In article <ukjopv$bqb$1@tncsrv09.home.tnetconsulting.net>,
Grant Taylor <gtaylor@tnetconsulting.net> wrote:
>On 12/3/23 17:07, Wally J wrote:
>> Hi Grant,
>
>Hi Wally,
>
>> Oh. DE-PEER! Duh. Sorry. I never heard the term before but I should have
>> been able to figure it out on my own.
>
>Apology returned to sender as unnecessary.
>
>> Thanks for being nice about my faux
>> pas. It was stupid of me to not realize that's what it had meant.
>
>You're welcome.
>
>I believe that people trying to engage in civil conversation deserve
>civil responses.
>
>I don't think stupid. If anything, unaware. But, you are now aware,
>and therefor a little bit better off. :-)
>
>> Especially since that was my whole point.
>
>;-)
>
>> How do you de-peer the spams (which I suspect are not coming from Google).
>
>You don't de-peer individual messages. You de-peer ... peer news servers.
>
>Few news servers directly peer with Google.
>
>Most news servers peer with other news server(s) that eventually peer
>with Google.
>
>So the only way that most news server administrators have to de-peer
>Google, in a manner of speaking, is to not allow messages from Google
>into their news server.
>
>> (EDIT: I see below that you suspect they _are_ coming from Google though.)
>>
>> There are hundreds just today alone that anyone can see are clearly spam.
>> <https://i.postimg.cc/6pj29c6f/spam01.jpg>
>
>Yep.
>
>> I am almost 86 so I lived through the days when we'd complain to a host
>> admin that someone spammed us once in a month or two, and then I lived
>> through making my own procmail filters on SunOS, so I'm familiar with the
>> fact that it's just plain stupid to filter out everything from Google.
>
>I too make *EXTENSIVE* use of procmail for my email. Filtering Usenet
>is a little bit different.
>
>You may think it stupid that I have blocked all Google messages on my
>server. But you are as free to have your opinion as I am to have mine. ;-)
>
>The question is how much time is a news administrator willing to spend
>combating spam before they block a site entirely?
>
>Would you continue to accept messages from a small individual news
>server if 1 in 1,000 server legitimate and the other 999 were blatant
>spam? What if that was a university? What if it was google? What if
>it was more like 1 in 10,000 / 100,000 / 1,000,000? Is there a point
>when you would block an entire site because of the ratio of ham to spam?
> Does the size of the site make any difference?
>
>For me personally, I was spending an hour or more a day fighting Google
>spam and only getting to enjoy participating in conversations like this
>for about 15 minutes a day. After about two weeks of that, I decided to
>try filtering Google for a few days to see what I thought of it. I've
>got to say that I'm enjoying that 15 minutes on Usenet again and the
>hour (plus) of time that I've gotten back every day.
>
>Given that Usenet is flood full, all my peers that peer with someone
>other than me can get their messages from Google another way.
>
>I get to run my server the way that I want to. I choose to run my
>server in a way that makes me happy, or at the very least doesn't
>actively make me unhappy and want to shut it down.
>
>> People do it all the time.
>> But only stupid people do it.
>
>I guess I'm a stupid person then.
>
>> A smart admin would have a smarter filter than "everything".
>> Worse....
>
>I suspect you aren't intending to make a personal attack. But I'll ask
>you politely to not insult people who make their own choice, even if you
>don't agree with it.
>
>> I suspect NONE of this spam is actually coming from Google anyway.
>> (But I just saw below that you suspect they _are_ coming from Google.)
>>
>> For a filter, it's the same thing of course, but isn't it different to an
>> nntp server who can tell where it's coming from better than I can tell?
>
>NNTP servers have a modicum of trust in each other. As in only NNTP
>peers are allowed to specify the Path header. Meaning that it's
>considerably more difficult for a /client/ to provide a forged path.
>
>All of the Google spam samples that I looked at had everything indicate
>that it was from Google; Path, Message-ID, From, etc. -- I no longer
>have any articles that originated from Google on my server as I had my
>server search through nearly 28 million messages to remove any messages
>from Google. -- That's how strongly I believe the spam originates from
>Google.
>
>Just about everybody else I've talked to believes the messages originate
>from Google.
>
>I can't recall anyone actually saying that the messages originate elsewhere.
>
>There are those that keep an open mind and allow for the possibility
>that they originate elsewhere.
>
>Google is notoriously non-responsive for dealing with problems
>originating from them into many ecosystems, Usenet is just the one being
>discussed here.
>
>As a former Google employee, I know how the people who supposedly are
>responsible for -- what I call -- the Google Groups Usenet gateway treat
>it at best as an also ran service.
>
>Google has a quite bad reputation as being a source of spam in the email
>community. All you need to do is look at the mailop / NANOG / Spammers
>Don't Like Us / SpamAssassin / ClamAV mailing lists and you will find
>hundreds of people talking about Google being the source of spam email
>and Usenet articles.
>
>There is exceedingly little doubt that Google is a source of massive
>amounts of spam.
>
>I have not seen any evidence that supports that someone is trying to
>frame Google by pretending to be them. -- I'd be quite curious to see
>any such statements.
>
>Google has responded to previous complaints about a few groups by making
>them read-only. At which point the spammers shift to different
>newsgroups. But this game of whack-a-mole is untenable and extremely slow.
>
>While at Google I witnessed them take 18 months to halfheartedly and
>ineffectively slow down, but not actually stop, spam originating from
>calendar invites.
>
>I experienced Google refusing to allow creation of new newsgroups for
>something that had a long history and pattern of newsgroups. I was
>ready to submit a change for the Windows 10 newsgroup to be created but
>was told that my change would be rejected and to not bother. I asked
>about the Firefox and Thunderbird newsgroups when Mozilla announced
>discontinuation of their (outsourced) news servers and was told to not
>even bother.
>
>I wholeheartedly believe that Google /is/ the source of the spam that
>appears to be from them and that they are not the victim of an attack.
>
>> I'm sure that's why they seem to be changing up the subject, headers, from,
>> injection information, etc. in those headers.
>
>I think one of the reasons that there are so many different clusters of
>similarities is because there are so many spammers each sending their
>own type of spam.
>
>A quote from a well known science fiction movie comes to mind, "You will
>never find a more wretched hive of scum and villainy." Mos Eisley^W^W
>Google.
>
>> I'm almost certain (based on the modus operandi) that NONE of them are
>> actually coming from Google servers but I saw below that you're sure they
>> are, so I'd just ask how you know since almost everything in the header can
>> be forged (as far as I know) except for the final path in the header.
>
>I'd be very interested in how / why you are as certain that the messages
>aren't originating from Google as I am that they are.
>
>Please elaborate with a rebuttal to my comments above.
>
>> Oh. Really? I didn't see this until now. I was pretty sure none was coming
>> from Google simply because they'd put a stop to abuse pretty quickly you'd
>> think. And this is clearly abuse.
>
>Google want's you to think that they put a stop to spam quickly. But in
>effect, they don't. (See above about well respected places to see
>complaints.)
>
>> Is there a way (that works) to _complain_ to Google about it?
>> Maybe they care?
>
>I'm not aware of anything that works.
>
>> I understand belatedly that you believe that - but how can you tell?
>> I can't tell.
>
>Deduction / accumulation of many observations / experience working with
>the beast that is Google.
>
>> Sure the message-ID is an indication.
>> And the newsreader. But that can be forged.
>
>The Path: header is quite a bit more difficult to forge without being a
>news peer.
>
>I'm not aware of any (reputable) news server daemon / configuration that
>allows someone to spoof the Path: header.
>
>Sure, news servers can feed peers spoofed Path: headers. But it's quite
>difficult to do the original spoof without a corroborating news server.
>
>I strongly suspect that if there was a corroborating news server /
>administrator that was the source of the articles, the multiple people
>spending hours a day fighting this blight would have identified it and
>de-peered them without filtering Google.
>
>The vast majority of people want to not filter Google. The sad reality
>is that just about everybody has some point that filtering Google seems
>reasonable to them. It's simply a question of what that point is. --
>There's a crude joke that finishes with "we've already established that,
>now we're just negotiating price".
>
>> About the only thing that can't be forged are sections of the path.
>
>Exactly.
>
>> But they can 'inject' stuff into the path that is meaningless.
>
>As I indicated above, injecting something into the Path can only be done
>by /news/ /servers/. It's not something that properly configured news
>servers allow clients to do.
>
>As such, the injection is not something that end users can do.
>
>> So how do you know that it's really coming from Google servers?
>> (I strongly suspect it is not for the reasons I already stated.)
>
>Deja vu. ;-)
>
>> We have to confirm if it's coming from Google because the solution then is
>> at Google whereas if they're just spoofing Google, the solution is
>> elsewhere.
>
>I hope that I've elaborated why I'm convinced that the spam is
>originating at Google.
>
>But I think it's worse than just needing to talk to Google.
>
>At this point I believe that Google is actually complicit in their
>negligent to do anything about it.
>
>N.B. I don't consider making specific groups read-only in a game of
>whack-a-mole to be sufficient.
>
>N.B. I consider that Google's action of making some groups read-only to
>be tantamount to admission that said group was a source of spam.
>
>> By now I see that you feel strongly it's coming from Google.
>> But how do you know?
>
>Deja vu.
>
>> And more importantly, how does "de-peering" happen so that it stops?
>
>There is actual de-peering wherein the news servers that are actually /
>directly peered with Google turn off the connection with Google.
>
>Then there is filtering like what some of us have done wherein we make
>our down-stream servers simply refuse to accept any articles that come
>from Google.
>
>There are multiple ways to detect if an article comes from Google. The
>best is to look for postnews.google.com and / or
>google-groups.googlegroups.com in the Path. Some choose to filter based
>on part of the Message-ID: header. Still others choose to filter based
>on the From: email address.
>
>I have configured cleanfeed on my news server to reject messages from
>postnews.google.com and google-groups.googlegroups.com. As such, my
>server is happy to have articles from @gmail.com email addresses. -- I
>doubt that anyone will bother spoofing a Message-ID:. But I'm happy to
>have @gmail.com users send email through non-Google news servers.
>
>> I lived through DejaNews so I'm aware of what you say, and I certainly know
>> a google search on the real google.com is different in functionality than a
>> search on http://groups.google.com/g/<put.name.of.usenet.group.here> but at
>> least DejaGoogle exists.
>
>As time passes, more and more of the access to Usenet articles through
>Google Groups is taken away.
>
>I wanted to see if I could see the Path: for spam in Google Groups as it
>would be remarkably short if the spam existed in Google Groups and was
>originating in Google Groups. But, sadly, "Show original message" is
>greyed out.
>
>> I use it only for a lookup/search/reference engine, which it's very good at
>> but I wouldn't even think of posting using Google Groups for all the
>> reasons that nobody would be caught dead using AOL in the olden days.
>
>In my not so humble opinion, AOL at it's worst still has a better
>reputation than Google currently does amongst news and email administrators.
>
>If Google wasn't as big as they are, more admins would have blocked them
>already.
>
>It is only Google's size that causes admins to hesitate.
>
>> OK. So you think it's coming from Google. And that means Google either
>> doesn't know about it - or - Google isn't doing anything about it.
>
>I very strongly believe that it's the latter; Google isn't doing
>anything (effective) about it.
>
>> Is there any way to "complain" to Google to figure out which it is?
>
>I wasn't able to find anything effective while I was on the inside. In
>fact, I was given -- let's go with -- the cold shoulder brush off and
>actively discouraged to try to make things better.
>
>> The PATH (read right to left of course) isn't meaningful when anyone clever
>> can inject components into it.
>
>But my understanding and working premises is that /not/ /just/ /anyone/
>can spoof the Path: header.
>
>> I don't know what portion of the path is inviolable though.
>> Do you?
>
>Both all of it for the average user and none of it for a news administrator.
>
>My working understanding / premises is that news servers do not accept a
>Path: header from end users. News servers only accept Path: headers
>from other news servers. The news server appends it's name / path to
>the left side of the Path: header contents.
>
>As such, the only way to get postnews.google.com and / or
>google-groups.googlegroups.com into the path without actually passing
>through it is for a news server, or someone with news peer level access.
>
>As you can probably see from a number of newsgroups, the text-only news
>server community is relatively small and cooperative as well as being
>well motivated to stop the spam.
>
>I remain convinced that if there was someone pretending to be Google
>originating this spam, that the community would have an idea and would
>be working to depeer them.
>
>> Assuming they're injecting into the path, what part of the path in the
>> previously listed spams do you think are actually real?
>
>I have not seen any reason to doubt the Path: because of the special
>nature of the Path: header.
>
>Maybe I'm wrong. If I am, please correct / enlighten me. I'd like to
>learn more.
>
>But everything that I've experienced thus far either directly indicates
>or supports that the spam is originating from Google Groups.
>

Still paralyse GG by depeering them.

>
>
>--
>Grant. . . .

--
Member - Liberal International This is doctor@nk.ca Ici doctor@nk.ca
Yahweh, King & country!Never Satan President Republic!Beware AntiChrist rising!
Look at Psalms 14 and 53 on Atheism ; unsubscribe from Google Groups to be seen
Merry Christmas 2023 and Happy New year 2024 Beware https://mindspring.com