com/e/news.admin.netabuse.bulletins/faq_current_usenet_spam_thresholds_and_guidelines_256600327t.html Posting-Frequency: weekly
Last-modified: 1998/11/10
URL: http://www.killfile.org/faqs/spam.html
Maintainer: tskirvin@killfile.org (Tim Skirvin)
Original-Author: clewis@ferret.ocunix.on.ca (Chris Lewis)

Current Spam thresholds and guidelines.

This article is intended to describe the current consensus spam thresholds
and ensure that the definitions of these terms are available and consistent.
It is believed that most, if not all, spam cancellers use these terms and
definitions in their work; however, many other people use the terms
inappropriately, which leads to confusion in discussions. This is an
informal FAQ aimed at clarity and understanding, not anal-retentive
correctness.

Excessive Multi-Posting (EMP) has the same meaning as the term "spam"
usually carries, but it is more accurate and self-explanatory. EMP means,
essentially, "too many separate copies of a substantively identical
article."

"Substantively identical" means that the material in each article is
sufficiently similar to construe the same message. The signature is
included in the determination. These are examples of substantively
identical articles:

- byte-for-byte identical messages
- otherwise identical postings minimally customized for
each group it app