[Resolved] limestonenetworks.com problems 100 a day.

[john6528]

i'm getting over 100 spams a day from this site from various account names which change every 4 days or so.

I swear they know when I report then with spamcop. The amount goes down to 1 or 2 a day if I leave them alone. If I report through spamcop it jumps back up to over 100 again.

IS there some way they can recognize my address when I report through spamcop?

John

[Farelf]

There are all sorts of ways they could track individual report submissions (such as an identifying code in the message body or even the headers), if the spammer got a copy of the report, but why would they bother? "Retribution" is a bit old hat these days (it's mostly about high volumes and/or pyramids of "affiliates", no need/time for finesse). Still, "targeted" spam exists. SC staff keep an eye open for SC reports being used to "game" the system - mostly for the opposite reason, that is for spammers tracking complainers so they can remove them from their lists - AKA "listwashing".

This is a reporting question, moving this (and your other post on the same topic, which I will merge and "hide") to the reporting section for further consideration.

[Farelf]

Looking at limestonenetworks.com's AUP - https://www.limestonenetworks.com/about/acceptable-use-policy.html - it seems unusually blunt and robust. They are specifically adverse to having their IP addresses on RBLs, such as the SCbl. I'm guessing they're no strangers to having their facilities abused. Started life providing gaming servers, so I suppose that's so. More lately they moved to cloud hosting which has its challenges too.

You might find the network is prepared to work with you to overcome this? They may be even more a victim in all of this than yourself. It could hardly make things worse to try them, if SC can't help - but the routing of SC reports is certainly a factor to be considered, given the behaviours you suspect, also any subsequent dispersal of the reports by the network - though only they would know that part.

Or, given they have their own abuse reporting process (online form) they may ignore other sources, particularly if AUP enforcement is potentially involved - but any increases in abuse following SC reports would be a contrary indication for that.

Don't give up. Maybe a source IP address or two from that abuse would assist any "here" with an interest in progressing further investigation.

[john6528]

It has finally stopped about two days ago. The only thing I did was add a statement to the normal spamcop delivery saying "I'm getting over 100 messages a day from these people. Please make it stop." I think I did that two or three times.

Seems just using spamcop worked this time but it took awhile. Thanks again for the service spamcop prevides.

John

[Farelf]

Good news, thanks for the feedback. Maybe someone at the sending end wised up, maybe that run just finished. Marking resolved.

[john6528]

It started again. Limestone again but different sender email. I went through the same procedure and it stopped again after couple days.

John

[Farelf]

Sounds like it could be a spambot (or two) and your address(es) are on one or two "lists" - or not, spambot operations don't necessarily depend on a high proportion of functional target addresses which is part of their menace to the internet, the sheer waste of resource. Just guessing, based on behaviour and probability in the absence of any disclosure of IP addresses involved.

If, when you report, you notice in the parser results that the source IP address is flagged as being on the CBL, that is a good thing - it means the network has access to detailed information about the hacking of their resources (in addition to the very detailed information about specific breakout instances provided through SC reports to them). A potent combination. It might not seem so at the time but it HAS to be doing some good - if the network is actually trying to (re)assert control. If the network is (largely) successful in getting them out, they will move to other hosts. Depressing but it seems to be a cycle we have to endure.

Or, it could be part of some out of control "campaign". That would be theoretically easier to address (since the perpetrators are not hidden criminals, merely obscure). An account (free) with SenderScore.org and the lookup tool and information available there might help put a spotlight on them.