Jump to content

orion

Members
  • Content Count

    11
  • Joined

  • Last visited

Everything posted by orion

  1. orion

    vronaholiday.com, what the F....

    An update on this "vronaholiday.com" jackass. After using the above domain name and "vallneedsbreaks.com", this jerk switched to "gazwinner.net", then came out from behind his virus/trojan infected host for a few days as "foolfingers.com" then "afunfakes.com" followed by "floppyfive.com". This spammer is now once again behind a virus/trojan infected host, spewing out random IP's, first as "stinkyfleet.com" and currently as "ineedu2nite.com" As well as the red graphics spams, once in a while I receive an out-and-out porno message, to procure prostitutes for me... all from this same source.
  2. 1st part: I have been receiving multiple daily spams from some porno jerk. There are usually nine links in his graphics message body. When I submit the spam to Spamcop, I will get a different IP & reporting ISP result each time I resubmit it. I get the same repeatable results when submitting a link (one line) only. It does not seem to make any difference whether I submit the complete link or cut it off after the domain name. Submitting this same link three consecutive times, produces three different results, pointing to three different IP's and ISP's. I get the same results with any of the nine links. 2nd part: If I take only the (xxxx.com) portion of the link and submit it to Geektools, I get the domain name and an email address of the person responsible for the site. If I then take this email address and submit it to SpamCop, I get a totally different IP & ISP from any of the previously reported results. What is going on?
  3. Thanks for the reply... It appears that I do not understand everything I thought I knew. I have not submitted a sample spam because the topic was adequately covered in the link that Steven Underwood referred me to in his reply to my original post. This "vronaholiday" was the same domain I was having problems with. I could not understand the erratic results I was receiving. My thought with the second part of the post, was that since we could not reliably obtain a valid source host for this spam (by using normal Spamcop), then maybe we could create a nuisance factor for these spammers by keeping them busy scrambling to register/find new domain names, (costing them $$$) if the registrar would keep "decommissioning" them... hoping it would cut down on the amount of time they have to put out spam. Pie in the sky? What I still do not understand is this: is this virus/trojan on their hosts also a problem for the spammers? I am not sure whether I can phrase this correctly, but here goes... in order for the spammer to remain hidden, his server must be putting out the wrong IP, but still feed his own downstream computer with a reply from his spamvertisement, if someone was stupid enough to reply to one of his links. Is this a close approximation? And finally, my last question... do we continue reporting these particular spams through Spamcop? I am sure that many users are still reporting these, unaware that the IP being reported is not valid. Eventually I can see these ISP's refusing Spamcop reports, after so many false submissions.
  4. orion

    vronaholiday.com, what the F....

    For those of you following this thread... I have just received a spamvertisement from "vallneedbreaks.com" ... this is the same sourcespammer (and same results when parsed) as "vronaholiday.com".
  5. You are right... this is exactly the same: http;//-----.vronaholiday.net/ I guess there is no point in reporting this spamvertisement, as Spamcop comes up with the wrong "abuse[at]" ISP. Or do we keep sending in the reports anyway, hoping that the affected "legit" ISP's can bring some power to bear? I had searched other forum subjects but didn't run across this one before I sent in my post. Regarding the second part of my post: I get an apparent valid domain name for "vronaholiday.com" and a registered person contact... are these valid? On other "similar conditions" URL's, the email address of the registered domain is usually a phoney "[at]yahoo" address, as is this one, but when submitted to Spamcop to trace, these addresses seem to come up with valid IP's & ISP's... consistently the same when resubmitted, unlike the others. Can we use this route to report the domain name or is this phoney as well?
  6. Since moving to the new version, I have not been able to report a single spam. Everyone I submit to Spamcop comes back with the following message: "Supposed receiving system not associated with any of your mailhosts." What exactly does this message mean? Secondly, even if the header information is false, the "reply to" address in the spam message body must be OK. Why is this not being reported?
  7. This problem began when I started the hostmail configuration. How do I undo this step, should we be unable to solve this current issue. As mentioned earlier, when I opened the mailhost configuration window, Spamcop already knew who I was, with all required info... all I did was confirm what Spamcop already knew.
  8. --------------------------------------------------------------------------------------------- By latest version, I meam "New System" as described in how to edit mailhost configuration. I only received one email from Spamcop and did all the required steps as outlined in that email... or so I thought! I normally keep these emails, but somehow this one was inadvertently deleted, but as I recall, it is identical to the information given in the Warning URL given above. I thought everything went like clocwork and all was normal until I found that I could not longer send spam reports as before (i.e. over the last two years) because of the "error" messages Spamcop was sending back to me. The following message is what I receive every time: ---------------------------------------------------------------------------------------------- No unique hostname found for source: (I deleted the IP) Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust anything beyond this header No source IP address found, cannot proceed. Add/edit your mailhost configuration Finding full email headers Submitting spam via email (may work better) Example: What spam headers should look like Nothing to do. ---------------------------------------------------------------------------------------------- I have forwarded emails to Spamcop, but I prefer to copy & paste. In either case, I get the same response.
  9. By "new version" I mean the latest, which requires mailhosts to be registered. The "other" version I used for the past two years did not have this requirement. I have read and followed every instruction regarding the registering of mailhosts. I see nothing else I can do. When I obtained the mailhost window, the various parameteres were already selected... all I did was OK them. It gives me two mailhost names, one host domain, one email address and two relaying/IP's. I'm using Outlook Express 6 and as far as I can tell, obtaining the decoded spam message is no different for this version than it was two weeks ago, when Spamcop was quite happy with the decoded spam under the (older) "other" version.
  10. I have been receiving UCE's from this one particular person for three months now, at the rate of 3 or 4 per day. Problem is that although I report these (at least 400 via SpamCop) there appears to be no suppression of this spammer. This person embeds approximately 50 links in the message body. I have been truncating the message in order for SpamCop to resolve and report the spamvertisement. Most of the links are of the author's fabrication and meaningless. Of those that can be resolved, all but one are harvested from ISP's lists of pending or renewal IP's. There is only one valid link in the whole message and this IP remains constant although the spammer frequently changes the link wording. This valid IP is a Brazilian (surprise?) ISP. Sending reports to "abuse, etc.," has no apparent affect and SpamCop refuses to bother "postmaster" at this ISP. Maybe it's time that SpamCop did bother "Postmaster"... as nothing is being done by the other contacts. I'm pasting a typical copy of this UCE message below: The only valid link is "....tealpage.com/..." (embratel.net.br and nic.br) ------------------------------------------------------------------------------------- <html><font size=3D2 face=3DVerdana><font style=3Dfont-size:1px color=3D#b= dbbbb> Order confi<elusive>rmation #3388211921 for xxxxxx[at]xxxx.xxx</font><br> <font style=3Dfont-size:1px color=3D#bdbbbb>vale <a href=3D"http://collet.= athwart.us"><font style=3Dfont-size:1px color=3D#bdbbbb>india</font></a> b= arren <a href=3D"http://colby.kellogg.co.uk"><font style=3Dfont-size:1px c= olor=3D#bdbbbb>addenda</font></a></font><br> <center>Page loa<bushwhack>ding...<br> <br><a href=3D"http://receptacle.tealpage.com/download1/gen0/index.html"> <img src=3D"http://receptacle.tealpage.com/download1/gen0/cd_st.gif" border=3D0></a><br> <font style=3Dfont-size:1px color=3D#bdbbbb>chiliexcitatorybuiltinmiller <= a href=3D"http://brigantine.wield.net"><font style=3Dfont-size:1px color=3D= #bdbbbb>interpolant</font></a> aztecmigrateallotropicidiomatic <a href=3D"= http://chasm.counterexample.org"><font style=3Dfont-size:1px color=3D#bdbb= bb>algol</font></a></font><br> <br> Still wasti<a href=3D"http://cassandra.destiny.net"></a>ng your ti</spatlu= m>me with Go<a href=3D"http://maurice.supernatant.us"></a>ogle sea</pyrotechnic>rche= s that go nowhere?<br> <font style=3Dfont-size:1px color=3D#bdbbbb>voltmeter hexagon tiger celia = calcium catchword hansel deviate console walkie pool strengthen taoist occ= ident dormitory regress mustang chili assay medal bend chalkboard dilution= excusable manipulable hush cumin judicature baseplate=20</font><br> <a href=3D"http://receptacle.tealpage.com/download1/gen0/index.html">C~L~<= /electroencephalograph>|~C~K<font style=3Dfont-size:1px color=3D#bdbbbb>gl= ans</font>H~E~R~E</a> for ac</divisor>cess to mi<chiropractor>llions of pr<viewpoint>ivate, sen<tweeze>sitive <vigorous>online re</krishna>cords,<br> on people and<font style=3Dfont-size:1px color=3D#bdbbbb>aegean</font>bus<= dauphin>ines</longitudinal>ses,<font style=3Dfont-size:1px color=3D#bdbbbb= >andersen</font>that you'd NE<dilution>VER find with Goo<a href=3D"http://macro.delmarva.org"><= /a>gle... <a href=3D"http://receptacle.tealpage.com/download1/gen0/index.html">GO<fo= nt style=3Dfont-size:1px color=3D#bdbbbb>mans</font>NOW!</a><br> <br> <a href=3D"http://receptacle.tealpage.com/download1/gen0/remo.html">Tak<an= imosity> me 0F</sax>F this L|ST!</a><br> <br><small> You are view<a href=3D"http://comprehensible.commissary.info"></a>ing this= mess<a href=3D"http://morgue.codomain.us"></a>age in accor<a href=3D"http://acknowledgeable.range.info"></a>dance with our <a href=3D"http://receptacle.tealpage.com/download1/gen0/priv.html">pri</c= onjunct>vacy po<discriminable>licy.</a><br> <font style=3Dfont-size:1px color=3D#bdbbbb>muellereuclidbirthtruancy <a h= ref=3D"http://violent.dagger.net"><font style=3Dfont-size:1px color=3D#bdb= bbb>frenzy</font></a> adenomacirce <a href=3D"http://inspiration.imprudent= com"><font style=3Dfont-size:1px color=3D#bdbbbb>phosgene</font></a></fon= t><br> In compli<a href=3D"http://custody.sumptuous.org"></a>ance wi<intrusive>th= feder<a href=3D"http://sorghum.practise.org"></a>al law, you may<font style=3Dfont-size:1px color=3D#bdbbbb>ebb</font>end furt= her<font style=3Dfont-size:1px color=3D#bdbbbb>aldrin</font>pro-<a href=3D= "http://walden.manfred.co.uk"></a>motions<br> <font style=3Dfont-size:1px color=3D#bdbbbb>victual <a href=3D"http://cori= nthian.crabapple.com"><font style=3Dfont-size:1px color=3D#bdbbbb>colombia= </font></a> rockawayfrigidairealp <a href=3D"http://debugger.profuse.com">= <font style=3Dfont-size:1px color=3D#bdbbbb>quintessence</font></a></font>= <br> of this pro<a href=3D"http://barbaric.draco.net"></a>duct to your e<a href= =3D"http://housework.transpire.info"></a>-mail ad<a href=3D"http://inter.palindromic.net"></a>dress with the above<font style=3Dfont-size:1px color=3D#bdbbbb>ventricle</font>link or w= rite us at:<br> <font style=3Dfont-size:1px color=3D#bdbbbb>caucasusexpirationoffset <a hr= ef=3D"http://ammonia.butyric.com"><font style=3Dfont-size:1px color=3D#bdb= bbb>hippopotamus</font></a> dictate <a href=3D"http://pillsbury.precursor.= com"><font style=3Dfont-size:1px color=3D#bdbbbb>alumnae</font></a></font>= <br> <br> tealpage.com,<font style=3Dfont-size:1px color=3D#bdbbbb>machiavelli</font= >CX <a href=3D"http://jensen.gangplank.info"></a>Postal 21<a href=3D"http:= //dido.harmonic.net"></a>70<a href=3D"http://ellipsometer.damp.info"></a>0= <br> <font style=3Dfont-size:1px color=3D#bdbbbb>messhorsewomengarbk <a href=3D= "http://sweetish.muse.net"><font style=3Dfont-size:1px color=3D#bdbbbb>bom= bastic</font></a> departureineradicable <a href=3D"http://thorny.aluminate= net"><font style=3Dfont-size:1px color=3D#bdbbbb>prefatory</font></a></fo= nt><br> Fl<a href=3D"http://colicky.osmosis.org"></a>orianop<a href=3D"http://amat= eurish.aphid.com"></a>olis,<font style=3Dfont-size:1px color=3D#bdbbbb>hur= ray</font>88<a href=3D"http://aggressor.dean.net"></a>O58<font style=3Dfon= t-size:1px color=3D#bdbbbb>initiate</font>970, SC, Bra<a href=3D"http://lu= llaby.boredom.co.uk"></a>zil<br> <font style=3Dfont-size:1px color=3D#bdbbbb>scenesaccharinecashmere <a hre= f=3D"http://cairn.aid.com"><font style=3Dfont-size:1px color=3D#bdbbbb>age= nda</font></a> chromosomeconnecticutosseous <a href=3D"http://autosuggesti= ble.draftsman.org"><font style=3Dfont-size:1px color=3D#bdbbbb>alumnae</fo= nt></a></font><br> <br></small><br> Sun, 31 Oct 2004 17:54:11 -0400 =20 =A0 =20 2[at]6 <br> <font style=3Dfont-size:1px color=3D#bdbbbb>afiresidewallperfectible <a hr= ef=3D"http://lunar.alexandre.co.uk"><font style=3Dfont-size:1px color=3D#b= dbbbb>anchorage</font></a> tomlinsondorchesterneurophysiologycosmic <a hre= f=3D"http://egotist.glossed.co.uk"><font style=3Dfont-size:1px color=3D#bd= bbbb>nuclear</font></a></font><br> <font style=3Dfont-size:1px color=3D#bdbbbb>ethancross <a href=3D"http://c= aramel.stand.us"><font style=3Dfont-size:1px color=3D#bdbbbb>inheritor</fo= nt></a> pursefinchdismissalcirculatory <a href=3D"http://burro.zone.net"><= font style=3Dfont-size:1px color=3D#bdbbbb>percussion</font></a></font><br= > <font style=3Dfont-size:1px color=3D#bdbbbb>wasteful <a href=3D"http://var= istor.cancelled.com"><font style=3Dfont-size:1px color=3D#bdbbbb>seafare</= font></a> giggle <a href=3D"http://noel.failsafe.co.uk"><font style=3Dfont= -size:1px color=3D#bdbbbb>litmus</font></a></font><br> <font style=3Dfont-size:1px color=3D#bdbbbb>propitiatehypotenuse <a href=3D= "http://endogamy.anabel.co.uk"><font style=3Dfont-size:1px color=3D#bdbbbb= >commissariat</font></a> stoogetigressavionicirresistible <a href=3D"http:= //pilgrim.crankshaft.info"><font style=3Dfont-size:1px color=3D#bdbbbb>lew= is</font></a></font><br> </font> ----4652136435726334--
×