Who is peering all these spams ostensibly from Google Groups?google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
<http://groups.google.com/g/comp.mobile.android>
In the past few weeks, what I'll call "indonesian" spam has been
increasing but not to the level of this "movie" spam which is now
hundreds per day (at least it is on the Android newsgroup).
While the headers look like they're coming from Google Groups,
I'm aware that headers could be forged such that it could be
coming from a rogue nntp server sending all this spam.
But then why are the reputable nntp news server admins peering
these spams?
I realize every line in the header can be spoofed (even the
path can have information injected into it), but I don't know
how to read headers well.
Is there any way to tell from the header who is peering them.
To help you answer this question, below are just 3 random spams.
========< cut here for random spams >========
X-Received: by 2002:a0c:ed31:0:b0:67a:b50a:cf46 with SMTP id
u17-20020a0ced31000000b0067ab50acf46mr63374qvq.7.1701623906718; Sun, 03
Dec 2023 09:18:26 -0800 (PST)
X-Received: by 2002:a05:6870:f293:b0:1fb:2688:896e with SMTP id
u19-20020a056870f29300b001fb2688896emr1145397oap.8.1701623906460; Sun,
03 Dec 2023 09:18:26 -0800 (PST)
Path:
.!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.
Newsgroups: comp.mobile.androidgoogle.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Date: Sun, 3 Dec 2023 09:18:26 -0800 (PST)
Injection-Info: google-groups.googlegroups.com;
posting-host=202.46.68.61;
posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S
NNTP-Posting-Host: 202.46.68.61
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d2da9b7d-4ac6-43dc-80e3-18962e6ccd5fn@googlegroups.com>
Subject: [.WATCH.] Renaissance: A Film By Beyoncé Watch (FullMovie)
Free Online ON STREAMINGS
From: Atto Lorse <attolorse@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:18:26 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 3761
Xref: . comp.mobile.android:110200
========< cut here for random spams >========
X-Received: by 2002:a05:6214:1fc4:b0:67a:262e:35b5 with SMTP id
jh4-20020a0562141fc400b0067a262e35b5mr642984qvb.9.1701622417293; Sun, 03
Dec 2023 08:53:37 -0800 (PST)
X-Received: by 2002:a9d:5cc6:0:b0:6d8:1345:7de4 with SMTP id
r6-20020a9d5cc6000000b006d813457de4mr1630461oti.7.1701622417090; Sun, 03
Dec 2023 08:53:37 -0800 (PST)
Path:
.!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.
Newsgroups: comp.mobile.androidgoogle.com!google-groups.googlegroups.com!not-for-mail
Date: Sun, 3 Dec 2023 08:53:36 -0800 (PST)
In-Reply-To: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com> Injection-Info: google-groups.googlegroups.com;
posting-host=118.179.109.17;
posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx
NNTP-Posting-Host: 118.179.109.17
References: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com> User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f09f38dc-333c-4e8a-81b0-d4d63760088bn@googlegroups.com>
Subject: Re: [.WATCH.] It Came from Dimension X Watch (.FullMovie.)
Free Online On STREAMINGS
From: Derrick Matthews <derrickmatthews946@gmail.com>
Injection-Date: Sun, 03 Dec 2023 16:53:37 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 5359
Xref: . comp.mobile.android:110194
========< cut here for random spams >========
X-Received: by 2002:a05:622a:103:b0:423:72a5:a7da with SMTP id
u3-20020a05622a010300b0042372a5a7damr969557qtw.8.1701624819984; Sun, 03
Dec 2023 09:33:39 -0800 (PST)
X-Received: by 2002:a9d:6a8f:0:b0:6d8:8052:2ec8 with SMTP id
l15-20020a9d6a8f000000b006d880522ec8mr627917otq.2.1701624819695; Sun, 03
Dec 2023 09:33:39 -0800 (PST)
Path:
.!news2.arglkargh.de!2.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:33:39 -0800 (PST)
Injection-Info: google-groups.googlegroups.com;
posting-host=93.177.75.198;
posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8
NNTP-Posting-Host: 93.177.75.198
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <fa356544-c7a3-4d01-bb73-58212af853b1n@googlegroups.com>
Subject: **Wish 2023 free '.Fullmovie.' Online English HD 720p, 480p
From: Raden Surya Sigadiraja <radensuryasigadiraja@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:33:39 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 16654
Xref: . comp.mobile.android:110202
--
TIA
More reason to depeer Google GRoups now!
I don't know what "depeer" means, but I suspect it means to nuke it.
Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it not?
For example, I'm assuming that none of this spam actually is coming from google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.
How can we tell who peered it first from the originating rouge nntp server?
Here's a thread which brought up the subject where each recipient has to figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.
So I 'suspect' that it's coming from a rogue nntp news server.
Which is why I'm asking the question that I'm asking.
Who is peering all these spams ostensibly from Google Groups?
The Doctor <doctor@doctor.nl2k.ab.ca> wrote
More reason to depeer Google GRoups now!
I don't know what "depeer" means, but I suspect it means to nuke it. Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it
not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>
I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this
spam?
But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.
For example, I'm assuming that none of this spam actually is coming
from google posters - I'm assuming it's all coming from a roge nntp
server who is impersonating a google groups poster.
How can we tell who peered it first from the originating rouge nntp
server?
The only reason I doubt this spam is coming from google users is
Google would put a stop to this - but it's been happening for weeks
on end.
Who is peering all these spams ostensibly from Google Groups?
On 12/3/23 14:29, Wally J wrote:
I don't know what "depeer" means, but I suspect it means to nuke it.
Depeering means to no longer carry any articles from a news server.
Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it
not?
It's relatively easy to filter out /everything/ from Google.
It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.
I don't know what "depeer" means, but I suspect it means to nuke it.
Depeering means to no longer carry any articles from a news server.
Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it not?
It's relatively easy to filter out /everything/ from Google.
It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.
For example, I'm assuming that none of this spam actually is coming from
google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.
Every single one that I've looked at the message /has/ /in/ /fact/
originated from Google and been sent out to Usenet at large.
How can we tell who peered it first from the originating rouge nntp server?
Google is the rogue NNTP server that is the source of the spam.
Here's a thread which brought up the subject where each recipient has to
figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
You suppose wrong.
The spam /is/ originating from Google.
The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.
HA! If only.
Google is an extremely bad for Usenet and an even worse steward for the Dejanews archive.
So I 'suspect' that it's coming from a rogue nntp news server.
You suspect wrong.
Which is why I'm asking the question that I'm asking.
Who is peering all these spams ostensibly from Google Groups?
Look at the Path: headers to answer your own questions.
Grant Taylor <gtaylor@tnetconsulting.net> wrote
Google is the rogue NNTP server that is the source of the spam.
I understand belatedly that you believe that - but how can you tell?
I can't tell.
About the only thing that can't be forged are sections of the path.
But they can 'inject' stuff into the path that is meaningless.
So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)
Look at the Path: headers to answer your own questions.
The PATH (read right to left of course) isn't meaningful when anyone clever can inject components into it.
I don't know what portion of the path is inviolable though.
Do you?
Assuming they're injecting into the path, what part of the path in the previously listed spams do you think are actually real?
What I'll do in a subsequent post is see if I can add that one line
to my header - and if I can - which I suspect I can - it's not reliable.
Assuming they're injecting into the path, what part of the path in the
previously listed spams do you think are actually real?
Look at the path on a random sampling of posts, they will likely come
into your news server from a variety of its peers. Look to see where the
path reconverges...
Are these "Google impersonators" going to go to the effort of spoofing
that many differing path components?
Removing the peering to google groups. Only server that currently peer
can do that.
If all of them removed the peering, post can't go from GG to other
servers and vice-versa.
Cutting out this spam should be as easy as not peering it - should it
not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>
It is possible to filter for injection-info.
Google Groups places a correct header and the path also matches that.
I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this
spam?
No, the problem is Google because Google doesn't stop people from
abusing their services.
But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.
Forging a path is possible, but rather unlikely.
Direct peers of GG can confirm that the path isn't forged.
For example, I'm assuming that none of this spam actually is coming
from google posters - I'm assuming it's all coming from a roge nntp
server who is impersonating a google groups poster.
Wrong summption.
How can we tell who peered it first from the originating rouge nntp
server?
You can find who peers if you write a script and extract the patrh
header and extract only the servers that are left of the googel groups
part.
Path: eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
E.g. news.highwinds-media.com peer with Google.
The only reason I doubt this spam is coming from google users is
Google would put a stop to this - but it's been happening for weeks
on end.
No, Google doesn't care about it. They also don't care about spam on
their web services nor abuse from their IP ranges hosted for others.
OK. Sorry for being dense. I am way behind but trying to catch up.
The solution can only be in this order (as far as I can tell).
1. Google
2. Peers
3. Users
I'm probably with most of you that nothing good ever came out of
a google groups post to Usenet
so working backward, the users
can all filter on the system "Injection-Info: header" (which
moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
prevented that (as they should).
I'm wary that they can set up their own rogue server to allow
spoofing of that header but then I defer to your experience
and your sensible logic above that they'd have to fool peers.
So I'll belatedly accept Google is letting this happen.
With that in mind, I'm willing to "complain" to google.
But of course, I don't have any special connections other than
I live close to Mountainview and some of my buddies used to work there.
The two questions would be to ask:
a. Who wants to try to complain to Google (I'll try), and,
b. Who can get a hold of the highwinds server (they suck).
Note that I don't think either will be all that fruitful.
But I wonder if it's only highwinds that sucks (I've dealt
with them in the past and they just ignored everything).
Other than having every user filter out a google injection info,
what else can we do to stop these hundreds of spams daily?
Hi Grant,
Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
been able to figure it out on my own.
Thanks for being nice about my faux
pas. It was stupid of me to not realize that's what it had meant.
Especially since that was my whole point.
How do you de-peer the spams (which I suspect are not coming from Google).
(EDIT: I see below that you suspect they _are_ coming from Google though.)
There are hundreds just today alone that anyone can see are clearly spam.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>
I am almost 86 so I lived through the days when we'd complain to a host
admin that someone spammed us once in a month or two, and then I lived through making my own procmail filters on SunOS, so I'm familiar with the fact that it's just plain stupid to filter out everything from Google.
People do it all the time.
But only stupid people do it.
A smart admin would have a smarter filter than "everything".
Worse....
I suspect NONE of this spam is actually coming from Google anyway.
(But I just saw below that you suspect they _are_ coming from Google.)
For a filter, it's the same thing of course, but isn't it different to an nntp server who can tell where it's coming from better than I can tell?
I'm sure that's why they seem to be changing up the subject, headers, from, injection information, etc. in those headers.
I'm almost certain (based on the modus operandi) that NONE of them are actually coming from Google servers but I saw below that you're sure they are, so I'd just ask how you know since almost everything in the header can be forged (as far as I know) except for the final path in the header.
Oh. Really? I didn't see this until now. I was pretty sure none was coming from Google simply because they'd put a stop to abuse pretty quickly you'd think. And this is clearly abuse.
Is there a way (that works) to _complain_ to Google about it?
Maybe they care?
I understand belatedly that you believe that - but how can you tell?
I can't tell.
Sure the message-ID is an indication.
And the newsreader. But that can be forged.
About the only thing that can't be forged are sections of the path.
But they can 'inject' stuff into the path that is meaningless.
So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)
We have to confirm if it's coming from Google because the solution then is
at Google whereas if they're just spoofing Google, the solution is
elsewhere.
By now I see that you feel strongly it's coming from Google.
But how do you know?
And more importantly, how does "de-peering" happen so that it stops?
I lived through DejaNews so I'm aware of what you say, and I certainly know
a google search on the real google.com is different in functionality than a search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at least DejaGoogle exists.
I use it only for a lookup/search/reference engine, which it's very good at but I wouldn't even think of posting using Google Groups for all the
reasons that nobody would be caught dead using AOL in the olden days.
OK. So you think it's coming from Google. And that means Google either doesn't know about it - or - Google isn't doing anything about it.
Is there any way to "complain" to Google to figure out which it is?
The PATH (read right to left of course) isn't meaningful when anyone clever can inject components into it.
I don't know what portion of the path is inviolable though.
Do you?
Assuming they're injecting into the path, what part of the path in the previously listed spams do you think are actually real?
Both servers the error below (which you knew but I did not).
"Posting article failed: Can't set system Injection-Info: header
Unless there's a compliant nntp server, I'll accept that the
Injection-Info header can't be (trivially easily) forged.
At least not with a simple "telnet newsserver 119" session.
Thanks for letting me know I can filter on that line.
But this is best taken up with the powers that be in this order.
1. Google
2. Peers
3. Users
The Doctor <doctor@doctor.nl2k.ab.ca> wrote
More reason to depeer Google GRoups now!
I don't know what "depeer" means, but I suspect it means to nuke it. >Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it not?
<https://i.postimg.cc/6pj29c6f/spam01.jpg>
I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this spam?
But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.
For example, I'm assuming that none of this spam actually is coming from >google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.
How can we tell who peered it first from the originating rouge nntp server?
Here's a thread which brought up the subject where each recipient has to >figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
Like this thread, posted today, trying to solve this exact problem.
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>
The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.
So I 'suspect' that it's coming from a rogue nntp news server.
Which is why I'm asking the question that I'm asking.
Who is peering all these spams ostensibly from Google Groups?
Just about everybody else I've talked to believes the messages originate
from Google.
I can't recall anyone actually saying that the messages originate elsewhere.
OK. Grant also said the spam is really coming from Google servers, which is disappointing at best, and almost criminal at worst - but it is what it is.
Certainly we can all blindly filter out EVERYTHING from Google Groups.
And maybe that's what we'll have to do as I don't think I've ever seen a Usenet post from a Google Groups' poster that held any pertinent value.
But before I do that, I still think there must be a better way, where what some people do on c.m.a is check a whitelist and then plonk if not in it.
But that's gonna be newsreader-specific code (unlike procmail was).
But maybe I can't. I don't know. I'm not all that clever.
But I know how to use Telnet so I can try it. Later.
Even so, any of us can filter it out but the problem is at the
peering, so now I understand the suggestion of "de-peering" better!
As I said, I'm astounded Google is allowing this to happen when
they won't even let me log into my long-time email from the VPN
service I've been using for years - but Google is Google after all.
If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
is truly coming from Google servers, then that's where the solution lies.
Even Google put his email on a suspension once I wrote a formal
letter which included the report to the FBI - but I don't know
what happened of it as they told me never to contact him ever.
That was hard enough.
It's even worse with Highwinds because I'm sure legitimate posters
must use it (do they?). If so, then highwinds can't be de-peered.
I was hoping it was someone reputable, like Steve or Jesse
or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.
Finally after many calls (it's essentially impossible to get someone unless you know someone who knows exactly the someone you need to talk to) I was able to get it fixed, but the elapsed time was months in between.
It might even be worse here because at least Google cares about Maps.
Does anyone know of a way to _complain_ about it that exists somewhere?
On 12/3/23 14:36, Grant Taylor wrote:
On 12/3/23 14:29, Wally J wrote:
I don't know what "depeer" means, but I suspect it means to nuke it.
Depeering means to no longer carry any articles from a news server.
Sometimes nuking is appropriate. Most of the time it's too drastic.
Cutting out this spam should be as easy as not peering it - should it
not?
It's relatively easy to filter out /everything/ from Google.
It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.
Yeah. I just filter everything from Google.
--
user <candycane> is generated from /dev/urandom
On 12/3/23 17:07, Wally J wrote:
Hi Grant,
Hi Wally,
Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
been able to figure it out on my own.
Apology returned to sender as unnecessary.
Thanks for being nice about my faux
pas. It was stupid of me to not realize that's what it had meant.
You're welcome.
I believe that people trying to engage in civil conversation deserve
civil responses.
I don't think stupid. If anything, unaware. But, you are now aware,
and therefor a little bit better off. :-)
Especially since that was my whole point.
;-)
How do you de-peer the spams (which I suspect are not coming from Google).
You don't de-peer individual messages. You de-peer ... peer news servers.
Few news servers directly peer with Google.
Most news servers peer with other news server(s) that eventually peer
with Google.
So the only way that most news server administrators have to de-peer
Google, in a manner of speaking, is to not allow messages from Google
into their news server.
(EDIT: I see below that you suspect they _are_ coming from Google though.) >>
There are hundreds just today alone that anyone can see are clearly spam.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>
Yep.
I am almost 86 so I lived through the days when we'd complain to a host
admin that someone spammed us once in a month or two, and then I lived
through making my own procmail filters on SunOS, so I'm familiar with the
fact that it's just plain stupid to filter out everything from Google.
I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
is a little bit different.
You may think it stupid that I have blocked all Google messages on my
server. But you are as free to have your opinion as I am to have mine. ;-)
The question is how much time is a news administrator willing to spend >combating spam before they block a site entirely?
Would you continue to accept messages from a small individual news
server if 1 in 1,000 server legitimate and the other 999 were blatant
spam? What if that was a university? What if it was google? What if
it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
when you would block an entire site because of the ratio of ham to spam?
Does the size of the site make any difference?
For me personally, I was spending an hour or more a day fighting Google
spam and only getting to enjoy participating in conversations like this
for about 15 minutes a day. After about two weeks of that, I decided to
try filtering Google for a few days to see what I thought of it. I've
got to say that I'm enjoying that 15 minutes on Usenet again and the
hour (plus) of time that I've gotten back every day.
Given that Usenet is flood full, all my peers that peer with someone
other than me can get their messages from Google another way.
I get to run my server the way that I want to. I choose to run my
server in a way that makes me happy, or at the very least doesn't
actively make me unhappy and want to shut it down.
People do it all the time.
But only stupid people do it.
I guess I'm a stupid person then.
A smart admin would have a smarter filter than "everything".
Worse....
I suspect you aren't intending to make a personal attack. But I'll ask
you politely to not insult people who make their own choice, even if you >don't agree with it.
I suspect NONE of this spam is actually coming from Google anyway.
(But I just saw below that you suspect they _are_ coming from Google.)
For a filter, it's the same thing of course, but isn't it different to an
nntp server who can tell where it's coming from better than I can tell?
NNTP servers have a modicum of trust in each other. As in only NNTP
peers are allowed to specify the Path header. Meaning that it's
considerably more difficult for a /client/ to provide a forged path.
All of the Google spam samples that I looked at had everything indicate
that it was from Google; Path, Message-ID, From, etc. -- I no longer
have any articles that originated from Google on my server as I had my
server search through nearly 28 million messages to remove any messages
from Google. -- That's how strongly I believe the spam originates from >Google.
Just about everybody else I've talked to believes the messages originate
from Google.
I can't recall anyone actually saying that the messages originate elsewhere.
There are those that keep an open mind and allow for the possibility
that they originate elsewhere.
Google is notoriously non-responsive for dealing with problems
originating from them into many ecosystems, Usenet is just the one being >discussed here.
As a former Google employee, I know how the people who supposedly are >responsible for -- what I call -- the Google Groups Usenet gateway treat
it at best as an also ran service.
Google has a quite bad reputation as being a source of spam in the email >community. All you need to do is look at the mailop / NANOG / Spammers
Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find >hundreds of people talking about Google being the source of spam email
and Usenet articles.
There is exceedingly little doubt that Google is a source of massive
amounts of spam.
I have not seen any evidence that supports that someone is trying to
frame Google by pretending to be them. -- I'd be quite curious to see
any such statements.
Google has responded to previous complaints about a few groups by making
them read-only. At which point the spammers shift to different
newsgroups. But this game of whack-a-mole is untenable and extremely slow.
While at Google I witnessed them take 18 months to halfheartedly and >ineffectively slow down, but not actually stop, spam originating from >calendar invites.
I experienced Google refusing to allow creation of new newsgroups for >something that had a long history and pattern of newsgroups. I was
ready to submit a change for the Windows 10 newsgroup to be created but
was told that my change would be rejected and to not bother. I asked
about the Firefox and Thunderbird newsgroups when Mozilla announced >discontinuation of their (outsourced) news servers and was told to not
even bother.
I wholeheartedly believe that Google /is/ the source of the spam that
appears to be from them and that they are not the victim of an attack.
I'm sure that's why they seem to be changing up the subject, headers, from, >> injection information, etc. in those headers.
I think one of the reasons that there are so many different clusters of >similarities is because there are so many spammers each sending their
own type of spam.
A quote from a well known science fiction movie comes to mind, "You will >never find a more wretched hive of scum and villainy." Mos Eisley^W^W
Google.
I'm almost certain (based on the modus operandi) that NONE of them are
actually coming from Google servers but I saw below that you're sure they
are, so I'd just ask how you know since almost everything in the header can >> be forged (as far as I know) except for the final path in the header.
I'd be very interested in how / why you are as certain that the messages >aren't originating from Google as I am that they are.
Please elaborate with a rebuttal to my comments above.
Oh. Really? I didn't see this until now. I was pretty sure none was coming >> from Google simply because they'd put a stop to abuse pretty quickly you'd >> think. And this is clearly abuse.
Google want's you to think that they put a stop to spam quickly. But in >effect, they don't. (See above about well respected places to see >complaints.)
Is there a way (that works) to _complain_ to Google about it?
Maybe they care?
I'm not aware of anything that works.
I understand belatedly that you believe that - but how can you tell?
I can't tell.
Deduction / accumulation of many observations / experience working with
the beast that is Google.
Sure the message-ID is an indication.
And the newsreader. But that can be forged.
The Path: header is quite a bit more difficult to forge without being a
news peer.
I'm not aware of any (reputable) news server daemon / configuration that >allows someone to spoof the Path: header.
Sure, news servers can feed peers spoofed Path: headers. But it's quite >difficult to do the original spoof without a corroborating news server.
I strongly suspect that if there was a corroborating news server / >administrator that was the source of the articles, the multiple people >spending hours a day fighting this blight would have identified it and >de-peered them without filtering Google.
The vast majority of people want to not filter Google. The sad reality
is that just about everybody has some point that filtering Google seems >reasonable to them. It's simply a question of what that point is. -- >There's a crude joke that finishes with "we've already established that,
now we're just negotiating price".
About the only thing that can't be forged are sections of the path.
Exactly.
But they can 'inject' stuff into the path that is meaningless.
As I indicated above, injecting something into the Path can only be done
by /news/ /servers/. It's not something that properly configured news >servers allow clients to do.
As such, the injection is not something that end users can do.
So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)
Deja vu. ;-)
We have to confirm if it's coming from Google because the solution then is >> at Google whereas if they're just spoofing Google, the solution is
elsewhere.
I hope that I've elaborated why I'm convinced that the spam is
originating at Google.
But I think it's worse than just needing to talk to Google.
At this point I believe that Google is actually complicit in their
negligent to do anything about it.
N.B. I don't consider making specific groups read-only in a game of >whack-a-mole to be sufficient.
N.B. I consider that Google's action of making some groups read-only to
be tantamount to admission that said group was a source of spam.
By now I see that you feel strongly it's coming from Google.
But how do you know?
Deja vu.
And more importantly, how does "de-peering" happen so that it stops?
There is actual de-peering wherein the news servers that are actually / >directly peered with Google turn off the connection with Google.
Then there is filtering like what some of us have done wherein we make
our down-stream servers simply refuse to accept any articles that come
from Google.
There are multiple ways to detect if an article comes from Google. The
best is to look for postnews.google.com and / or >google-groups.googlegroups.com in the Path. Some choose to filter based
on part of the Message-ID: header. Still others choose to filter based
on the From: email address.
I have configured cleanfeed on my news server to reject messages from >postnews.google.com and google-groups.googlegroups.com. As such, my
server is happy to have articles from @gmail.com email addresses. -- I >doubt that anyone will bother spoofing a Message-ID:. But I'm happy to
have @gmail.com users send email through non-Google news servers.
I lived through DejaNews so I'm aware of what you say, and I certainly know >> a google search on the real google.com is different in functionality than a >> search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at >> least DejaGoogle exists.
As time passes, more and more of the access to Usenet articles through
Google Groups is taken away.
I wanted to see if I could see the Path: for spam in Google Groups as it >would be remarkably short if the spam existed in Google Groups and was >originating in Google Groups. But, sadly, "Show original message" is
greyed out.
I use it only for a lookup/search/reference engine, which it's very good at >> but I wouldn't even think of posting using Google Groups for all the
reasons that nobody would be caught dead using AOL in the olden days.
In my not so humble opinion, AOL at it's worst still has a better
reputation than Google currently does amongst news and email administrators.
If Google wasn't as big as they are, more admins would have blocked them >already.
It is only Google's size that causes admins to hesitate.
OK. So you think it's coming from Google. And that means Google either
doesn't know about it - or - Google isn't doing anything about it.
I very strongly believe that it's the latter; Google isn't doing
anything (effective) about it.
Is there any way to "complain" to Google to figure out which it is?
I wasn't able to find anything effective while I was on the inside. In
fact, I was given -- let's go with -- the cold shoulder brush off and >actively discouraged to try to make things better.
The PATH (read right to left of course) isn't meaningful when anyone clever >> can inject components into it.
But my understanding and working premises is that /not/ /just/ /anyone/
can spoof the Path: header.
I don't know what portion of the path is inviolable though.
Do you?
Both all of it for the average user and none of it for a news administrator.
My working understanding / premises is that news servers do not accept a >Path: header from end users. News servers only accept Path: headers
from other news servers. The news server appends it's name / path to
the left side of the Path: header contents.
As such, the only way to get postnews.google.com and / or >google-groups.googlegroups.com into the path without actually passing
through it is for a news server, or someone with news peer level access.
As you can probably see from a number of newsgroups, the text-only news >server community is relatively small and cooperative as well as being
well motivated to stop the spam.
I remain convinced that if there was someone pretending to be Google >originating this spam, that the community would have an idea and would
be working to depeer them.
Assuming they're injecting into the path, what part of the path in the
previously listed spams do you think are actually real?
I have not seen any reason to doubt the Path: because of the special
nature of the Path: header.
Maybe I'm wrong. If I am, please correct / enlighten me. I'd like to
learn more.
But everything that I've experienced thus far either directly indicates
or supports that the spam is originating from Google Groups.
--
Grant. . . .
Thanks for letting me know I can filter on that line.
So ... does this mean that you are starting to think about filtering all messages from Google, at least in the newsgroup that you're interested in?
But this is best taken up with the powers that be in this order.
1. Google
Almost certainly deaf ears and / or don't care.
2. Peers
Likely deaf ears and / or don't care.
3. Users
Yep.
Users are left to clean up the mess that others make way too often.
And maybe that's what we'll have to do as I don't think I've ever seen a
Usenet post from a Google Groups' poster that held any pertinent value.
As I said elsewhere, I've had good conversations with people that post
to Usenet from Google Groups. It does happen.
But before I do that, I still think there must be a better way, where what >> some people do on c.m.a is check a whitelist and then plonk if not in it.
How complicated of a filter do you want to set up and maintain?
But that's gonna be newsreader-specific code (unlike procmail was).
Yep.
But maybe I can't. I don't know. I'm not all that clever.
But I know how to use Telnet so I can try it. Later.
Kudos for speaking NNTP via telnet. :-)
Even so, any of us can filter it out but the problem is at the
peering, so now I understand the suggestion of "de-peering" better!
The problem is Google.
Google is the singular source of the problem of spam from Google Groups.
The news servers / administrators peered with Google are less of the problem. They are simply trying to be a common carrier and carry all articles equally.
The peers aren't the source of the spam.
Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
with Google".
As I said, I'm astounded Google is allowing this to happen when
they won't even let me log into my long-time email from the VPN
service I've been using for years - but Google is Google after all.
Google has incentive to block you from using a VPN. I can't articulate
what that incentive is, but I understand that your use of a VPN
adversely impacts their business model.
If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
is truly coming from Google servers, then that's where the solution lies.
Yep.
Even Google put his email on a suspension once I wrote a formal
letter which included the report to the FBI - but I don't know
what happened of it as they told me never to contact him ever.
Sadly, I suspect it's going to take something like a police / FBI report
to get attention of the people you need.
That was hard enough.
Yep. Getting Google to stop spam that doesn't impact them in a segment
that they don't make any money from, that will be difficult.
This is especially true if Google is avoiding the backlash of shutting
down -- what I call -- their Google Groups Usenet gateway.
It's even worse with Highwinds because I'm sure legitimate posters
must use it (do they?). If so, then highwinds can't be de-peered.
HighWinds can be de-peered just like Google can be.
I was hoping it was someone reputable, like Steve or Jesse
or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.
If you want to get an individual person to rattle Google's cage, try to
get someone like Tavis Ormandy of Google's Project Zero.
Finally after many calls (it's essentially impossible to get someone unless >> you know someone who knows exactly the someone you need to talk to) I was
able to get it fixed, but the elapsed time was months in between.
That was for a broken routing issue.
Now just imagine for something that is working as intended / designed / configured.
It might even be worse here because at least Google cares about Maps.
Yep.
Does anyone know of a way to _complain_ about it that exists somewhere?
Nope.
The follow-on problem there is that in today's world, if your ISP
still offers usenet access, or if you subscribe to a commercial usenet provider, there's a high probability that what you're connecting with
is in reality nothing more than a front-end to
Highwinds/Abavia/Giganews.
HighWinds can be de-peered just like Google can be.
What is the problem here?Unwitting innocents falling foul of the backwash if we get to the point
On 12/3/23 18:07, Wally J wrote:
so working backward, the users
can all filter on the system "Injection-Info: header" (which
moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
prevented that (as they should).
I don't know how protected the Injection-Info: header is. There's a
good chance that it is as protected as the Path: header.
On 12/3/23 23:52, Grant Taylor wrote:
I don't know how protected the Injection-Info: header is. There's a
good chance that it is as protected as the Path: header.
Does that mean they are protected or aren't?
candycanearter07 <no@thanks.net> writes:
On 12/3/23 23:52, Grant Taylor wrote:They're non-modifiable by clients.
I don't know how protected the Injection-Info: header is. There's aDoes that mean they are protected or aren't?
good chance that it is as protected as the Path: header.
Grant Taylor <gtaylor@tnetconsulting.net> writes:
HighWinds can be de-peered just like Google can be.
The follow-on problem there is that in today's world, if your ISP still >offers usenet access, or if you subscribe to a commercial usenet
provider, there's a high probability that what you're connecting with is
in reality nothing more than a front-end to Highwinds/Abavia/Giganews.
At least users of Google Groups *know* they're using Google Groups, even
if they don't understand the distinction between that and usenet.
Grant Taylor <gtaylor@tnetconsulting.net> wrote
Thanks for letting me know I can filter on that line.
So ... does this mean that you are starting to think about filtering all
messages from Google, at least in the newsgroup that you're interested in?
Well, um, er... it's embarrassing, especially after I said it was stupid to >just filter out all Google Groups posts, but I've already implemented it.
So can I take my words back now? :)
I'm surprised you didn't ream me harder. Thanks for being nice about it.
But this is best taken up with the powers that be in this order.
1. Google
Almost certainly deaf ears and / or don't care.
Given Google won't even let me log into my own email account on VPN, I
wasn't prepared when I asked the question for the answer to be that google >isn't doing a thing about it. It wasn't one of the considerations I had.
I _still_ think if we get to the right people, we can get them to do >something about it. We just need a way to "tell them".
Tomorrow I'll call Mountainview (but I've been there, done that). The >operator must work on the side for the Gestapo as she'll never give you >anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.
2. Peers
Likely deaf ears and / or don't care.
That's the second shock. I was trying to think logically what the problem >was, assuming it was an accidentally opened window they were climbing in.
But if the window is left open on purpose, then that means the only avenue >left is for each user to filter it out (or for the responsible servers to).
Do I have my understanding correct yet that it's kind of like this?
1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.
Is that kind of how it works?
If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?
3. Users
Yep.
Users are left to clean up the mess that others make way too often.
Well. I just did it. I called it stupid. But I have to eat my words.
I thought the right answer was to ask Google to close the window.
Or, worst case, to ask peers to stop peering Google servers.
Now that I'm edified, I still think those are the right answers.
But they'll never happen (based on what folks told me).
So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info
So I picked the Injection info.
Luckily it's easy to do for all people on all newsreaders.
There's even a web site to help them do it.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
--
Usenet is a useful way to meet people who know more than I do.
OK. Thanks. I apologize for calling folks stupid as even I just now implemented regex filters to filter out _all_ Google Usenet posts.
It's stupid; but it's the easiest thing to do. I agree. I just did it.
So call me stupid. I get it now.
If people want to post to Usenet, they will just have to know to not use Google Groups to do it. That's the result. I'm filtering it now myself.
I apologize it took me this long to understand, but now I agree with all
the arguments that the news servers can't do much else given the newservers they peer with peer with Google, where de-peering isn't as easy as I had thought it would be.
It would have to be the news server doing EXACTLY what I just did.
Drop all messages coming from Google Groups users.
It's too bad _any_ news servers peer with Google then, it seems.
Namely Highwinds and Giganews (but I'm not sure which are the culprits).
Again, I am sorry I didnt' realize any of this when I had first posted.
It took me a bunch of articles to get up to speed where I see now why "my" solution will have to be to just filter them _all_ out at receipt. Sigh.
Luckily it's easy as there are at least three headers which are unique.
Injection-Info: google-groups.googlegroups.com...
Message-ID: <...@googlegroups.com>
User-Agent: G2/1.0
BTW, there's a project, I see, that tries to help users filter it all out.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
Thanks for your help.
My biggest hurdle was that I thought Google wouldn't
allow it, and that if it happened, they'd put a stop to it pronto.
I thought it was a fluke.
Someone slipping in an accidentally opened window.
One that Google would close the moment that they realized it was open.
Which is why I thought it more likely it went around Google.
But I have to agree with you that it's actually coming from Google.
Sigh.
I have friends who had worked there and they're all smart guys who know how to code well. They just have to be given the task by Google Management.
I'll ask Andy Burns to post his filters to the thunderbird newsgroup.
Here's a snippet of his conversation earlier today on comp.mobile.android
I have a separate address book called "google whitelist"
I put people in it of I know they're google groups users
I have a message filter that has two rules and two actions
IF "from" ISN'T IN ADDR BOOK "google whitelist"
AND message-id CONTAINS "@googlegroups.com"
THEN mark as read
AND add tag #6
That's thunderbird, I'm sure other clients can do similar
Well, see above. If we can get one person on each newsreader to post their "complicated" filter, then everyone benefits. But I get your point.
I, myself... don't feel like _writing_ a complicated filter.
Of course, I'll _implement_ one if someone gives it to me.
Likewise I think with many users.
But I get your point.
Thanks.
I had trouble believing that. But if they know about it, and don't do anything about it, then the problem _is_ google, I agree.
They make a newsgroup unusable without filtering them out.
Yes but. If the peers-with-google dropped their messages, maybe Google
would think twice? Dunno. I'll give Mountainview a call tomorrow.
Well, the solution, as I think everyone agrees, is for Google to do their job. I'm shocked, actually, that Google allows this. You're not. But I am.
Again, I will call Mountainview and try to get a human (fat chance).
They may give me a way though to file a complaint using my Google Account. That's how they fixed the Google Maps errors I had told them about.
That took 'em only a month - but I suspect this process will be longer.
If not forever.
Understood. The weird thing though is their coding is so sophomoric that it even blocks me when I post from a public library to a large group of my neighbors, but it doesn't block me when I post from home - but get this -
the same account posts to the same neighbors (so it's just bad coding).
Yeah. And that took a formal paper letter. They wouldn't accept anything
else but a letter with documentation (which wasn't hard to do but nowadays
we use email for almost everything).
Well, I'm glad the search engine exists,
and I've been a big proponent of
it for many years, as it's much better than some of the others, e.g., Narkives:
<https://news.admin.peering.narkive.com>
<https://news.software.nntp.narkive.com>
<https://comp.mobile.narkive.com>
etc.
I think it's highwinds and giganews but I don't know much about peering.
I don't think they'll ever let me get to a person inside without a person inside giving me the email, but I will try tomorrow but I don't expect a miracle.
Yeah. I know. Plus they care about Google Maps being correct.
DejaGoogle they don't (most likely).
Thanks for being nice to me, especially since I had barged in clueless.
If something comes of my call tomorrow, I'll let you know.
But I don't expect much (and I'm sure you expect even less than I do).
The follow-on problem there is that in today's world, if your ISP still offers usenet access, or if you subscribe to a commercial usenet
provider, there's a high probability that what you're connecting with is
in reality nothing more than a front-end to Highwinds/Abavia/Giganews.
Well, um, er... it's embarrassing, especially after I said it was stupid to just filter out all Google Groups posts, but I've already implemented it.
So can I take my words back now? :)
I'm surprised you didn't ream me harder. Thanks for being nice about it.
Given Google won't even let me log into my own email account on VPN, I
wasn't prepared when I asked the question for the answer to be that google isn't doing a thing about it. It wasn't one of the considerations I had.
I _still_ think if we get to the right people, we can get them to do something about it. We just need a way to "tell them".
Tomorrow I'll call Mountainview (but I've been there, done that). The operator must work on the side for the Gestapo as she'll never give you anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.
That's the second shock. I was trying to think logically what the problem was, assuming it was an accidentally opened window they were climbing in.
But if the window is left open on purpose, then that means the only avenue left is for each user to filter it out (or for the responsible servers to).
Do I have my understanding correct yet that it's kind of like this?
1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.
Is that kind of how it works?
If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?
Well. I just did it. I called it stupid. But I have to eat my words.
I thought the right answer was to ask Google to close the window.
Or, worst case, to ask peers to stop peering Google servers.
Now that I'm edified, I still think those are the right answers.
But they'll never happen (based on what folks told me).
So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info
So I picked the Injection info.
Luckily it's easy to do for all people on all newsreaders.
There's even a web site to help them do it.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
The difference being that Google Groups users know they're using Google Groups and make the conscious choice as to whether to continue to do so.
I don't think there is any shame in an ISP outsourcing some
services. They just need to own it and admit it.
On 12/4/23 03:08, Tom Furie wrote:
The difference being that Google Groups users know they're using Google
Groups and make the conscious choice as to whether to continue to do so.
Except the Google Groups users posting to comp.os.vms aren't posting
to a Google Group, they are posting to Usenet. They are experiencing
the very same thing you're lamenting, just the opposite side of the
same coin.
Can we get Highwindsto drop GG like a rock?
On 12/4/23 01:02, Wally J wrote:
I have friends who had worked there and they're all smart guys who
know how
to code well. They just have to be given the task by Google Management.
Google is now an institution and does what they think is best for them.
The "Don't" sign has fallen over and nobody has bothered to pick up the
mess.
Grant Taylor <gtaylor@tnetconsulting.net> writes:
On 12/4/23 03:08, Tom Furie wrote:
The difference being that Google Groups users know they're using Google
Groups and make the conscious choice as to whether to continue to do so.
Except the Google Groups users posting to comp.os.vms aren't posting
to a Google Group, they are posting to Usenet. They are experiencing
the very same thing you're lamenting, just the opposite side of the
same coin.
That's fair comment, but they *are* doing it through the Google Groups interface/infrastructure, and therein lies their choice.
Do you mean the "Don't be evil" sign? They took that down recently.
I _still_ think if we get to the right people, we can get them to do
something about it. We just need a way to "tell them".
I think it will actually take multiple people. The people to advocate
that there is a problem that needs to be fixed. The people with the
know how to fix the problem. The people to encourage management to
allow the people with the know how to fix the problem. The management
to listen.
Tomorrow I'll call Mountainview (but I've been there, done that). The
operator must work on the side for the Gestapo as she'll never give you
anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.
:-/
1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.
Is that kind of how it works?
Yep.
So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info
I take it that Path: wasn't an option for you?
I used Path: as cleanfeed on my news server has explicit support for
banning hosts in the Path: header.
If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?
Also true.
Giganews and Highwinds are in a somewhat unique position in that they
can literally de-peer Google as in remove the peering configuration for Google from their servers.
For the rest of us that don't actually peer with Google, "de-peer"
translates to filter.
I thought the right answer was to ask Google to close the window.
I think that it is the most proper / most direct thing to do. Sadly I
think it's the least likely to have any effect.
Absolutely you are correct. The only two headers that I'm aware of that are "harder" to spoof are the path (which I tested once with Frank Slootweg to see what we could inject into the path) and now I foound out the injection header also.
For the PATH: header, as I recall, long ago (depending on the server) we could inject stuff into it but at some point we lost control & the news server took it from here (and yes, I saw Wolfgang Weyand's response about
his warning on the default PATH settings allowing more freedom for that).
I'd have to look up NNTP as I don't do it often enough. But I used to
do SMTP / POP3 / IMAP weekly and sometimes daily at ${OLD_JOB}.
I find that I'm now occasionally speaking HTTP via telnet or via
OpenSSL's s_client for TLS.
Well, I'm glad the search engine exists,
Please don't get me started on their search engine.
I have a funny thing wherein I expect words that I search for to be in
the (cached version of) the results page.
I use `grep`, `find.exe`, and the likes frequently.
Yes but. If the peers-with-google dropped their messages, maybe Google
would think twice? Dunno. I'll give Mountainview a call tomorrow.
I suspect that there are multiple, if not many, in Google that would
think "finally, now we can kill that thing that we've been dragging
forward".
Again, I will call Mountainview and try to get a human (fat chance).
I suspect that you'll eventually get to a human if you try hard and / or
long enough.
I'll be surprised if that human is anything more than a complaints
department / yes person.
I'll be shocked if any good comes from your efforts. Unless you are the final straw that breaks the camel's back.
N.B. I don't believe that retroactively removing spam detected after the fact; e.g. NoCeMs, is viable. -- I applaud people's efforts. But
there are multiple down sides to that system, much of which is people's ongoing effort / time.
If people want to post to Usenet, they will just have to know to not use
Google Groups to do it. That's the result. I'm filtering it now myself.
That is the reality that is forming.
It's too bad _any_ news servers peer with Google then, it seems.
I don't object to the concept of peering with Google, or anyone else,
for that matter. I do object to continuing to peer with an organization
that is clearly a massive source of spam.
Namely Highwinds and Giganews (but I'm not sure which are the culprits).
Given the nature of Usenet's flood fill methodology, the articles will eventually make it if there is a path and a receiving news server
doesn't filter them.
Again, I am sorry I didnt' realize any of this when I had first posted.
It took me a bunch of articles to get up to speed where I see now why "my" >> solution will have to be to just filter them _all_ out at receipt. Sigh.
I consider that to be learning. You presented valid points / concerns
and you listened to responses. You then came to your own conclusion.
-- I wish a LOT more people would do the same in many aspects of life.
I would discourage filtering on Message-ID: and User-Agent: as I think
that they can much more easily be faked by end users. Maybe I'm wrong.
BTW, there's a project, I see, that tries to help users filter it all out. >> <http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
Yep. There's lots of effort to clean up the mess that emanates from Google.
I thought it was a fluke.
I wish it was a fluke. Or even a flash in the pan that Google was
/quickly/ reacting to.
Absolutely you are correct. The only two headers that I'm aware of that are >> "harder" to spoof are the path (which I tested once with Frank Slootweg to >> see what we could inject into the path) and now I foound out the injection >> header also.
For the record, I never "tested" spoofing the PATH header with you,
because - being an ex News admin - I knew the PATH header can't be
'spoofed' (read: preloaded) - by a newsreader user - on a properly
configured News server.
By that time, the News server(s) which *did* allow path preloading had probably already vanished and if it/they hadn't, I wasn't going to
mention its/their name(s).
For the PATH: header, as I recall, long ago (depending on the server) we
could inject stuff into it but at some point we lost control & the news
server took it from here (and yes, I saw Wolfgang Weyand's response about
his warning on the default PATH settings allowing more freedom for that).
A warning is always good, but I don't think there's currently any
legit server out there which allows path preloading.
doctor@doctor.nl2k.ab.ca (The Doctor) writes:
Can we get Highwindsto drop GG like a rock?
Unlikely. It seems (hearsay only, I have no direct experience) that
speaking to Highwinds is about as effective as speaking to Google.
What happened, years later, is I brought it up and you again refuted it.
Then I tested it in that rebuttal and that's when I learned what can and
can not be done with the path header, as _every_ other header tested in
that communication was fungible (time, date, newsreader, etc.).
I was able to inject stuff into the path, so I agreed with you that any header that is not fully controlled by the server, is fungible.
And we left it at that.
If we must, I'll dig up the cite as it was on the comp.mobile.android ng.
Wally J <walterjones@invalid.nospam> wrote:
[Much deleted.]
What happened, years later, is I brought it up and you again refuted it.
Then I tested it in that rebuttal and that's when I learned what can and >>can not be done with the path header, as _every_ other header tested in >>that communication was fungible (time, date, newsreader, etc.).
I was able to inject stuff into the path, so I agreed with you that any >>header that is not fully controlled by the server, is fungible.
And we left it at that.
Duh! The *point* is that - on a properly configured server - the PATH
header *is* "fully controlled by the server", so it's *not* "fungible".
So as usual a lot of talk, without specifics, let alone proof.
As I said, *some* rogue server(s) allowed preloading the path, so
obviously on that/those server(s) one was "able to inject stuff into the >path". But on a legit server, this was and is not possible.
[...]
Duh! The *point* is that - on a properly configured server - the PATH header *is* "fully controlled by the server", so it's *not* "fungible".
So as usual a lot of talk, without specifics, let alone proof.
As I said, *some* rogue server(s) allowed preloading the path, so
obviously on that/those server(s) one was "able to inject stuff into the path". But on a legit server, this was and is not possible.
If we must, I'll dig up the cite as it was on the comp.mobile.android ng.
Don't "dig up the cite", because that will be only more talk and no
proof, but post a cite which proves you "injected stuff into the path"
of a *legit* server *and* give the Message-ID of that cite.
Duh! The *point* is that - on a properly configured server - the PATHAs I said, I'll defer to your knowledge, Frank. Otherwise I have to dig up >the cites but all I want you to do is agree that we discussed this twice.
header *is* "fully controlled by the server", so it's *not* "fungible".
Now three times.
So as usual a lot of talk, without specifics, let alone proof.I'm deferring to you, Frank. I'm not disputing you. I'm only disputing your >comments that we didn't discuss this in the past (twice) - that's all.
As I said, *some* rogue server(s) allowed preloading the path, soAgain (and again and again), I'm agreeing with you Frank.
obviously on that/those server(s) one was "able to inject stuff into the
path". But on a legit server, this was and is not possible.
I never dispute facts. Only fools do that (that's why they're fools).
The only thing I disputed was your statement that we never covered this.
We did. Twice. Now three times.
That's all.
Frank, I'm one of the most logical and sensible people you'll ever have the >pleasure of speaking with anywhere - not just on Usenet - but anywhere.If we must, I'll dig up the cite as it was on the comp.mobile.android ng. >> Don't "dig up the cite", because that will be only more talk and noproof, but post a cite which proves you "injected stuff into the path"
of a *legit* server *and* give the Message-ID of that cite.
I look at facts and I assess those facts.
Empirically I test some of the facts.
My assessments are based on the facts.
I rarely guess.
I wouldn't have multiple graduate degrees, Frank, if I always guessed.
You can't pass those science & engineering tests by mere guessing, Frank.
My conclusions are always sound as long as the facts they're based on are. >And I'm not disagreeing with any fact you've presented other than the fact >that we discussed this problem in the past - twice - and now three times.
In _my_ tests, long ago (and one this week) many parts of the header were >fungible (which is why I told the moronic iKooks that the headers were not >inviolate and which is what you originally disputed (rightly so since
_some_ headers are inviolate but it was an off-the-cuff response to a moron >who wouldn't know a PATH: header from an Injection-Info: header.
Suffice to say I agree with you fully that it's a waste of time to even try >to spoof teh PATH: or Injection-Info: for someone like me who has no great >skills other than I can spoof the easy-to-spoof headers on most servers.
What are the easy-to-spoof headers on most nntp servers?
In my experience what the user can specify is usually something like
The subject
The references list
The time zone
The user agent (or newsreader)
The mime version
The character encoding
The message id
The from
The content type
Most X headers
XFaces
That's all I can think of, offhand, but notice I didn't put the path in
that since it shouldn't be fungible for a reasonably well set up server.
probably a dumb question, but could a rogue server make article path
headers appear to be downstream from "googlegroups" as the beginning
in a path, when in fact it might not be, but was somehow modified in
order to hide the actual source, e.g. this hypothetical path example:
Frank Slootweg <this@ddress.is.invalid> wrote
Duh! The *point* is that - on a properly configured server - the PATH header *is* "fully controlled by the server", so it's *not* "fungible".
As I said, I'll defer to your knowledge, Frank. Otherwise I have to dig up the cites but all I want you to do is agree that we discussed this twice.
Now three times.
Frank, I'm one of the most logical and sensible people you'll ever have the pleasure of speaking with anywhere - not just on Usenet - but anywhere.
I look at facts and I assess those facts.
Empirically I test some of the facts.
My assessments are based on the facts.
I rarely guess.
Wally J <walterjones@invalid.nospam> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote
Duh! The *point* is that - on a properly configured server
- the PATH header *is* "fully controlled by the server", so
it's *not* "fungible".
As I said, I'll defer to your knowledge, Frank. Otherwise I
have to dig up the cites but all I want you to do is agree
that we discussed this twice.
Now three times.
You didn't say we discussed this - which indeed we did - but
said we *tested* this:
Absolutely you are correct. The only two headers that I'm aware
of that are "harder" to spoof are the path (which I tested once
with Frank Slootweg to see what we could inject into the path)
and now I foound out the injection header also.
</WJ>
I objected to *that*, hence I wrote:
For the record, I never "tested" spoofing the PATH header with
you, because - being an ex News admin - I knew the PATH header
can't be 'spoofed' (read: preloaded) - by a newsreader user -
on a properly configured News server.
</FS>
On 6 Dec 2023 09:41:51 GMT,
Frank Slootweg <this@ddress.is.invalid> wrote:
Wally J <walterjones@invalid.nospam> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote
Duh! The *point* is that - on a properly configured server
- the PATH header *is* "fully controlled by the server", so
it's *not* "fungible".
As I said, I'll defer to your knowledge, Frank. Otherwise I
have to dig up the cites but all I want you to do is agree
that we discussed this twice.
Now three times.
You didn't say we discussed this - which indeed we did - but
said we *tested* this:
Absolutely you are correct. The only two headers that I'm aware
of that are "harder" to spoof are the path (which I tested once
with Frank Slootweg to see what we could inject into the path)
and now I foound out the injection header also.
</WJ>
I objected to *that*, hence I wrote:
For the record, I never "tested" spoofing the PATH header with
you, because - being an ex News admin - I knew the PATH header
can't be 'spoofed' (read: preloaded) - by a newsreader user -
on a properly configured News server.
</FS>
Piping up with some trepidation, but feel a need to point out it
may depend on how one interprets "which I tested once with Frank
Slootweg." Wally did say *he* tested it, and the "with" part is
perhaps ambiguous. For example, it could mean "taking into
account input from discussions with Frank." Of course, it could
also mean the testing was done with Frank, which seems to be not
the case.
Ted out.
On 12/5/23 23:31, D wrote:
probably a dumb question, but could a rogue server make article path
headers appear to be downstream from "googlegroups" as the beginning
in a path, when in fact it might not be, but was somehow modified in
order to hide the actual source, e.g. this hypothetical path example:
I think that a rogue server that peers with other servers would be
allowed to present anything that the rogue server wanted to in the articles.
Well, save for things that the receiving server would (should) reject;
e.g. anything pretending to be the receiving server.
That being said, I don't think that this is very likely as I suspect it
would be a matter of (short amount of) time before this was detected and
UDP applied to said rogue server.
Of course, someone has to peer it, for us to end up seeing it
Of course, someone has to peer it, for us to end up seeing it
The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.
The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.
In article <ukqdcg$3ev56$1@novabbs.org>, Patrick <patrick@oleary.com> wrote: >>On 6/12/2023, Wally J wrote:
Of course, someone has to peer it, for us to end up seeing it
The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.
And Giganews as well!
Ted Heise <theise@panix.com> wrote:
On 6 Dec 2023 09:41:51 GMT,
Frank Slootweg <this@ddress.is.invalid> wrote:
Wally J <walterjones@invalid.nospam> wrote:
Frank Slootweg <this@ddress.is.invalid> wrote
Duh! The *point* is that - on a properly configured server
- the PATH header *is* "fully controlled by the server", so
it's *not* "fungible".
As I said, I'll defer to your knowledge, Frank. Otherwise I
have to dig up the cites but all I want you to do is agree
that we discussed this twice.
Now three times.
You didn't say we discussed this - which indeed we did - but
said we *tested* this:
<WJ>
Absolutely you are correct. The only two headers that I'm aware
of that are "harder" to spoof are the path (which I tested once
with Frank Slootweg to see what we could inject into the path)
and now I foound out the injection header also.
</WJ>
I objected to *that*, hence I wrote:
<FS>
For the record, I never "tested" spoofing the PATH header with
you, because - being an ex News admin - I knew the PATH header
can't be 'spoofed' (read: preloaded) - by a newsreader user -
on a properly configured News server.
</FS>
Piping up with some trepidation, but feel a need to point out it
may depend on how one interprets "which I tested once with Frank
Slootweg." Wally did say *he* tested it, and the "with" part is
perhaps ambiguous. For example, it could mean "taking into
account input from discussions with Frank." Of course, it could
also mean the testing was done with Frank, which seems to be not
the case.
Yes, I know what he wrote was ambiguous (and I'm sure purposely so),
that's why I removed the ambiguity with my "For the record, I never
"tested" ..." response. But he didn't get that (or rather he chose not
to get it).
Ted out.
Well, you did this time [1]. Guessing what you wrote, instead of knowing/checking what you actually wrote, despite my clue-by-four.
Does _every_ post have to be vetted by your lawyer before you accept
that Usenet is a colloquial medium - and not peer-reviewed research?
Please send me the email of your lawyer so he can vet this next post.
A. First, I had responded to an iKook who claimed the newsreader
header was inviolable, and Frank vehemently and repeatedly
disputed that the headers could be munged at all.
Patrick wrote:
The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.
Remember, the choice to carry a feed or not is up to each news server administrator.
This applies to all server administrators.
If one server administrator wants to carry news from a spammy source,
that's their prerogative just like it's other news administrators
prerogative if they want to carry news from the previous news administrator.
I find it entertaining how quickly I've seen things progress along the
line from "YOU CAN'T FILTER" to "complain to the admin that isn't
filtering (Google)".
a. I was corrected numerous times, Frank, e.g., by Grant Taylor.
who can't handle being corrected
a. I was corrected numerous times, Frank, e.g., by Grant Taylor.
Hey now, don't bring me into this. I have a reputation to hold down.
I can respect that
Wally J <walterjones@invalid.nospam> wrote:
Sn!pe <snipeco.2@gmail.com> wrote
I can respect that
Your OT trolling (& personal attacks) attempting to derail this thread are >> duly noted; but what you should be respecting is the topic of this thread. >>
Who do you think is peering all these spams coming out of Google?
We've noted giganews, individual and highwinds so far, but there are more. >>
Who else have you found to be peering spam emanating from Google groups?
And what do you think the best solution might be to protect the fragile
deja google search engine (which is very useful for millions of lookups)?
IMO the DejaNews archive is so debased that it's next to useless.
I take a simple approach to Googlespam - I mark all GG posts as
read unless I have the poster whitelisted. Life is too short to
play whack-a-mole.
I'm sorry if you perceive my respectful comments (which you have
declined to quote) as abusive. I assure you that I am not trolling.
I had a comment to make, I made it, and now I am perfectly content
to disengage. Feel free to have the last word, Wally.
--
^Ï^. Sn!pe, PA, FIBS - Professional Crastinator.
My pet rock Gordon just said "Don't Be Evil!"
Google Groups articles are not seen here unless poster is whitelisted.
I wonder if a class action lawsuit against Google would get their attentino.
On 12/7/23 06:20, The Doctor wrote:
I wonder if a class action lawsuit against Google would get their attentino.
I'm quite certain that it would get the lawyercats attention.
I don't know what the result of that attention would be. I think it's a >three way split between more of what they are doing now (marking some
groups read-only), actually fixing the spam (to a very large degree), or >termination of the Google Groups Usenet gateway.
--
Grant. . . .
Grant wrote:
Patrick wrote:
The news.dizum.net admin is peering all of that Google spam.
Whoever that server admin is, he needs to get a knock at his door.
Remember, the choice to carry a feed or not is up to each news server
administrator.
This applies to all server administrators.
If one server administrator wants to carry news from a spammy source,
that's their prerogative just like it's other news administrators
prerogative if they want to carry news from the previous news administrator. >>
I find it entertaining how quickly I've seen things progress along the
line from "YOU CAN'T FILTER" to "complain to the admin that isn't
filtering (Google)".
Yes! ROTFL.
dizum has an anonymity agenda. Although YMMV, an excerpt of pertinent
dizum headers tells /me/ everything there is to know about dizum:
Path: sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
Injection-Info: sewer.dizum.com
Besides dizum, many other news hosts also peer with google-groups.
###
On another note, a change in my own news host's pseudo peers now
provides a proper Path: to implement Stéphane's suggestion:
$BADPATHS=google-groups.googlegroups.com
ME/$BADPATHS:::
Don wrote:
Don wrote:
dizum has an anonymity agenda. Although YMMV, an excerpt of pertinent
dizum headers tells /me/ everything there is to know about dizum:
Path: sewer!news.dizum.net!not-for-mail
Organization: dizum.com - The Internet Problem Provider
Injection-Info: sewer.dizum.com
Besides dizum, many other news hosts also peer with google-groups.
There's one more thing - dizum is a remailer. And, although it offers a >>mail2news gateway, it is not a news host.
news.dizum.net
Bless you for setting me straight! It makes me very happy to discover the dizum newshost. It will be immediately put to good use.
news.admin.peering re-added to header in case anyone encounters my bad
info in the group at a later date.
I just checked & dizum today is 95.5% Google
spam (1687 new articles, 9 of which made it past my google spam filter).
On 2023-12-06 21:22, micky wrote:
Wow, just now 25 real posts and 2600 spam. Thank goodness for filters.
Where? I only saw one or two, in this group at least.
Don't you understand how it works?
It depends whether your service provider is filtering or not.
My goodness, Carlos!
Do you really think I didn't know?
You are a fun spoiler.
On News.Individual.Net there are big holes in the article number
ranges, i.e. where the spam articles were before they got (locally)
canceled.
For safety reasons, I pull only 50 articles at a time, but because of >>> the holes, each pull actually pulls only a few or no articles.
Because today my own posts from yesterday appeared, I found out that
my pulls have a backlog of some 2000 (mostly non-existing) articles.
So if I'm slow in responding, you know why! :-) Just blame Google
(Groups).
Two or three times, start of day, machine booted or coming from
suspend/hibernation, Thunderbird asks for permission to download 3000
headers. But then just a few actually show up.
Maybe TB is just looking at the index number, and as you say, there are
holes.
Trying to load 3000 articles is probably enough. Over the past few
days, I've seen article number deltas of some 2000 per day.
A newsreader can only ask for headers by article numbers, because
while it does know past article numbers (and so can ask for the next
ones), it does not know the message-ids of the next ones (because the message-ids are in the headers which it still has to fetch).
So the newsreader only gets the headers for the articles which
actually exist, not for the (spam) articles which have been (locally) canceled by the news server.
So your 3000 headers at a time works for you.
I OTOH have to do it bit by bit, because my local news server
(Hamster) does the fetching of headers and articles and I do not want to
risk loading *other* (than this GG) 'spam', because I keep my groups 'forever' (currently upto some 20 years) and Hamster has no way of
deleting (local cancel) already received articles, so this spam would
forever pollute my local news server (and hence its disk space, backup, etc.).
I don't know what the result of that attention would be. I think it's a >>three way split between more of what they are doing now (marking some >>groups read-only), actually fixing the spam (to a very large degree), or >>termination of the Google Groups Usenet gateway.
So a win for the complainant.
The Doctor <doctor@doctor.nl2k.ab.ca> wrote
I don't know what the result of that attention would be. I think it's a >>>three way split between more of what they are doing now (marking some >>>groups read-only), actually fixing the spam (to a very large degree), or >>>termination of the Google Groups Usenet gateway.
So a win for the complainant.
It seems pretty clear now, even as it wasn't at all clear to me in the >beginning that what you guys knew is most likely the situation here.
1. Google is (knowingly?) allowing their users to create this spam
2. Google doesn't seem to care some newsgroups are now 95.5% spam
3. People can complain to the Google Groups Usenet portal if they like
<https://groups.google.com/g/google-usenet/about>
4. But that's about it for what you can realistically do with Google
(don't even think about calling them at 650-253-0000 as I've tried)
5. The suggestion of "de-peering" needs to be directed to some servers
(most notably which seem to be highwinds, giganews & individual)
If someone can post the 'de-peering' contacts for those three servers,
then maybe we can send them a message letting them know of the problem.
--
"*Contact Owners and Managers of Google Usenet*"
Google Usenet (google-usenet@googlegroups.com) <https://groups.google.com/g/google-usenet/about>
5. The suggestion of "de-peering" needs to be directed to some servers
(most notably which seem to be highwinds, giganews & individual)
If someone can post the 'de-peering' contacts for those three servers,
then maybe we can send them a message letting them know of the problem.
The bad news servers, apparently, are these three, in order (AFAIK):
1. Highwinds
2. Giganews
3. Individual
But I could be wrong on that as I don't know nntp like Frank Slootweg does.
These three news server admins are, in a word, complete assholes.
1. Highwinds
2. Giganews
3. Individual
Wally J <walterjones@invalid.nospam> wrote:
5. The suggestion of "de-peering" needs to be directed to some servers
(most notably which seem to be highwinds, giganews & individual)
If someone can post the 'de-peering' contacts for those three servers,
then maybe we can send them a message letting them know of the problem.
We follow the discussion here and are aware of the Google spam problem. We also have some anti-spam measures for our reader servers. But it is really easy to find our contact address (news@individual.net) on https://news.individual.net/
In the past, issuing a UDP¹ has often not been particularly successful.
Heiko (for Newsmaster-Team of individual.net)
¹ https://en.wikipedia.org/wiki/Usenet_Death_Penalty
Heiko Schlichting <heiko@cis.fu-berlin.de> wrote
Oh wow! Brian Gregory was _correct_ about your service, Mr. Schlichting!
<https://groups.google.com/g/news.admin.peering/c/xxniDVj3ArI/m/WfJqjUVPAQAJ>
Unfortunately, only moments before I saw your article above, I posted this (which I now belatedly would wish I had learned how to _cancel_ years ago).
<https://groups.google.com/g/news.admin.peering/c/AgrNUeZuAkw/m/wjFb9mb3AAAJ>
I will issue a humble but well-intended sincere retraction of my
deprecating comments about you (where I had accidentally lumped you into
the same category as the news server admins for Highwinds & Giganews).
I have no indication that News.Individual.Net is a direct peer (of
Google Groups), but also no indication of the contrary.
You owe the admin(s) of News.Individual.Net an apology and quick smart
too!
Frank Slootweg <this@ddress.is.invalid> wrote
I have no indication that News.Individual.Net is a direct peer (of
Google Groups), but also no indication of the contrary.
I will now, belatedly, agree with Frank Slootweg that the admins of News.Individual.Net have responded just recently that
a. They're aware of the issue
b. They care, and,
c. They're doing something about it.
I apologize for deprecating them, which was based on my lack of information about them. Mea culpa.
You owe the admin(s) of News.Individual.Net an apology and quick smart too!
Thank you Frank for suggesting that apology, which, you'll note, was quick smart sooner than you even could think imaginable, as you know me well in that I am always ready to admit my mistakes when I make them (and I do).
It was my mistake alone to lump the admins of Individual with the likes of Highwinds (whom I've never gotten any response to in _many_ requests) and Giganews.
I apologize directly and humbly and sincerely to the Individual.net admins. (If I knew how to cancel via telnet, I would try it if it's possible.
Very few - if any - News servers honour cancel commands/control-messages from users (or other servers for that matter). Way too easy to abuse.
For all intents and purposes, cancels do not work. (They only worked in
The Good Old Days (TM), when everybody was still behaving.)
Wally J <walterjones@invalid.nospam> wrote:
[...]
The iKooks are, by way of stark contrast, _never_ purposefully helpful.
They're the antithesis of me, which is why I despise their very existence. >> They wouldn't stick out a finger to help anyone - and - in fact - they'd go >> well out of their way to make life miserable for any innocent poster here. >[...]
Wally J, you are either trolling or just very rude; which is it?
I have no indication that News.Individual.Net is a direct peer (of
Google Groups), but also no indication of the contrary.
D <noreply@mixmin.net> wrote:
On Mon, 11 Dec 2023 00:05:34 +0000,
snipeco.2@Use.Reply-To.Address.invalid (Sn!pe) wrote:
Wally J <walterjones@invalid.nospam> wrote:
[...]
The iKooks are, by way of stark contrast, _never_ purposefully helpful. >> >> They're the antithesis of me, which is why I despise their very existence.[...]
They wouldn't stick out a finger to help anyone - and - in fact - they'd go
well out of their way to make life miserable for any innocent poster here.
Wally J, you are either trolling or just very rude; which is it?
as an amateur and outsider to any of these high-level discussions among
professional news server administrators, it does seem peculiar that the
op of this burgeoning thread message-id ukinav$m4i7$1@paganini.bofh.team
seems prolific yet discourteous for such an elderly and experienced soul;
exactitude should be the minimum standard for discussing important topics
I too am only an amateur but interested lurker; I've read the whole of
nap and nsn for several months before "Wally J" began this thread.
I note that it was "Wally J" who added the crosspost to >misc.phone.mobile.iphone three articles upthread from this one.
Message-ID: <ul51vm$2k18f$1@paganini.bofh.team>
While I have no concrete evidence other than style, IMO it's Arlen.
News.Individual.Net is handled on our reader servers. The peering with
Google takes place on our feeder server (newsfeed.fu-berlin.de) which is operated by the same news admin team. So we are responsible for the
peering, but not for the Spam itself.
We do care about the Spam flood posted via Google Groups
but as a German state university we do not have any influence on Google.
But - if necessary - we would stop our long time peering with Google.
Unfortunately,
as an isolated action, this doesn't make a positive difference. We will continue to follow the discussion here closely.
Again, I would hope, that as a peer, you might be able to contact
someone in Google and get them to try to stem the tide.
hailing the google ghost ship
On 12/11/23 08:24, D wrote:
hailing the google ghost ship
I like that description. "Google ghost ship" and "hailing" seem to be
apt descriptions that match my opinion of the situation.
On 12/11/23 02:40, Heiko Schlichting wrote:
News.Individual.Net is handled on our reader servers. The peering with
Google takes place on our feeder server (newsfeed.fu-berlin.de) which is
operated by the same news admin team. So we are responsible for the
peering, but not for the Spam itself.
ACK
We do care about the Spam flood posted via Google Groups
DoubleACK
but as a German state university we do not have any influence on Google.
Do you as a Google peer have any contacts inside of Google?
The last time I tried to interact with the newsmaster(s) at Google ended >poorly with a refusal to create some new groups being created at the
time (either Mozilla adjacent and / or Windows 10) with some other >disheartening outcome.
I would /hope/ -- but not hold my breath -- that you have a bit more >influence /as/ /a/ /peer/ than others around the world / Internet.
But - if necessary - we would stop our long time peering with Google.
I appreciate that you are willing to de-peer Google if it comes to that.
Unfortunately,
as an isolated action, this doesn't make a positive difference. We will
continue to follow the discussion here closely.
I would encourage you and your colleagues to start thinking about what >actions would warrant de-peering Google to you / your team, along with
any communications you might want to have with Google regarding -- what
I consider to be -- blatant spam spewing from them.
Again, I would hope, that as a peer, you might be able to contact
someone in Google and get them to try to stem the tide.
Thank you for your consideration, whatever that ends up being.
--
Grant. . . .
Frank Slootweg <this@ddress.is.invalid> wrote:
I have no indication that News.Individual.Net is a direct peer (of
Google Groups), but also no indication of the contrary.
News.Individual.Net is handled on our reader servers. The peering with
Google takes place on our feeder server (newsfeed.fu-berlin.de) which is >operated by the same news admin team. So we are responsible for the
peering, but not for the Spam itself.
We do care about the Spam flood posted via Google Groups but as a German >state university we do not have any influence on Google. But - if
necessary - we would stop our long time peering with Google. Unfortunately, >as an isolated action, this doesn't make a positive difference. We will >continue to follow the discussion here closely.
Heiko (for Newsmaster-Team of individual.net)
On 12/11/23 08:24, D wrote:
hailing the google ghost ship
I like that description. "Google ghost ship" and "hailing" seem to be
apt descriptions that match my opinion of the situation.
--
Grant. . . .
Grant Taylor <gtaylor@tnetconsulting.net> wrote
Again, I would hope, that as a peer, you might be able to contact
someone in Google and get them to try to stem the tide.
100% agree with both Grant and Heiko (and much appreciate their actions!).
As with Grant, I was only able to get Google to change their format for the >dejaGoogle URIs, but I was not able to get them to add the Windows
newsgroups or some of the common software newsgroups (tbird, ffox, etc.).
As with Grant, I would "hope" (to dear God I hope, in fact) that you and
the other peers to Google have "some method" of getting a hold of them.
Worst case, there's this URL (which is for the proletariat such as I am).
<https://groups.google.com/g/google-usenet/about>
On 12/11/23 02:40, Heiko Schlichting wrote:
but as a German state university we do not have any influence on Google.
Do you as a Google peer have any contacts inside of Google?
I would /hope/ -- but not hold my breath -- that you have a bit more influence /as/ /a/ /peer/ than others around the world / Internet.
In article <ul792r$2s6nu$1@paganini.bofh.team>,
Wally J <walterjones@invalid.nospam> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote
On 12/11/23 08:24, D wrote:
hailing the google ghost ship
I like that description. "Google ghost ship" and "hailing" seem to be
apt descriptions that match my opinion of the situation.
We have Heiko at Individual trying to hail the Google ghost ship.
What's a good contact for the other two big peers of the Google ghost ship? >> I'll volunteer to send them each an email (but I don't expect much of it).
Go for it!
Time to stand up to the giant abuser!
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
On 12/11/23 02:40, Heiko Schlichting wrote:
but as a German state university we do not have any influence on Google.
Do you as a Google peer have any contacts inside of Google?
We do have a contact address which is many years old and which we will not >publish (under no circumstances). We communicate via a generic admin
address but didn't have any conversation for many, many years. The peering
is established log time ago and stable since then.
I would /hope/ -- but not hold my breath -- that you have a bit more
influence /as/ /a/ /peer/ than others around the world / Internet.
One might think. Unfortunately that's not really the case. Sorry.
Heiko (for Newsmaster-Team of individual.net)
On 12/11/23 10:25, The Doctor wrote:
In article <ul792r$2s6nu$1@paganini.bofh.team>,
Wally J <walterjones@invalid.nospam> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wroteGo for it!
On 12/11/23 08:24, D wrote:
hailing the google ghost ship
I like that description. "Google ghost ship" and "hailing" seem to be >>>> apt descriptions that match my opinion of the situation.
We have Heiko at Individual trying to hail the Google ghost ship.
What's a good contact for the other two big peers of the Google ghost ship? >>> I'll volunteer to send them each an email (but I don't expect much of it). >>
Time to stand up to the giant abuser!
+1
--
user <candycane> is generated from /dev/urandom
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
In article <ul7jif$38rtp$1@dont-email.me>,
candycanearter07 <no@thanks.net> wrote:
On 12/11/23 10:25, The Doctor wrote:
In article <ul792r$2s6nu$1@paganini.bofh.team>,
Wally J <walterjones@invalid.nospam> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote
On 12/11/23 08:24, D wrote:
hailing the google ghost ship
I like that description. "Google ghost ship" and "hailing" seem to be >>>>>> apt descriptions that match my opinion of the situation.
We have Heiko at Individual trying to hail the Google ghost ship.
What's a good contact for the other two big peers of the Google ghost >>>>> ship? I'll volunteer to send them each an email (but I don't expect
much of it).
Go for it!
Time to stand up to the giant abuser!
+1
+2
+3, more in hope than expectation.
On 12/11/23 14:14, Sn!pe wrote:
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
In article <ul7jif$38rtp$1@dont-email.me>,
candycanearter07Â <no@thanks.net> wrote:
On 12/11/23 10:25, The Doctor wrote:
In article <ul792r$2s6nu$1@paganini.bofh.team>,
Wally JÂ <walterjones@invalid.nospam> wrote:
Time to stand up to the giant abuser!
+1
+2
+3, more in hope than expectation.
+4
On 12/11/23 14:14, Sn!pe <snip@aol.com> wrote:[snip]
The Doctor <doctor@aol.com> wrote:
In article <ul7jif$38rtp$1@dont-email.me>,
candycanearter07 <no@aol.com> wrote:
+3, more in hope than expectation.+1
+2
+4
We do have a contact address which is many years old and which we will not publish (under no circumstances). We communicate via a generic admin
address but didn't have any conversation for many, many years. The peering
is established log time ago and stable since then.
One might think. Unfortunately that's not really the case. Sorry.
Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
I would /hope/ -- but not hold my breath -- that you have a bit more
influence /as/ /a/ /peer/ than others around the world / Internet.
One might think. Unfortunately that's not really the case. Sorry.
Do what is right and depeer Google Groups now!
Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote:Do what is right and depeer Google Groups now!
I would /hope/ -- but not hold my breath -- that you have a bit moreOne might think. Unfortunately that's not really the case. Sorry.
influence /as/ /a/ /peer/ than others around the world / Internet.
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Google also informed their peers like us.
Until then, there are strong anti-spam measures on our reader servers for
our customers. We'll see if the spammers look for another news server or
not. Hopefully not.
Google's departure will change Usenet again, just as AOL did in
"September" 1993. For better or worse? We'll find out.
Heiko (for Newsmaster-Team of individual.net)
yesterday it was "effective February 15, 2024..." so they're already
moving the goal posts... ulterior motives should not surprise anyone
D <noreply@mixmin.net> writes:
yesterday it was "effective February 15, 2024..." so they're already
moving the goal posts... ulterior motives should not surprise anyone
It's a two stage separation. Stage one occurs on the 15th, stage two on
the 22nd.
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
I would /hope/ -- but not hold my breath -- that you have a bit more
influence /as/ /a/ /peer/ than others around the world / Internet.
One might think. Unfortunately that's not really the case. Sorry.
Do what is right and depeer Google Groups now!
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Google also informed their peers like us.
Until then, there are strong anti-spam measures on our reader servers for
our customers. We'll see if the spammers look for another news server or
not. Hopefully not.
Google's departure will change Usenet again, just as AOL did in
"September" 1993¹. For better or worse? We'll find out.
Heiko (for Newsmaster-Team of individual.net)
¹ https://en.wikipedia.org/wiki/Eternal_September
On 15 Dec 2023 08:59:34 GMT, Heiko Schlichting <heiko@cis.fu-berlin.de> wrote: >>The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
Grant Taylor <gtaylor@tnetconsulting.net> wrote:Do what is right and depeer Google Groups now!
I would /hope/ -- but not hold my breath -- that you have a bit more >>>>> influence /as/ /a/ /peer/ than others around the world / Internet. >>>>One might think. Unfortunately that's not really the case. Sorry.
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Google also informed their peers like us.
Until then, there are strong anti-spam measures on our reader servers for >>our customers. We'll see if the spammers look for another news server or >>not. Hopefully not.
Google's departure will change Usenet again, just as AOL did in
"September" 1993. For better or worse? We'll find out.
Heiko (for Newsmaster-Team of individual.net)
yesterday it was "effective February 15, 2024..." so they're already
moving the goal posts... ulterior motives should not surprise anyone
D <noreply@mixmin.net> writes:
yesterday it was "effective February 15, 2024..." so they're already
moving the goal posts... ulterior motives should not surprise anyone
It's a two stage separation. Stage one occurs on the 15th, stage two on
the 22nd.
On Fri, 15 Dec 2023 13:57:09 +0000, Tom Furie <tom@furie.org.uk> wrote:
D <noreply@mixmin.net> writes:
yesterday it was "effective February 15, 2024..." so they're already
moving the goal posts... ulterior motives should not surprise anyone
It's a two stage separation. Stage one occurs on the 15th, stage two on
the 22nd.
maybe stage three on the 29th . . . ad infinitum; just to be on the
safe side, every news server that hasn't already should immediately
depeer from the google ghost ship slowly drifting off into oblivion
The Doctor <doctor@doctor.nl2k.ab.ca> wrote:
Do what is right and depeer Google Groups now!
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Done.
In news.software.nntp Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Done.
Confirmed here (news.chmurka.net). What a relief.
Same here :-)
In news.software.nntp Heiko Schlichting <heiko@cis.fu-berlin.de> wrote:
All peerings with Google will end on 2024-02-22:
https://support.google.com/groups?p=usenet
Done.
Confirmed here (news.chmurka.net). What a relief.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 388 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 133:43:18 |
| Calls: | 8,209 |
| Calls today: | 7 |
| Files: | 13,122 |
| Messages: | 5,871,359 |
