Who is peering all these spams ostensibly from Google Groups?
<http://groups.google.com/g/comp.mobile.android>

In the past few weeks, what I'll call "indonesian" spam has been
increasing but not to the level of this "movie" spam which is now
hundreds per day (at least it is on the Android newsgroup).

While the headers look like they're coming from Google Groups,
I'm aware that headers could be forged such that it could be
coming from a rogue nntp server sending all this spam.

But then why are the reputable nntp news server admins peering
these spams?

I realize every line in the header can be spoofed (even the
path can have information injected into it), but I don't know
how to read headers well.

Is there any way to tell from the header who is peering them.
To help you answer this question, below are just 3 random spams.

========< cut here for random spams >========
X-Received: by 2002:a0c:ed31:0:b0:67a:b50a:cf46 with SMTP id u17-20020a0ced31000000b0067ab50acf46mr63374qvq.7.1701623906718; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
X-Received: by 2002:a05:6870:f293:b0:1fb:2688:896e with SMTP id u19-20020a056870f29300b001fb2688896emr1145397oap.8.1701623906460; Sun, 03 Dec 2023 09:18:26 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:18:26 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S
NNTP-Posting-Host: 202.46.68.61
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <d2da9b7d-4ac6-43dc-80e3-18962e6ccd5fn@googlegroups.com>
Subject: [.WATCH.] Renaissance: A Film By Beyonc� Watch (FullMovie) Free Online ON STREAMINGS
From: Atto Lorse <attolorse@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:18:26 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 3761
Xref: . comp.mobile.android:110200
========< cut here for random spams >========
X-Received: by 2002:a05:6214:1fc4:b0:67a:262e:35b5 with SMTP id jh4-20020a0562141fc400b0067a262e35b5mr642984qvb.9.1701622417293; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
X-Received: by 2002:a9d:5cc6:0:b0:6d8:1345:7de4 with SMTP id r6-20020a9d5cc6000000b006d813457de4mr1630461oti.7.1701622417090; Sun, 03 Dec 2023 08:53:37 -0800 (PST)
Path: .!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 08:53:36 -0800 (PST)
In-Reply-To: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com>
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx
NNTP-Posting-Host: 118.179.109.17
References: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com>
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <f09f38dc-333c-4e8a-81b0-d4d63760088bn@googlegroups.com>
Subject: Re: [.WATCH.] It Came from Dimension X Watch (.FullMovie.) Free Online On STREAMINGS
From: Derrick Matthews <derrickmatthews946@gmail.com>
Injection-Date: Sun, 03 Dec 2023 16:53:37 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 5359
Xref: . comp.mobile.android:110194
========< cut here for random spams >========
X-Received: by 2002:a05:622a:103:b0:423:72a5:a7da with SMTP id u3-20020a05622a010300b0042372a5a7damr969557qtw.8.1701624819984; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
X-Received: by 2002:a9d:6a8f:0:b0:6d8:8052:2ec8 with SMTP id l15-20020a9d6a8f000000b006d880522ec8mr627917otq.2.1701624819695; Sun, 03 Dec 2023 09:33:39 -0800 (PST)
Path: .!news2.arglkargh.de!2.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
Newsgroups: comp.mobile.android
Date: Sun, 3 Dec 2023 09:33:39 -0800 (PST)
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8
NNTP-Posting-Host: 93.177.75.198
User-Agent: G2/1.0
MIME-Version: 1.0
Message-ID: <fa356544-c7a3-4d01-bb73-58212af853b1n@googlegroups.com>
Subject: **Wish 2023 free '.Fullmovie.' Online English HD 720p, 480p
From: Raden Surya Sigadiraja <radensuryasigadiraja@gmail.com>
Injection-Date: Sun, 03 Dec 2023 17:33:39 +0000
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
X-Received-Bytes: 16654
Xref: . comp.mobile.android:110202
--
TIA

In article <ukinav$m4i7$1@paganini.bofh.team>,
Wally J <walterjones@invalid.nospam> wrote:
>Who is peering all these spams ostensibly from Google Groups?
> <http://groups.google.com/g/comp.mobile.android>
>
>In the past few weeks, what I'll call "indonesian" spam has been
>increasing but not to the level of this "movie" spam which is now
>hundreds per day (at least it is on the Android newsgroup).
>
>While the headers look like they're coming from Google Groups,
>I'm aware that headers could be forged such that it could be
>coming from a rogue nntp server sending all this spam.
>
>But then why are the reputable nntp news server admins peering
>these spams?
>
>I realize every line in the header can be spoofed (even the
>path can have information injected into it), but I don't know
>how to read headers well.
>
>Is there any way to tell from the header who is peering them.
>To help you answer this question, below are just 3 random spams.
>
> ========< cut here for random spams >========
> X-Received: by 2002:a0c:ed31:0:b0:67a:b50a:cf46 with SMTP id
>u17-20020a0ced31000000b0067ab50acf46mr63374qvq.7.1701623906718; Sun, 03
>Dec 2023 09:18:26 -0800 (PST)
> X-Received: by 2002:a05:6870:f293:b0:1fb:2688:896e with SMTP id
>u19-20020a056870f29300b001fb2688896emr1145397oap.8.1701623906460; Sun,
>03 Dec 2023 09:18:26 -0800 (PST)
> Path:
>.!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!3.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
> Newsgroups: comp.mobile.android
> Date: Sun, 3 Dec 2023 09:18:26 -0800 (PST)
> Injection-Info: google-groups.googlegroups.com;
>posting-host=202.46.68.61;
>posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S
> NNTP-Posting-Host: 202.46.68.61
> User-Agent: G2/1.0
> MIME-Version: 1.0
> Message-ID: <d2da9b7d-4ac6-43dc-80e3-18962e6ccd5fn@googlegroups.com>
> Subject: [.WATCH.] Renaissance: A Film By Beyonc� Watch (FullMovie)
>Free Online ON STREAMINGS
> From: Atto Lorse <attolorse@gmail.com>
> Injection-Date: Sun, 03 Dec 2023 17:18:26 +0000
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> X-Received-Bytes: 3761
> Xref: . comp.mobile.android:110200
> ========< cut here for random spams >========
> X-Received: by 2002:a05:6214:1fc4:b0:67a:262e:35b5 with SMTP id
>jh4-20020a0562141fc400b0067a262e35b5mr642984qvb.9.1701622417293; Sun, 03
>Dec 2023 08:53:37 -0800 (PST)
> X-Received: by 2002:a9d:5cc6:0:b0:6d8:1345:7de4 with SMTP id
>r6-20020a9d5cc6000000b006d813457de4mr1630461oti.7.1701622417090; Sun, 03
>Dec 2023 08:53:37 -0800 (PST)
> Path:
>.!weretis.net!feeder8.news.weretis.net!3.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
> Newsgroups: comp.mobile.android
> Date: Sun, 3 Dec 2023 08:53:36 -0800 (PST)
> In-Reply-To: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com>
> Injection-Info: google-groups.googlegroups.com;
>posting-host=118.179.109.17;
>posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx
> NNTP-Posting-Host: 118.179.109.17
> References: <f5e007ca-f669-4d58-9112-f36f426aead5n@googlegroups.com>
> User-Agent: G2/1.0
> MIME-Version: 1.0
> Message-ID: <f09f38dc-333c-4e8a-81b0-d4d63760088bn@googlegroups.com>
> Subject: Re: [.WATCH.] It Came from Dimension X Watch (.FullMovie.)
>Free Online On STREAMINGS
> From: Derrick Matthews <derrickmatthews946@gmail.com>
> Injection-Date: Sun, 03 Dec 2023 16:53:37 +0000
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> X-Received-Bytes: 5359
> Xref: . comp.mobile.android:110194
> ========< cut here for random spams >========
> X-Received: by 2002:a05:622a:103:b0:423:72a5:a7da with SMTP id
>u3-20020a05622a010300b0042372a5a7damr969557qtw.8.1701624819984; Sun, 03
>Dec 2023 09:33:39 -0800 (PST)
> X-Received: by 2002:a9d:6a8f:0:b0:6d8:8052:2ec8 with SMTP id
>l15-20020a9d6a8f000000b006d880522ec8mr627917otq.2.1701624819695; Sun, 03
>Dec 2023 09:33:39 -0800 (PST)
> Path:
>.!news2.arglkargh.de!2.eu.feeder.erje.net!1.us.feeder.erje.net!feeder.erje.net!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer02.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
> Newsgroups: comp.mobile.android
> Date: Sun, 3 Dec 2023 09:33:39 -0800 (PST)
> Injection-Info: google-groups.googlegroups.com;
>posting-host=93.177.75.198;
>posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8
> NNTP-Posting-Host: 93.177.75.198
> User-Agent: G2/1.0
> MIME-Version: 1.0
> Message-ID: <fa356544-c7a3-4d01-bb73-58212af853b1n@googlegroups.com>
> Subject: **Wish 2023 free '.Fullmovie.' Online English HD 720p, 480p
> From: Raden Surya Sigadiraja <radensuryasigadiraja@gmail.com>
> Injection-Date: Sun, 03 Dec 2023 17:33:39 +0000
> Content-Type: text/plain; charset="UTF-8"
> Content-Transfer-Encoding: quoted-printable
> X-Received-Bytes: 16654
> Xref: . comp.mobile.android:110202
>--
>TIA

More reason to depeer Google GRoups now!
--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

The Doctor <doctor@doctor.nl2k.ab.ca> wrote

> More reason to depeer Google GRoups now!

I don't know what "depeer" means, but I suspect it means to nuke it.
Sometimes nuking is appropriate. Most of the time it's too drastic.

Cutting out this spam should be as easy as not peering it - should it not?
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

I'm not for knee-jerk reactions, but targeted surgical strikes.
Maybe the problem is a single reliable news server is peering this spam?

But I don't know enough about headers to determine who is peering it.
I can read the path but I know the path can have injected components.

For example, I'm assuming that none of this spam actually is coming from
google posters - I'm assuming it's all coming from a roge nntp server who
is impersonating a google groups poster.

How can we tell who peered it first from the originating rouge nntp server?

Here's a thread which brought up the subject where each recipient has to
figure out on his own newsreader how to nuke this spam which purports to
come from Google Groups (I suspect it comes from a rogue
Like this thread, posted today, trying to solve this exact problem.
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>

The only reason I doubt this spam is coming from google users is Google
would put a stop to this - but it's been happening for weeks on end.

So I 'suspect' that it's coming from a rogue nntp news server.
Which is why I'm asking the question that I'm asking.

Who is peering all these spams ostensibly from Google Groups?

On 12/3/23 14:10, Wally J wrote:
> Who is peering all these spams ostensibly from Google Groups?

Ostensibly any news master that is not filtering Google Groups carte
blanch is peering / feeding these articles. Few are directly peered
with Google, more are downstream peers.

Grant. . . .

On 12/3/23 14:29, Wally J wrote:
> I don't know what "depeer" means, but I suspect it means to nuke it.

Depeering means to no longer carry any articles from a news server.

> Sometimes nuking is appropriate. Most of the time it's too drastic.
>
> Cutting out this spam should be as easy as not peering it - should it not?

It's relatively easy to filter out /everything/ from Google.

It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
from Google.

> For example, I'm assuming that none of this spam actually is coming from
> google posters - I'm assuming it's all coming from a roge nntp server who
> is impersonating a google groups poster.

Every single one that I've looked at the message /has/ /in/ /fact/
originated from Google and been sent out to Usenet at large.

> How can we tell who peered it first from the originating rouge nntp server?

Google is the rogue NNTP server that is the source of the spam.

> Here's a thread which brought up the subject where each recipient has to
> figure out on his own newsreader how to nuke this spam which purports to
> come from Google Groups (I suspect it comes from a rogue

You suppose wrong.

The spam /is/ originating from Google.

> The only reason I doubt this spam is coming from google users is Google
> would put a stop to this - but it's been happening for weeks on end.

HA! If only.

Google is an extremely bad for Usenet and an even worse steward for the
Dejanews archive.

> So I 'suspect' that it's coming from a rogue nntp news server.

You suspect wrong.

> Which is why I'm asking the question that I'm asking.
>
> Who is peering all these spams ostensibly from Google Groups?

Look at the Path: headers to answer your own questions.

--
Grant. . . .

Am 03.12.2023 um 16:29:06 Uhr schrieb Wally J:

> The Doctor <doctor@doctor.nl2k.ab.ca> wrote
>
> > More reason to depeer Google GRoups now!
>
> I don't know what "depeer" means, but I suspect it means to nuke it.
> Sometimes nuking is appropriate. Most of the time it's too drastic.

Removing the peering to google groups. Only server that currently peer
can do that.
If all of them removed the peering, post can't go from GG to other
servers and vice-versa.

> Cutting out this spam should be as easy as not peering it - should it
> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>

It is possible to filter for injection-info.
Google Groups places a correct header and the path also matches that.

> I'm not for knee-jerk reactions, but targeted surgical strikes.
> Maybe the problem is a single reliable news server is peering this
> spam?

No, the problem is Google because Google doesn't stop people from
abusing their services.

> But I don't know enough about headers to determine who is peering it.
> I can read the path but I know the path can have injected components.

Forging a path is possible, but rather unlikely.
Direct peers of GG can confirm that the path isn't forged.

> For example, I'm assuming that none of this spam actually is coming
> from google posters - I'm assuming it's all coming from a roge nntp
> server who is impersonating a google groups poster.

Wrong summption.

> How can we tell who peered it first from the originating rouge nntp
> server?

You can find who peers if you write a script and extract the patrh
header and extract only the servers that are left of the googel groups
part.

Path:
eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail

E.g. news.highwinds-media.com peer with Google.

> The only reason I doubt this spam is coming from google users is
> Google would put a stop to this - but it's been happening for weeks
> on end.

No, Google doesn't care about it. They also don't care about spam on
their web services nor abuse from their IP ranges hosted for others.

On 12/3/23 14:36, Grant Taylor wrote:
> On 12/3/23 14:29, Wally J wrote:
>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.
>
>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it
>> not?
>
> It's relatively easy to filter out /everything/ from Google.
>
> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

Yeah. I just filter everything from Google.
--
user <candycane> is generated from /dev/urandom

Grant Taylor <gtaylor@tnetconsulting.net> wrote

>> I don't know what "depeer" means, but I suspect it means to nuke it.
>
> Depeering means to no longer carry any articles from a news server.

Hi Grant,

Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
been able to figure it out on my own. Thanks for being nice about my faux
pas. It was stupid of me to not realize that's what it had meant.

Especially since that was my whole point.

How do you de-peer the spams (which I suspect are not coming from Google).
<https://groups.google.com/g/comp.mobile.android>
(EDIT: I see below that you suspect they _are_ coming from Google though.)

There are hundreds just today alone that anyone can see are clearly spam.
<https://i.postimg.cc/6pj29c6f/spam01.jpg>

>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>
>> Cutting out this spam should be as easy as not peering it - should it not?
>
> It's relatively easy to filter out /everything/ from Google.

I am almost 86 so I lived through the days when we'd complain to a host
admin that someone spammed us once in a month or two, and then I lived
through making my own procmail filters on SunOS, so I'm familiar with the
fact that it's just plain stupid to filter out everything from Google.

People do it all the time.
But only stupid people do it.

A smart admin would have a smarter filter than "everything".
Worse....

I suspect NONE of this spam is actually coming from Google anyway.
(But I just saw below that you suspect they _are_ coming from Google.)

For a filter, it's the same thing of course, but isn't it different to an
nntp server who can tell where it's coming from better than I can tell?

> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
> from Google.

I'm sure that's why they seem to be changing up the subject, headers, from,
injection information, etc. in those headers.

I'm almost certain (based on the modus operandi) that NONE of them are
actually coming from Google servers but I saw below that you're sure they
are, so I'd just ask how you know since almost everything in the header can
be forged (as far as I know) except for the final path in the header.

>> For example, I'm assuming that none of this spam actually is coming from
>> google posters - I'm assuming it's all coming from a roge nntp server who
>> is impersonating a google groups poster.
>
> Every single one that I've looked at the message /has/ /in/ /fact/
> originated from Google and been sent out to Usenet at large.

Oh. Really? I didn't see this until now. I was pretty sure none was coming
from Google simply because they'd put a stop to abuse pretty quickly you'd
think. And this is clearly abuse.

Is there a way (that works) to _complain_ to Google about it?
Maybe they care?

>> How can we tell who peered it first from the originating rouge nntp server?
>
> Google is the rogue NNTP server that is the source of the spam.

I understand belatedly that you believe that - but how can you tell?
I can't tell.

Sure the message-ID is an indication.
And the newsreader. But that can be forged.

About the only thing that can't be forged are sections of the path.
But they can 'inject' stuff into the path that is meaningless.

So how do you know that it's really coming from Google servers?
(I strongly suspect it is not for the reasons I already stated.)

We have to confirm if it's coming from Google because the solution then is
at Google whereas if they're just spoofing Google, the solution is
elsewhere.

>
>> Here's a thread which brought up the subject where each recipient has to
>> figure out on his own newsreader how to nuke this spam which purports to
>> come from Google Groups (I suspect it comes from a rogue
>
> You suppose wrong.
>
> The spam /is/ originating from Google.

By now I see that you feel strongly it's coming from Google.
But how do you know?

And more importantly, how does "de-peering" happen so that it stops?

>> The only reason I doubt this spam is coming from google users is Google
>> would put a stop to this - but it's been happening for weeks on end.
>
> HA! If only.
>
> Google is an extremely bad for Usenet and an even worse steward for the
> Dejanews archive.

I lived through DejaNews so I'm aware of what you say, and I certainly know
a google search on the real google.com is different in functionality than a
search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
least DejaGoogle exists.

I use it only for a lookup/search/reference engine, which it's very good at
but I wouldn't even think of posting using Google Groups for all the
reasons that nobody would be caught dead using AOL in the olden days.

>> So I 'suspect' that it's coming from a rogue nntp news server.
>
> You suspect wrong.

OK. So you think it's coming from Google. And that means Google either
doesn't know about it - or - Google isn't doing anything about it.

Is there any way to "complain" to Google to figure out which it is?

>
>> Which is why I'm asking the question that I'm asking.
>>
>> Who is peering all these spams ostensibly from Google Groups?
>
> Look at the Path: headers to answer your own questions.

The PATH (read right to left of course) isn't meaningful when anyone clever
can inject components into it.

I don't know what portion of the path is inviolable though.
Do you?

Assuming they're injecting into the path, what part of the path in the
previously listed spams do you think are actually real?

Wally J <walterjones@invalid.nospam> writes:

> Grant Taylor <gtaylor@tnetconsulting.net> wrote
>> Google is the rogue NNTP server that is the source of the spam.
>
> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

> About the only thing that can't be forged are sections of the path.
> But they can 'inject' stuff into the path that is meaningless.
>
> So how do you know that it's really coming from Google servers?
> (I strongly suspect it is not for the reasons I already stated.)

>> Look at the Path: headers to answer your own questions.
>
> The PATH (read right to left of course) isn't meaningful when anyone clever
> can inject components into it.
>
> I don't know what portion of the path is inviolable though.
> Do you?
>
> Assuming they're injecting into the path, what part of the path in the
> previously listed spams do you think are actually real?

Look at the path on a random sampling of posts, they will likely come
into your news server from a variety of its peers. Look to see where the
path reconverges...

Are these "Google impersonators" going to go to the effort of spoofing
that many differing path components?

Marco Moock <mm+usenet-es@dorfdsl.de> wrote

> Removing the peering to google groups. Only server that currently peer
> can do that.
> If all of them removed the peering, post can't go from GG to other
> servers and vice-versa.

OK. Grant also said the spam is really coming from Google servers, which is
disappointing at best, and almost criminal at worst - but it is what it is.

Certainly we can all blindly filter out EVERYTHING from Google Groups.
And maybe that's what we'll have to do as I don't think I've ever seen a
Usenet post from a Google Groups' poster that held any pertinent value.

But before I do that, I still think there must be a better way, where what
some people do on c.m.a is check a whitelist and then plonk if not in it.

But that's gonna be newsreader-specific code (unlike procmail was).

>> Cutting out this spam should be as easy as not peering it - should it
>> not? <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
> It is possible to filter for injection-info.
> Google Groups places a correct header and the path also matches that.

Hmmmmm.... The purpose of this thread wasn't to create my own filter (as I
could always have done that) but let me look at the injection information.

Previous Spam 1:
Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Previous Spam 2:
Injection-Info: google-groups.googlegroups.com; posting-host=118.179.109.17; posting-account=cd0JhgoAAACShHBEpPkoEjnWjSQ47bCx

Previous Spam 3:
Injection-Info: google-groups.googlegroups.com; posting-host=93.177.75.198; posting-account=IjNbuAoAAADuPrioAyFILqIJ1RQ_HnG8

If that's not spoofed, then the only thing I'd need is to filter
out anything with "google-groups.googlegroups.com" if it's real.

What I'll do in a subsequent post is see if I can add that one line
to my header - and if I can - which I suspect I can - it's not reliable.

But maybe I can't. I don't know. I'm not all that clever.
But I know how to use Telnet so I can try it. Later.

Even so, any of us can filter it out but the problem is at the
peering, so now I understand the suggestion of "de-peering" better!

>
>> I'm not for knee-jerk reactions, but targeted surgical strikes.
>> Maybe the problem is a single reliable news server is peering this
>> spam?
>
> No, the problem is Google because Google doesn't stop people from
> abusing their services.

Got it.
If that's the case, then there are only three possible solutions:
a. Solve it at Google
b. Solve it at the peering level
c. Solve it as the user level

One by one, that's what I will try to do, where you can help (royal you)
by letting me know if there is a way to complain to Google about it.

>> But I don't know enough about headers to determine who is peering it.
>> I can read the path but I know the path can have injected components.
>
> Forging a path is possible, but rather unlikely.
> Direct peers of GG can confirm that the path isn't forged.

As I said, I'm astounded Google is allowing this to happen when
they won't even let me log into my long-time email from the VPN
service I've been using for years - but Google is Google after all.

If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
is truly coming from Google servers, then that's where the solution lies.

>> For example, I'm assuming that none of this spam actually is coming
>> from google posters - I'm assuming it's all coming from a roge nntp
>> server who is impersonating a google groups poster.
>
> Wrong summption.

I haven't seen proof. But I openly instantly and readily admit that
I don't know what any of you know, so I will accept that it's google.

>> How can we tell who peered it first from the originating rouge nntp
>> server?
>
> You can find who peers if you write a script and extract the patrh
> header and extract only the servers that are left of the googel groups
> part.

That's assuming the "google groups part" isn't itself forged though.

> Path:
> eternal-september.org!news.eternal-september.org!feeder3.eternal-september.org!eternal-september.org!usenet.blueworldhosting.com!diablo1.usenet.blueworldhosting.com!peer01.iad!feed-me.highwinds-media.com!news.highwinds-media.com!news-out.google.com!nntp.google.com!postnews.google.com!google-groups.googlegroups.com!not-for-mail
>
> E.g. news.highwinds-media.com peer with Google.

Shit. Highwinds doesn't give a shit. You probably know that.
I've complained to them many times in the past. They do nothing.

Hell, Rod Speed issued instructions to murder me using Highwinds.
Just because I was able to get Paolo Amaroso to blacklist a.h.r.
And they didn't even care (although I did call the FBI about it).

Even Google put his email on a suspension once I wrote a formal
letter which included the report to the FBI - but I don't know
what happened of it as they told me never to contact him ever.

That was hard enough.

It's even worse with Highwinds because I'm sure legitimate posters
must use it (do they?). If so, then highwinds can't be de-peered.

I was hoping it was someone reputable, like Steve or Jesse
or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

Bummer. Highwinds is one of the worst in my opinion, at least in
terms of getting spammers booted.

Is there someone at highwinds you'd recommend we contact to
solve this - or has that long ago already been done (I suspect)?
>> The only reason I doubt this spam is coming from google users is
>> Google would put a stop to this - but it's been happening for weeks
>> on end.
>
> No, Google doesn't care about it. They also don't care about spam on
> their web services nor abuse from their IP ranges hosted for others.

That's a big problem. I'm pretty persistent but even I had to try hard to
talk to a human in Mountainview when I needed a change in their routing.

Finally after many calls (it's essentially impossible to get someone unless
you know someone who knows exactly the someone you need to talk to) I was
able to get it fixed, but the elapsed time was months in between.

It might even be worse here because at least Google cares about Maps.

Does anyone know of a way to _complain_ about it that exists somewhere?

Wally J <walterjones@invalid.nospam> wrote

> What I'll do in a subsequent post is see if I can add that one line
> to my header - and if I can - which I suspect I can - it's not reliable.

OK. I tried with a couple of news servers (Ivo's & Ray's).

I set the "injection-info" header to this (from the spam).
Add_Headers = Injection-Info: google-groups.googlegroups.com; posting-host=202.46.68.61; posting-account=FDFpwAkAAAAzh5Zwwcosm-KBqOzgWZ4S

Both servers the error below (which you knew but I did not).
"Posting article failed: Can't set system Injection-Info: header

Unless there's a compliant nntp server, I'll accept that the
Injection-Info header can't be (trivially easily) forged.

At least not with a simple "telnet newsserver 119" session.

Thanks for letting me know I can filter on that line.
But this is best taken up with the powers that be in this order.

1. Google
2. Peers
3. Users

Tom Furie <tom@furie.org.uk> wrote

>> Assuming they're injecting into the path, what part of the path in the
>> previously listed spams do you think are actually real?
>
> Look at the path on a random sampling of posts, they will likely come
> into your news server from a variety of its peers. Look to see where the
> path reconverges...
>
> Are these "Google impersonators" going to go to the effort of spoofing
> that many differing path components?

OK. Sorry for being dense. I am way behind but trying to catch up.

The solution can only be in this order (as far as I can tell).
1. Google
2. Peers
3. Users

I'm probably with most of you that nothing good ever came out of
a google groups post to Usenet so working backward, the users
can all filter on the system "Injection-Info: header" (which
moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
prevented that (as they should).

I'm wary that they can set up their own rogue server to allow
spoofing of that header but then I defer to your experience
and your sensible logic above that they'd have to fool peers.

So I'll belatedly accept Google is letting this happen.
With that in mind, I'm willing to "complain" to google.

But of course, I don't have any special connections other than
I live close to Mountainview and some of my buddies used to work there.

The two questions would be to ask:
a. Who wants to try to complain to Google (I'll try), and,
b. Who can get a hold of the highwinds server (they suck).

Note that I don't think either will be all that fruitful.
But I wonder if it's only highwinds that sucks (I've dealt
with them in the past and they just ignored everything).

Other than having every user filter out a google injection info,
what else can we do to stop these hundreds of spams daily?

On 12/3/23 17:07, Wally J wrote:
> Hi Grant,

Hi Wally,

> Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
> been able to figure it out on my own.

Apology returned to sender as unnecessary.

> Thanks for being nice about my faux
> pas. It was stupid of me to not realize that's what it had meant.

You're welcome.

I believe that people trying to engage in civil conversation deserve
civil responses.

I don't think stupid. If anything, unaware. But, you are now aware,
and therefor a little bit better off. :-)

> Especially since that was my whole point.

;-)

> How do you de-peer the spams (which I suspect are not coming from Google).

You don't de-peer individual messages. You de-peer ... peer news servers.

Few news servers directly peer with Google.

Most news servers peer with other news server(s) that eventually peer
with Google.

So the only way that most news server administrators have to de-peer
Google, in a manner of speaking, is to not allow messages from Google
into their news server.

> (EDIT: I see below that you suspect they _are_ coming from Google though.)
>
> There are hundreds just today alone that anyone can see are clearly spam.
> <https://i.postimg.cc/6pj29c6f/spam01.jpg>

Yep.

> I am almost 86 so I lived through the days when we'd complain to a host
> admin that someone spammed us once in a month or two, and then I lived
> through making my own procmail filters on SunOS, so I'm familiar with the
> fact that it's just plain stupid to filter out everything from Google.

I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
is a little bit different.

You may think it stupid that I have blocked all Google messages on my
server. But you are as free to have your opinion as I am to have mine. ;-)

The question is how much time is a news administrator willing to spend
combating spam before they block a site entirely?

Would you continue to accept messages from a small individual news
server if 1 in 1,000 server legitimate and the other 999 were blatant
spam? What if that was a university? What if it was google? What if
it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
when you would block an entire site because of the ratio of ham to spam?
Does the size of the site make any difference?

For me personally, I was spending an hour or more a day fighting Google
spam and only getting to enjoy participating in conversations like this
for about 15 minutes a day. After about two weeks of that, I decided to
try filtering Google for a few days to see what I thought of it. I've
got to say that I'm enjoying that 15 minutes on Usenet again and the
hour (plus) of time that I've gotten back every day.

Given that Usenet is flood full, all my peers that peer with someone
other than me can get their messages from Google another way.

I get to run my server the way that I want to. I choose to run my
server in a way that makes me happy, or at the very least doesn't
actively make me unhappy and want to shut it down.

> People do it all the time.
> But only stupid people do it.

I guess I'm a stupid person then.

> A smart admin would have a smarter filter than "everything".
> Worse....

I suspect you aren't intending to make a personal attack. But I'll ask
you politely to not insult people who make their own choice, even if you
don't agree with it.

> I suspect NONE of this spam is actually coming from Google anyway.
> (But I just saw below that you suspect they _are_ coming from Google.)
>
> For a filter, it's the same thing of course, but isn't it different to an
> nntp server who can tell where it's coming from better than I can tell?

NNTP servers have a modicum of trust in each other. As in only NNTP
peers are allowed to specify the Path header. Meaning that it's
considerably more difficult for a /client/ to provide a forged path.

All of the Google spam samples that I looked at had everything indicate
that it was from Google; Path, Message-ID, From, etc. -- I no longer
have any articles that originated from Google on my server as I had my
server search through nearly 28 million messages to remove any messages
from Google. -- That's how strongly I believe the spam originates from
Google.

Just about everybody else I've talked to believes the messages originate
from Google.

I can't recall anyone actually saying that the messages originate elsewhere.

There are those that keep an open mind and allow for the possibility
that they originate elsewhere.

Google is notoriously non-responsive for dealing with problems
originating from them into many ecosystems, Usenet is just the one being
discussed here.

As a former Google employee, I know how the people who supposedly are
responsible for -- what I call -- the Google Groups Usenet gateway treat
it at best as an also ran service.

Google has a quite bad reputation as being a source of spam in the email
community. All you need to do is look at the mailop / NANOG / Spammers
Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find
hundreds of people talking about Google being the source of spam email
and Usenet articles.

There is exceedingly little doubt that Google is a source of massive
amounts of spam.

I have not seen any evidence that supports that someone is trying to
frame Google by pretending to be them. -- I'd be quite curious to see
any such statements.

Google has responded to previous complaints about a few groups by making
them read-only. At which point the spammers shift to different
newsgroups. But this game of whack-a-mole is untenable and extremely slow.

While at Google I witnessed them take 18 months to halfheartedly and
ineffectively slow down, but not actually stop, spam originating from
calendar invites.

I experienced Google refusing to allow creation of new newsgroups for
something that had a long history and pattern of newsgroups. I was
ready to submit a change for the Windows 10 newsgroup to be created but
was told that my change would be rejected and to not bother. I asked
about the Firefox and Thunderbird newsgroups when Mozilla announced
discontinuation of their (outsourced) news servers and was told to not
even bother.

I wholeheartedly believe that Google /is/ the source of the spam that
appears to be from them and that they are not the victim of an attack.

> I'm sure that's why they seem to be changing up the subject, headers, from,
> injection information, etc. in those headers.

I think one of the reasons that there are so many different clusters of
similarities is because there are so many spammers each sending their
own type of spam.

A quote from a well known science fiction movie comes to mind, "You will
never find a more wretched hive of scum and villainy." Mos Eisley^W^W
Google.

> I'm almost certain (based on the modus operandi) that NONE of them are
> actually coming from Google servers but I saw below that you're sure they
> are, so I'd just ask how you know since almost everything in the header can
> be forged (as far as I know) except for the final path in the header.

I'd be very interested in how / why you are as certain that the messages
aren't originating from Google as I am that they are.

Please elaborate with a rebuttal to my comments above.

> Oh. Really? I didn't see this until now. I was pretty sure none was coming
> from Google simply because they'd put a stop to abuse pretty quickly you'd
> think. And this is clearly abuse.

Google want's you to think that they put a stop to spam quickly. But in
effect, they don't. (See above about well respected places to see
complaints.)

> Is there a way (that works) to _complain_ to Google about it?
> Maybe they care?

I'm not aware of anything that works.

> I understand belatedly that you believe that - but how can you tell?
> I can't tell.

Deduction / accumulation of many observations / experience working with
the beast that is Google.

> Sure the message-ID is an indication.
> And the newsreader. But that can be forged.

The Path: header is quite a bit more difficult to forge without being a
news peer.

I'm not aware of any (reputable) news server daemon / configuration that
allows someone to spoof the Path: header.

Sure, news servers can feed peers spoofed Path: headers. But it's quite
difficult to do the original spoof without a corroborating news server.

I strongly suspect that if there was a corroborating news server /
administrator that was the source of the articles, the multiple people
spending hours a day fighting this blight would have identified it and
de-peered them without filtering Google.

The vast majority of people want to not filter Google. The sad reality
is that just about everybody has some point that filtering Google seems
reasonable to them. It's simply a question of what that point is. --
There's a crude joke that finishes with "we've already established that,
now we're just negotiating price".

On 12/3/23 18:07, Wally J wrote:
> OK. Sorry for being dense. I am way behind but trying to catch up.

Dense is okay.

You are asking intelligent questions and seem to want to understand and
learn.

I appreciate people who want to learn to understand in order to
formulate their own opinion.

This is true even if the opinion differs or you inadvertently call
someone stupid by referencing their actions.

> The solution can only be in this order (as far as I can tell).
> 1. Google
> 2. Peers
> 3. Users

Yes.

> I'm probably with most of you that nothing good ever came out of
> a google groups post to Usenet

I have personally had good conversations with people posting to Usenet
via Google Groups.

Sadly, I can no longer have discussions with those people as long as
they continue to use Google Groups.

Sadly, they are in the far minority, way less than 1%, of the messages
coming from Google.

> so working backward, the users
> can all filter on the system "Injection-Info: header" (which
> moments ago I tried to spoof but Wolfgan'gs and Gondalfo's server
> prevented that (as they should).

I don't know how protected the Injection-Info: header is. There's a
good chance that it is as protected as the Path: header.

> I'm wary that they can set up their own rogue server to allow
> spoofing of that header but then I defer to your experience
> and your sensible logic above that they'd have to fool peers.

News servers trust what peers send them. That's part of what is special
about being a peer news server.

As such, a rogue news server operator could inject malicious articles by
leveraging their access to spoof headers to cast shade on someone else.

Thankfully there are far fewer news administrators / peers than there
are end users of said servers.

> So I'll belatedly accept Google is letting this happen.
> With that in mind, I'm willing to "complain" to google.

By all means, please do.

But I suggest you not hold your breath.

> But of course, I don't have any special connections other than
> I live close to Mountainview and some of my buddies used to work there.

Used to work there hits quite close to home for me. -- I am one of the
7,000 in the U.S.A. / 12,000 around the world that found I no longer had
any access late January.

> The two questions would be to ask:
> a. Who wants to try to complain to Google (I'll try), and,

I suspect that more people have tried complaining in various ways;
between news masters peered with Google complaining directly to Google
to end users marking messages as spam in Google Groups.

> b. Who can get a hold of the highwinds server (they suck).

I don't know.

> Note that I don't think either will be all that fruitful.

I suspect it's far easier to get a hold of High Winds than trying to get
Google to do anything.

> But I wonder if it's only highwinds that sucks (I've dealt
> with them in the past and they just ignored everything).

Sounds like Google.

Though I got active rejections / "don't go there" while working inside
of / for the beast.

> Other than having every user filter out a google injection info,
> what else can we do to stop these hundreds of spams daily?

We can have the far fewer news administrators filter postnews.google.com
and / or google-groups.googlegroups.com hosts from their servers.

--
Grant. . . .

On 12/3/23 17:33, Wally J wrote:
> OK. Grant also said the spam is really coming from Google servers, which is
> disappointing at best, and almost criminal at worst - but it is what it is.

Yes, it's extremely disappointing.

> Certainly we can all blindly filter out EVERYTHING from Google Groups.

How many people need to take action to clean up after one bad but big
peer before the peer is made to go away?

> And maybe that's what we'll have to do as I don't think I've ever seen a
> Usenet post from a Google Groups' poster that held any pertinent value.

As I said elsewhere, I've had good conversations with people that post
to Usenet from Google Groups. It does happen.

> But before I do that, I still think there must be a better way, where what
> some people do on c.m.a is check a whitelist and then plonk if not in it.

How complicated of a filter do you want to set up and maintain?

> But that's gonna be newsreader-specific code (unlike procmail was).

Yep.

> But maybe I can't. I don't know. I'm not all that clever.
> But I know how to use Telnet so I can try it. Later.

Kudos for speaking NNTP via telnet. :-)

> Even so, any of us can filter it out but the problem is at the
> peering, so now I understand the suggestion of "de-peering" better!

The problem is Google.

Google is the singular source of the problem of spam from Google Groups.
The news servers / administrators peered with Google are less of the
problem. They are simply trying to be a common carrier and carry all
articles equally.

The peers aren't the source of the spam.

Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
with Google".

> As I said, I'm astounded Google is allowing this to happen when
> they won't even let me log into my long-time email from the VPN
> service I've been using for years - but Google is Google after all.

Google has incentive to block you from using a VPN. I can't articulate
what that incentive is, but I understand that your use of a VPN
adversely impacts their business model.

> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
> is truly coming from Google servers, then that's where the solution lies.

Yep.

> Even Google put his email on a suspension once I wrote a formal
> letter which included the report to the FBI - but I don't know
> what happened of it as they told me never to contact him ever.

Sadly, I suspect it's going to take something like a police / FBI report
to get attention of the people you need.

> That was hard enough.

Yep. Getting Google to stop spam that doesn't impact them in a segment
that they don't make any money from, that will be difficult.

This is especially true if Google is avoiding the backlash of shutting
down -- what I call -- their Google Groups Usenet gateway.

> It's even worse with Highwinds because I'm sure legitimate posters
> must use it (do they?). If so, then highwinds can't be de-peered.

HighWinds can be de-peered just like Google can be.

> I was hoping it was someone reputable, like Steve or Jesse
> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.

If you want to get an individual person to rattle Google's cage, try to
get someone like Tavis Ormandy of Google's Project Zero.

> Finally after many calls (it's essentially impossible to get someone unless
> you know someone who knows exactly the someone you need to talk to) I was
> able to get it fixed, but the elapsed time was months in between.

That was for a broken routing issue.

Now just imagine for something that is working as intended / designed /
configured.

> It might even be worse here because at least Google cares about Maps.

Yep.

> Does anyone know of a way to _complain_ about it that exists somewhere?

Nope.

--
Grant. . . .

On 12/3/23 17:45, Wally J wrote:
> Both servers the error below (which you knew but I did not).
> "Posting article failed: Can't set system Injection-Info: header

Yep.

You're obviously not a configured / recognized peer and thus not allowed
to provide the Injection-Info: header.

I suspect that the Path: header is equally well protected.

> Unless there's a compliant nntp server, I'll accept that the
> Injection-Info header can't be (trivially easily) forged.

Hence why I say that end users can't spoof the Injection-Info: or the
Path: header.

This has to come from a trusted peer or the purported source.

> At least not with a simple "telnet newsserver 119" session.

*nod*

> Thanks for letting me know I can filter on that line.

So ... does this mean that you are starting to think about filtering all
messages from Google, at least in the newsgroup that you're interested in?

> But this is best taken up with the powers that be in this order.
>
> 1. Google

Almost certainly deaf ears and / or don't care.

> 2. Peers

Likely deaf ears and / or don't care.

> 3. Users

Yep.

Users are left to clean up the mess that others make way too often.

--
Grant. . . .

Grant Taylor <gtaylor@tnetconsulting.net> wrote

> Just about everybody else I've talked to believes the messages originate
> from Google.
>
> I can't recall anyone actually saying that the messages originate elsewhere.

OK. Thanks. I apologize for calling folks stupid as even I just now
implemented regex filters to filter out _all_ Google Usenet posts.

It's stupid; but it's the easiest thing to do. I agree. I just did it.
So call me stupid. I get it now.

If people want to post to Usenet, they will just have to know to not use
Google Groups to do it. That's the result. I'm filtering it now myself.

I apologize it took me this long to understand, but now I agree with all
the arguments that the news servers can't do much else given the newservers
they peer with peer with Google, where de-peering isn't as easy as I had
thought it would be.

It would have to be the news server doing EXACTLY what I just did.
Drop all messages coming from Google Groups users.

It's too bad _any_ news servers peer with Google then, it seems.

Namely Highwinds and Giganews (but I'm not sure which are the culprits).

Again, I am sorry I didnt' realize any of this when I had first posted.
It took me a bunch of articles to get up to speed where I see now why "my"
solution will have to be to just filter them _all_ out at receipt. Sigh.

Luckily it's easy as there are at least three headers which are unique.
Injection-Info: google-groups.googlegroups.com...
Message-ID: <...@googlegroups.com>
User-Agent: G2/1.0

Of those three, I can easily see why people prefer the "injection-info".
So now I'm filtering it all out. Sorry for taking so long to come to that
realization. I didn't know about the de-peering issues you brought up.

BTW, there's a project, I see, that tries to help users filter it all out.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>

Thanks for your help. My biggest hurdle was that I thought Google wouldn't
allow it, and that if it happened, they'd put a stop to it pronto.

I thought it was a fluke.
Someone slipping in an accidentally opened window.
One that Google would close the moment that they realized it was open.
Which is why I thought it more likely it went around Google.

But I have to agree with you that it's actually coming from Google.
Sigh.

I have friends who had worked there and they're all smart guys who know how
to code well. They just have to be given the task by Google Management.

In article <ukioei$m66l$1@paganini.bofh.team>,
Wally J <walterjones@invalid.nospam> wrote:
>The Doctor <doctor@doctor.nl2k.ab.ca> wrote
>
>> More reason to depeer Google GRoups now!
>
>I don't know what "depeer" means, but I suspect it means to nuke it.
>Sometimes nuking is appropriate. Most of the time it's too drastic.
>
>Cutting out this spam should be as easy as not peering it - should it not?
> <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
>I'm not for knee-jerk reactions, but targeted surgical strikes.
>Maybe the problem is a single reliable news server is peering this spam?
>
>But I don't know enough about headers to determine who is peering it.
>I can read the path but I know the path can have injected components.
>
>For example, I'm assuming that none of this spam actually is coming from
>google posters - I'm assuming it's all coming from a roge nntp server who
>is impersonating a google groups poster.
>
>How can we tell who peered it first from the originating rouge nntp server?
>
>Here's a thread which brought up the subject where each recipient has to
>figure out on his own newsreader how to nuke this spam which purports to
>come from Google Groups (I suspect it comes from a rogue
>Like this thread, posted today, trying to solve this exact problem.
> <https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>
>
>The only reason I doubt this spam is coming from google users is Google
>would put a stop to this - but it's been happening for weeks on end.
>
>So I 'suspect' that it's coming from a rogue nntp news server.
>Which is why I'm asking the question that I'm asking.
>
>Who is peering all these spams ostensibly from Google Groups?

Depeer means dropping a newsfeeds as a peer.
--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

In article <ukisac$30te6$2@dont-email.me>,
candycanearter07 <no@thanks.net> wrote:
>On 12/3/23 14:36, Grant Taylor wrote:
>> On 12/3/23 14:29, Wally J wrote:
>>> I don't know what "depeer" means, but I suspect it means to nuke it.
>>
>> Depeering means to no longer carry any articles from a news server.
>>
>>> Sometimes nuking is appropriate. Most of the time it's too drastic.
>>>
>>> Cutting out this spam should be as easy as not peering it - should it
>>> not?
>>
>> It's relatively easy to filter out /everything/ from Google.
>>
>> It's much Much MUCH more difficult to filter /some/ /but/ /not/ /all/
>> from Google.
>
>Yeah. I just filter everything from Google.

Same here!

>--
>user <candycane> is generated from /dev/urandom
>

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com

In article <ukjopv$bqb$1@tncsrv09.home.tnetconsulting.net>,
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 12/3/23 17:07, Wally J wrote:
>> Hi Grant,
>
>Hi Wally,
>
>> Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
>> been able to figure it out on my own.
>
>Apology returned to sender as unnecessary.
>
>> Thanks for being nice about my faux
>> pas. It was stupid of me to not realize that's what it had meant.
>
>You're welcome.
>
>I believe that people trying to engage in civil conversation deserve
>civil responses.
>
>I don't think stupid. If anything, unaware. But, you are now aware,
>and therefor a little bit better off. :-)
>
>> Especially since that was my whole point.
>
>;-)
>
>> How do you de-peer the spams (which I suspect are not coming from Google).
>
>You don't de-peer individual messages. You de-peer ... peer news servers.
>
>Few news servers directly peer with Google.
>
>Most news servers peer with other news server(s) that eventually peer
>with Google.
>
>So the only way that most news server administrators have to de-peer
>Google, in a manner of speaking, is to not allow messages from Google
>into their news server.
>
>> (EDIT: I see below that you suspect they _are_ coming from Google though.)
>>
>> There are hundreds just today alone that anyone can see are clearly spam.
>> <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
>Yep.
>
>> I am almost 86 so I lived through the days when we'd complain to a host
>> admin that someone spammed us once in a month or two, and then I lived
>> through making my own procmail filters on SunOS, so I'm familiar with the
>> fact that it's just plain stupid to filter out everything from Google.
>
>I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
>is a little bit different.
>
>You may think it stupid that I have blocked all Google messages on my
>server. But you are as free to have your opinion as I am to have mine. ;-)
>
>The question is how much time is a news administrator willing to spend
>combating spam before they block a site entirely?
>
>Would you continue to accept messages from a small individual news
>server if 1 in 1,000 server legitimate and the other 999 were blatant
>spam? What if that was a university? What if it was google? What if
>it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
>when you would block an entire site because of the ratio of ham to spam?
> Does the size of the site make any difference?
>
>For me personally, I was spending an hour or more a day fighting Google
>spam and only getting to enjoy participating in conversations like this
>for about 15 minutes a day. After about two weeks of that, I decided to
>try filtering Google for a few days to see what I thought of it. I've
>got to say that I'm enjoying that 15 minutes on Usenet again and the
>hour (plus) of time that I've gotten back every day.
>
>Given that Usenet is flood full, all my peers that peer with someone
>other than me can get their messages from Google another way.
>
>I get to run my server the way that I want to. I choose to run my
>server in a way that makes me happy, or at the very least doesn't
>actively make me unhappy and want to shut it down.
>
>> People do it all the time.
>> But only stupid people do it.
>
>I guess I'm a stupid person then.
>
>> A smart admin would have a smarter filter than "everything".
>> Worse....
>
>I suspect you aren't intending to make a personal attack. But I'll ask
>you politely to not insult people who make their own choice, even if you
>don't agree with it.
>
>> I suspect NONE of this spam is actually coming from Google anyway.
>> (But I just saw below that you suspect they _are_ coming from Google.)
>>
>> For a filter, it's the same thing of course, but isn't it different to an
>> nntp server who can tell where it's coming from better than I can tell?
>
>NNTP servers have a modicum of trust in each other. As in only NNTP
>peers are allowed to specify the Path header. Meaning that it's
>considerably more difficult for a /client/ to provide a forged path.
>
>All of the Google spam samples that I looked at had everything indicate
>that it was from Google; Path, Message-ID, From, etc. -- I no longer
>have any articles that originated from Google on my server as I had my
>server search through nearly 28 million messages to remove any messages
>from Google. -- That's how strongly I believe the spam originates from
>Google.
>
>Just about everybody else I've talked to believes the messages originate
>from Google.
>
>I can't recall anyone actually saying that the messages originate elsewhere.
>
>There are those that keep an open mind and allow for the possibility
>that they originate elsewhere.
>
>Google is notoriously non-responsive for dealing with problems
>originating from them into many ecosystems, Usenet is just the one being
>discussed here.
>
>As a former Google employee, I know how the people who supposedly are
>responsible for -- what I call -- the Google Groups Usenet gateway treat
>it at best as an also ran service.
>
>Google has a quite bad reputation as being a source of spam in the email
>community. All you need to do is look at the mailop / NANOG / Spammers
>Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find
>hundreds of people talking about Google being the source of spam email
>and Usenet articles.
>
>There is exceedingly little doubt that Google is a source of massive
>amounts of spam.
>
>I have not seen any evidence that supports that someone is trying to
>frame Google by pretending to be them. -- I'd be quite curious to see
>any such statements.
>
>Google has responded to previous complaints about a few groups by making
>them read-only. At which point the spammers shift to different
>newsgroups. But this game of whack-a-mole is untenable and extremely slow.
>
>While at Google I witnessed them take 18 months to halfheartedly and
>ineffectively slow down, but not actually stop, spam originating from
>calendar invites.
>
>I experienced Google refusing to allow creation of new newsgroups for
>something that had a long history and pattern of newsgroups. I was
>ready to submit a change for the Windows 10 newsgroup to be created but
>was told that my change would be rejected and to not bother. I asked
>about the Firefox and Thunderbird newsgroups when Mozilla announced
>discontinuation of their (outsourced) news servers and was told to not
>even bother.
>
>I wholeheartedly believe that Google /is/ the source of the spam that
>appears to be from them and that they are not the victim of an attack.
>
>> I'm sure that's why they seem to be changing up the subject, headers, from,
>> injection information, etc. in those headers.
>
>I think one of the reasons that there are so many different clusters of
>similarities is because there are so many spammers each sending their
>own type of spam.
>
>A quote from a well known science fiction movie comes to mind, "You will
>never find a more wretched hive of scum and villainy." Mos Eisley^W^W
>Google.
>
>> I'm almost certain (based on the modus operandi) that NONE of them are
>> actually coming from Google servers but I saw below that you're sure they
>> are, so I'd just ask how you know since almost everything in the header can
>> be forged (as far as I know) except for the final path in the header.
>
>I'd be very interested in how / why you are as certain that the messages
>aren't originating from Google as I am that they are.
>
>Please elaborate with a rebuttal to my comments above.
>
>> Oh. Really? I didn't see this until now. I was pretty sure none was coming
>> from Google simply because they'd put a stop to abuse pretty quickly you'd
>> think. And this is clearly abuse.
>
>Google want's you to think that they put a stop to spam quickly. But in
>effect, they don't. (See above about well respected places to see
>complaints.)
>
>> Is there a way (that works) to _complain_ to Google about it?
>> Maybe they care?
>
>I'm not aware of anything that works.
>
>> I understand belatedly that you believe that - but how can you tell?
>> I can't tell.
>
>Deduction / accumulation of many observations / experience working with
>the beast that is Google.
>
>> Sure the message-ID is an indication.
>> And the newsreader. But that can be forged.
>
>The Path: header is quite a bit more difficult to forge without being a
>news peer.
>
>I'm not aware of any (reputable) news server daemon / configuration that
>allows someone to spoof the Path: header.
>
>Sure, news servers can feed peers spoofed Path: headers. But it's quite
>difficult to do the original spoof without a corroborating news server.
>
>I strongly suspect that if there was a corroborating news server /
>administrator that was the source of the articles, the multiple people
>spending hours a day fighting this blight would have identified it and
>de-peered them without filtering Google.
>
>The vast majority of people want to not filter Google. The sad reality
>is that just about everybody has some point that filtering Google seems
>reasonable to them. It's simply a question of what that point is. --
>There's a crude joke that finishes with "we've already established that,
>now we're just negotiating price".
>
>> About the only thing that can't be forged are sections of the path.
>
>Exactly.
>
>> But they can 'inject' stuff into the path that is meaningless.
>
>As I indicated above, injecting something into the Path can only be done
>by /news/ /servers/. It's not something that properly configured news
>servers allow clients to do.
>
>As such, the injection is not something that end users can do.
>
>> So how do you know that it's really coming from Google servers?
>> (I strongly suspect it is not for the reasons I already stated.)
>
>Deja vu. ;-)
>
>> We have to confirm if it's coming from Google because the solution then is
>> at Google whereas if they're just spoofing Google, the solution is
>> elsewhere.
>
>I hope that I've elaborated why I'm convinced that the spam is
>originating at Google.
>
>But I think it's worse than just needing to talk to Google.
>
>At this point I believe that Google is actually complicit in their
>negligent to do anything about it.
>
>N.B. I don't consider making specific groups read-only in a game of
>whack-a-mole to be sufficient.
>
>N.B. I consider that Google's action of making some groups read-only to
>be tantamount to admission that said group was a source of spam.
>
>> By now I see that you feel strongly it's coming from Google.
>> But how do you know?
>
>Deja vu.
>
>> And more importantly, how does "de-peering" happen so that it stops?
>
>There is actual de-peering wherein the news servers that are actually /
>directly peered with Google turn off the connection with Google.
>
>Then there is filtering like what some of us have done wherein we make
>our down-stream servers simply refuse to accept any articles that come
>from Google.
>
>There are multiple ways to detect if an article comes from Google. The
>best is to look for postnews.google.com and / or
>google-groups.googlegroups.com in the Path. Some choose to filter based
>on part of the Message-ID: header. Still others choose to filter based
>on the From: email address.
>
>I have configured cleanfeed on my news server to reject messages from
>postnews.google.com and google-groups.googlegroups.com. As such, my
>server is happy to have articles from @gmail.com email addresses. -- I
>doubt that anyone will bother spoofing a Message-ID:. But I'm happy to
>have @gmail.com users send email through non-Google news servers.
>
>> I lived through DejaNews so I'm aware of what you say, and I certainly know
>> a google search on the real google.com is different in functionality than a
>> search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
>> least DejaGoogle exists.
>
>As time passes, more and more of the access to Usenet articles through
>Google Groups is taken away.
>
>I wanted to see if I could see the Path: for spam in Google Groups as it
>would be remarkably short if the spam existed in Google Groups and was
>originating in Google Groups. But, sadly, "Show original message" is
>greyed out.
>
>> I use it only for a lookup/search/reference engine, which it's very good at
>> but I wouldn't even think of posting using Google Groups for all the
>> reasons that nobody would be caught dead using AOL in the olden days.
>
>In my not so humble opinion, AOL at it's worst still has a better
>reputation than Google currently does amongst news and email administrators.
>
>If Google wasn't as big as they are, more admins would have blocked them
>already.
>
>It is only Google's size that causes admins to hesitate.
>
>> OK. So you think it's coming from Google. And that means Google either
>> doesn't know about it - or - Google isn't doing anything about it.
>
>I very strongly believe that it's the latter; Google isn't doing
>anything (effective) about it.
>
>> Is there any way to "complain" to Google to figure out which it is?
>
>I wasn't able to find anything effective while I was on the inside. In
>fact, I was given -- let's go with -- the cold shoulder brush off and
>actively discouraged to try to make things better.
>
>> The PATH (read right to left of course) isn't meaningful when anyone clever
>> can inject components into it.
>
>But my understanding and working premises is that /not/ /just/ /anyone/
>can spoof the Path: header.
>
>> I don't know what portion of the path is inviolable though.
>> Do you?
>
>Both all of it for the average user and none of it for a news administrator.
>
>My working understanding / premises is that news servers do not accept a
>Path: header from end users. News servers only accept Path: headers
>from other news servers. The news server appends it's name / path to
>the left side of the Path: header contents.
>
>As such, the only way to get postnews.google.com and / or
>google-groups.googlegroups.com into the path without actually passing
>through it is for a news server, or someone with news peer level access.
>
>As you can probably see from a number of newsgroups, the text-only news
>server community is relatively small and cooperative as well as being
>well motivated to stop the spam.
>
>I remain convinced that if there was someone pretending to be Google
>originating this spam, that the community would have an idea and would
>be working to depeer them.
>
>> Assuming they're injecting into the path, what part of the path in the
>> previously listed spams do you think are actually real?
>
>I have not seen any reason to doubt the Path: because of the special
>nature of the Path: header.
>
>Maybe I'm wrong. If I am, please correct / enlighten me. I'd like to
>learn more.
>
>But everything that I've experienced thus far either directly indicates
>or supports that the spam is originating from Google Groups.
>

Grant Taylor <gtaylor@tnetconsulting.net> wrote

>> Thanks for letting me know I can filter on that line.
>
> So ... does this mean that you are starting to think about filtering all
> messages from Google, at least in the newsgroup that you're interested in?

Well, um, er... it's embarrassing, especially after I said it was stupid to
just filter out all Google Groups posts, but I've already implemented it.

So can I take my words back now? :)
I'm surprised you didn't ream me harder. Thanks for being nice about it.

>
>> But this is best taken up with the powers that be in this order.
>>
>> 1. Google
>
> Almost certainly deaf ears and / or don't care.

Given Google won't even let me log into my own email account on VPN, I
wasn't prepared when I asked the question for the answer to be that google
isn't doing a thing about it. It wasn't one of the considerations I had.

I _still_ think if we get to the right people, we can get them to do
something about it. We just need a way to "tell them".

Tomorrow I'll call Mountainview (but I've been there, done that). The
operator must work on the side for the Gestapo as she'll never give you
anyone's phone number. But she might give me a "contact" method, which
likely entails a general Q&A location - but I'll try it nonetheless.

>> 2. Peers
>
> Likely deaf ears and / or don't care.

That's the second shock. I was trying to think logically what the problem
was, assuming it was an accidentally opened window they were climbing in.

But if the window is left open on purpose, then that means the only avenue
left is for each user to filter it out (or for the responsible servers to).

Do I have my understanding correct yet that it's kind of like this?

1. The spammer logs into google groups and posts mountains of spam.
2. Servers just as Giganews & Highwinds peer with Google (I think).
3. Servers such as dizum, mixmin, E-S, paganini, etc., peer with them.
4. We get the articles from any one of those news servers.

Is that kind of how it works?

If so, then is the culprit first & foremost Google.
But secondly the servers that peer with Google?

>
>> 3. Users
>
> Yep.
>
> Users are left to clean up the mess that others make way too often.

Well. I just did it. I called it stupid. But I have to eat my words.
I thought the right answer was to ask Google to close the window.
Or, worst case, to ask peers to stop peering Google servers.

Now that I'm edified, I still think those are the right answers.
But they'll never happen (based on what folks told me).

So I implemented a complete plonk already.
I could have picked any of the three headers
a. Message id
b. Newsreader
c. Injection-info

So I picked the Injection info.
Luckily it's easy to do for all people on all newsreaders.

There's even a web site to help them do it.
<http://twovoyagers.com/improve-usenet.org/filters_ex3.html>
--
Usenet is a useful way to meet people who know more than I do.

Grant Taylor <gtaylor@tnetconsulting.net> wrote

>> And maybe that's what we'll have to do as I don't think I've ever seen a
>> Usenet post from a Google Groups' poster that held any pertinent value.
>
> As I said elsewhere, I've had good conversations with people that post
> to Usenet from Google Groups. It does happen.

I'll ask Andy Burns to post his filters to the thunderbird newsgroup.

Here's a snippet of his conversation earlier today on comp.mobile.android
I have a separate address book called "google whitelist"
I put people in it of I know they're google groups users
I have a message filter that has two rules and two actions
IF "from" ISN'T IN ADDR BOOK "google whitelist"
AND message-id CONTAINS "@googlegroups.com"
THEN mark as read
AND add tag #6
That's thunderbird, I'm sure other clients can do similar

Here's the dejagoogle link to that conversation today:
*fumigation?*
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4>
Post:
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/Q6bzV3aKAwAJ>
<https://groups.google.com/g/comp.mobile.android/c/CvM86LHCHh4/m/zL-_isyMAwAJ>

Here's a web site trying to do something about it to help users implement
the filter since it's best if one person implements it & the others copy.
<http://twovoyagers.com/improve-usenet.org/index.html>

>
>> But before I do that, I still think there must be a better way, where what
>> some people do on c.m.a is check a whitelist and then plonk if not in it.
>
> How complicated of a filter do you want to set up and maintain?

Well, see above. If we can get one person on each newsreader to post their
"complicated" filter, then everyone benefits. But I get your point.

I, myself... don't feel like _writing_ a complicated filter.
Of course, I'll _implement_ one if someone gives it to me.

Likewise I think with many users.
But I get your point.

I already implemented a blind kill-all filter based on the Injection.

>
>> But that's gonna be newsreader-specific code (unlike procmail was).
>
> Yep.

This site is trying to give newsreader-specific solutions.
<http://twovoyagers.com/improve-usenet.org/index.html>

>> But maybe I can't. I don't know. I'm not all that clever.
>> But I know how to use Telnet so I can try it. Later.
>
> Kudos for speaking NNTP via telnet. :-)

Thanks.

>
>> Even so, any of us can filter it out but the problem is at the
>> peering, so now I understand the suggestion of "de-peering" better!
>
> The problem is Google.

I had trouble believing that. But if they know about it, and don't do
anything about it, then the problem _is_ google, I agree.

They make a newsgroup unusable without filtering them out.

>
> Google is the singular source of the problem of spam from Google Groups.
> The news servers / administrators peered with Google are less of the
> problem. They are simply trying to be a common carrier and carry all
> articles equally.

Yes but. If the peers-with-google dropped their messages, maybe Google
would think twice? Dunno. I'll give Mountainview a call tomorrow.

But last time I called Google to get them to do something was long ago
when I tried to get them to change their dejagoogle URI from this...
<https://groups.google.com/forum/#!forum/newsgroup.name.here>
To this...
<https://groups.google.com/g/newsgroup.name.here>

For example, from this:
<https://groups.google.com/forum/#!forum/news.admin.peering>
<https://groups.google.com/forum/#!forum/news.software.nntp>
<https://groups.google.com/forum/#!forum/comp.mobile.android>

For example, to this:
<https://groups.google.com/g/news.admin.peering>
<https://groups.google.com/g/news.software.nntp>
<https://groups.google.com/g/comp.mobile.android>
etc.

When I created these shortcuts (really long ago for most of them).
<http://tinyurl.com/news-admin-peering>
<http://tinyurl.com/news-software-nntp>
<http://tinyurl.com/comp-mobile-android>
etc.

> The peers aren't the source of the spam.
>
> Don't shoot the ${MESSENGER}. where MESSENGER is "the news server peered
> with Google".

Well, the solution, as I think everyone agrees, is for Google to do their
job. I'm shocked, actually, that Google allows this. You're not. But I am.

Again, I will call Mountainview and try to get a human (fat chance).
They may give me a way though to file a complaint using my Google Account.
That's how they fixed the Google Maps errors I had told them about.
That took 'em only a month - but I suspect this process will be longer.
If not forever.

>
>> As I said, I'm astounded Google is allowing this to happen when
>> they won't even let me log into my long-time email from the VPN
>> service I've been using for years - but Google is Google after all.
>
> Google has incentive to block you from using a VPN. I can't articulate
> what that incentive is, but I understand that your use of a VPN
> adversely impacts their business model.

Understood. The weird thing though is their coding is so sophomoric that it
even blocks me when I post from a public library to a large group of my
neighbors, but it doesn't block me when I post from home - but get this -
the same account posts to the same neighbors (so it's just bad coding).

>> If peers can confirm this spam on c.m.a (and I'm sure many other ngs)
>> is truly coming from Google servers, then that's where the solution lies.
>
> Yep.
>
>> Even Google put his email on a suspension once I wrote a formal
>> letter which included the report to the FBI - but I don't know
>> what happened of it as they told me never to contact him ever.
>
> Sadly, I suspect it's going to take something like a police / FBI report
> to get attention of the people you need.

Yeah. And that took a formal paper letter. They wouldn't accept anything
else but a letter with documentation (which wasn't hard to do but nowadays
we use email for almost everything).

>
>> That was hard enough.
>
> Yep. Getting Google to stop spam that doesn't impact them in a segment
> that they don't make any money from, that will be difficult.
>
> This is especially true if Google is avoiding the backlash of shutting
> down -- what I call -- their Google Groups Usenet gateway.

Well, I'm glad the search engine exists, and I've been a big proponent of
it for many years, as it's much better than some of the others, e.g.,
Narkives:
<https://news.admin.peering.narkive.com>
<https://news.software.nntp.narkive.com>
<https://comp.mobile.narkive.com>
etc.

>
>> It's even worse with Highwinds because I'm sure legitimate posters
>> must use it (do they?). If so, then highwinds can't be de-peered.
>
> HighWinds can be de-peered just like Google can be.

I think it's highwinds and giganews but I don't know much about peering.

>
>> I was hoping it was someone reputable, like Steve or Jesse
>> or Wolfgang (Ray Bananna) or Paolo (if he's still alive) or
>> Ivo or Daniel/Monica/Benjamin or Roman or Alex or Steen, et al.
>
> If you want to get an individual person to rattle Google's cage, try to
> get someone like Tavis Ormandy of Google's Project Zero.

I don't think they'll ever let me get to a person inside without a person
inside giving me the email, but I will try tomorrow but I don't expect a
miracle.

>
>> Finally after many calls (it's essentially impossible to get someone unless
>> you know someone who knows exactly the someone you need to talk to) I was
>> able to get it fixed, but the elapsed time was months in between.
>
> That was for a broken routing issue.
>
> Now just imagine for something that is working as intended / designed /
> configured.

Yeah. I know. Plus they care about Google Maps being correct.
DejaGoogle they don't (most likely).

>
>> It might even be worse here because at least Google cares about Maps.
>
> Yep.
>
>> Does anyone know of a way to _complain_ about it that exists somewhere?
>
> Nope.

Thanks for being nice to me, especially since I had barged in clueless.
If something comes of my call tomorrow, I'll let you know.
But I don't expect much (and I'm sure you expect even less than I do).
--
The whole point of Usenet is to find people who know more than you do.
And to contribute to the overall tribal knowledge value of the newsgroup.
It's a domino effect where each of us helps the next person in the lineup.

Grant Taylor <gtaylor@tnetconsulting.net> writes:

> HighWinds can be de-peered just like Google can be.

The follow-on problem there is that in today's world, if your ISP still
offers usenet access, or if you subscribe to a commercial usenet
provider, there's a high probability that what you're connecting with is
in reality nothing more than a front-end to Highwinds/Abavia/Giganews.

At least users of Google Groups *know* they're using Google Groups, even
if they don't understand the distinction between that and usenet.

Am 04.12.2023 um 08:23:15 Uhr schrieb Tom Furie:

> The follow-on problem there is that in today's world, if your ISP
> still offers usenet access, or if you subscribe to a commercial usenet
> provider, there's a high probability that what you're connecting with
> is in reality nothing more than a front-end to
> Highwinds/Abavia/Giganews.

What is the problem here?

Marco Moock <mm+usenet-es@dorfdsl.de> writes:

> What is the problem here?
Unwitting innocents falling foul of the backwash if we get to the point
of feeling the need to shut off from those path components. Not a
significant hurdle, but a factor to be aware of.

Those users likely won't be aware that the server at "news.myisp.com" or
"news.retentionallthewayback.net" or whatever is just one of those bulk
services with a custom facade.

The difference being that Google Groups users know they're using Google
Groups and make the conscious choice as to whether to continue to do so.