SPAMCOP HOME · SPAMCOP FAQ · NEWSGROUPS · FORUM FAQ · WEBMAIL · SSL WEBMAIL · SPAMCOPWIKI


 Other words, data, places -->  SpamCop Pages V  FAQs & Words V  Newsgroups V  WebMail V  News-Recent Stuff V   Poll on menu

------>------> Latest and Current Announcements <------<------

Welcome Guest ( Log In | Register )

> This is a User to User Support Forum

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)
Another try:
This forum is composed of people who have used spamcop and those who are learning about anti-spam efforts.

 
Reply to this topicStart new topic
> Recent increase in Chinese spam
A.J.Mechelynck
post Apr 7 2013, 05:00 AM
Post #1


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



Since a few days, I'm getting a lot of spam from China. Here's my latest one:
http://www.spamcop.net/sc?id=z5486059763z0...e8ef8310c852cdz
Are other people seeing the same thing or is it just me?


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
ananda
post Apr 7 2013, 05:05 AM
Post #2


Newbie
*

Group: Members
Posts: 6
Joined: 27-October 12
Member No.: 10946



Most of my spam is coming from Belarus.

George
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Apr 7 2013, 07:51 AM
Post #3


What Life?
Group Icon

Group: Membersph
Posts: 6331
Joined: 23-February 04
From: Western Australia
Member No.: 491



I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 7 2013, 09:06 AM
Post #4


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(Farelf @ Apr 7 2013, 01:51 PM) *

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.

Most of my spam is also “easily identified” and “pretty pathetic” but these days (this week, let's say) I'm seeing an increase by an order of magnitude or so, with subjects usually either in Chinese or in gobbledygook, and coming from IP sources in .cn — It's the increase that alarms me. What did I do wrong? Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
lisati
post Apr 7 2013, 01:47 PM
Post #5


Advanced Member
***

Group: Membera
Posts: 169
Joined: 1-February 10
Member No.: 9772



Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 7 2013, 02:04 PM
Post #6


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(lisati @ Apr 7 2013, 07:47 PM) *

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
petzl
post Apr 8 2013, 04:58 AM
Post #7


Been There
Group Icon

Group: Memberp
Posts: 1484
Joined: 20-January 04
From: Sydney Australia
Member No.: 6



QUOTE(A.J.Mechelynck @ Apr 8 2013, 05:04 AM) *

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.

try MailWasher to POP for you
In
Settings
spam Tools/Origin of spam
Click "+ ADD" button
in "Filter Name" box call it China
in "domain to validate" box put
cn.countries.nerd.dk
And no spam will go to your inbox, it ill be ready for reporting to you super secret spamcop email address
MailWasher can also detect Chinese characters in
spam Tools//My Filters
Yes it's Freeware


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Geek
post Apr 8 2013, 05:22 AM
Post #8


Advanced Member
***

Group: Membera
Posts: 227
Joined: 9-April 06
From: Canada
Member No.: 5532



QUOTE(A.J.Mechelynck @ Apr 7 2013, 03:00 AM) *

Since a few days, I'm getting a lot of spam from China.
...
Are other people seeing the same thing or is it just me?


Here too (IMG:style_emoticons/default/sad.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 06:17 AM
Post #9


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(petzl @ Apr 8 2013, 10:58 AM) *
[...]
try MailWasher to POP for you
[...]

QUOTE
Operating System: Works with Windows 7 and 8, Windows Vista, XP

I'm on openSUSE Linux.


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
petzl
post Apr 8 2013, 07:03 AM
Post #10


Been There
Group Icon

Group: Memberp
Posts: 1484
Joined: 20-January 04
From: Sydney Australia
Member No.: 6



QUOTE(A.J.Mechelynck @ Apr 8 2013, 09:17 PM) *

I'm on openSUSE Linux.

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213
http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148
http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100
And so-on


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 12:59 PM
Post #11


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(petzl @ Apr 8 2013, 01:03 PM) *

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213
http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148
http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100
And so-on


I use the "Junk" filtering facilities built into SeaMonkey (and Thunderbird). For instance I could create a filter (just as I would for any email filter) but with as action "Set Junk Status To" "Junk" (for a blacklist) or "Set Junk Status To" "Not Junk" (for a whitelist). But anyway most of those Chinese spam messages are already correctly filtered away to my Junk folder (inside SeaMonkey) with no particular intervention on my part, that's how "pathetic" they are, as Farelf said above. The few that aren't correctly detected I mark as Junk manually, thus teaching the Bayesian filters.

Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Apr 8 2013, 03:13 PM
Post #12


What Life?
Group Icon

Group: Membersph
Posts: 6331
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(A.J.Mechelynck @ Apr 7 2013, 10:06 PM) *
... Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!

Like your spirit, Tony!
QUOTE(A.J.Mechelynck @ Apr 9 2013, 01:59 AM) *
... Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think (IMG:style_emoticons/default/laugh.gif)


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 03:53 PM
Post #13


Advanced Member
***

Group: Membera
Posts: 198
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(Farelf @ Apr 8 2013, 09:13 PM) *

Like your spirit, Tony!
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think (IMG:style_emoticons/default/laugh.gif)

I used to report by forward-as-attachment, then a few years ago my ISP (who blocks any connection to an SMTP server other than its own ones) decided to blackhole any outgoing email with attached spam. I didn't like it at first, but now I've taken to the routine: I order my spam most-recent-first in my mailer's Junk folder, then, one by one, I "View source" on them (without opening them, of course) and paste that in the SC form — for those which are newer than my "average reporting time" (7 hours at the moment) by the time I get to them. Older ones I move to Trash without reporting. This way I still get time to do something else than reporting spam, and the most important ones (those likely to be "caught in the act") get reported in priority.

Yes, those "nomaster[at]devnull" reports puzzled me — how can someone send mail without a registered service provider? But as you said, they still get entered into the blocking lists, all the more so since there's nobody at the other end of the line to tell you that action has been taken; so, I report them just like the rest, no special treatment for or against.

spam as instrument of state policy — yes, it has turned up in the news a couple of times recently, about different (but always totalitarian) countries. Well, that's several floors above me, let's let the diplomats, secret services, and investigation journalists handle that as best they can, I'm not going to complain about things I can obviously do nothing about. As Marcus Aurelius said: “O Gods! Give me patience to endure what I cannot change, strength to change what I can and must, and wisdom to tell them apart from each other.”

This post has been edited by A.J.Mechelynck: Apr 8 2013, 04:04 PM


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 17th April 2014 - 10:39 AM