Jump to content


  • Content Count

  • Joined

  • Last visited

Posts posted by shmengie

  1. http://www.spamcop.net/sc?id=z772587994z11...aee40216c68f0dz

    Name: congress.su.dissemble.at.ibirxt.com


    Which translates to a bunch dsl/cable hosts, AFAICT.

    comcast, ameritech, comcast, rr and verizon.

    For some reason spamcop only identified the one ip address at rr (, according to the tracking url.

    This is the second spam that resolves to a web-addy like this.

    My guess is the latest generation of spam-bot infected computers are also webhosting... What a joke. Maybe I should be greatful my ip isn't in the list. :o


  2. That's just plain hateful. I hate the thought, but suspiction lies in your friend's computer being infested with some form of virus/trojan that reads browser input looking for stuff like credit card numbers and email addresses.

    I know it's a possibility, but would rather believe it isn't.

    The most likely other place for sniffing network traffic (IMO) is cable modem networks. I used to have a cable modem and could see all traffic in the node I was attached to. I never bothered to look for anything, but found it interesting to peek at what was going on.

    It wouldn't supprise me to learn that a virus strain has become sophisticated enough to do this sort of network sniffing.

    Another potential breech is wireless networking, but this has a much more limited potential audience of listeners, given the range of wireless. Wireless networks should not be un-encrypted. Encryption is no guarentee, but can make it difficult enough to deter the casual voyer.

  3. I think if an ISP's address's generate more than 50% spam vs. legatimate e-mail, their internet connection should be terminated. Let them pay their providers a re-subscription fees if they want to re-connect. If they hit the 50% mark again, down goes their connection.

    This will probably never happen, but it sure would provide them some extra incentive to act on the spam issue.

    Maybe the Internet 2 roll-out can stipulate this form of mandate. That might actually get ISP's to clean up their act in advance. <_<

  4. Wrote a message few months back about the whois record pointing to a contact a pointing to an previously used, now nonexistend domain. The responce I got was that the ip subnet was hijacked.

    It went from non-existent contact to another contact in Russia which bounced. I guess igor[at]hostelecom.ru.com didnt' like all the mail that flooded in with that whois record went live.

    I recieved a reply from APNIC the other day that they would contact the ISP and have the whois record updated :) Finally, no more bounces!!!

    Was a little happy to see today that spamcop reports are now reaching the isp too.

  5. Hi Laura-Lou,

    There is little to nothing you can do about this. The e-mail in question most likely does not originate from you or your SMTP server. If someone you know is accusing you, have them use spam cop, which will indicate to some degree the actual source of the e-mail. Although the origin may be from within the same isp, based on the odds, that is not the case.

    My guess is that someone who has you in their address book, is infected with a robot virus. That virus/robot may be pulling your e-mail address out of the hat, to be the originator of the spam.

    From the spammer's/virus author's point of view, it makes it *more* likely the spam will be read and possibly acted upon.

  6. I've been innundated with spam. I like the idea of reporting it all, but it's simply not possible for me to spend 2 hours every morning submitting to spamcop. I've also contacted my isp and requested that they implement SCBL. They've indicated intrest, but it doesn't appear that it's happened as yet.

    The past two weeks have been horrible for me, so I rewrote MailReport. It's a do-it-urself spam reporting tool. I've tweeked it to do better whois lookups, though that still needs a little more tweaking, and cut down on the number of clicks required to send spam reports.

    Of course, over the day and a half it took me to re-write this program, about 140 spams built up in my Junk box. I managed to report them all in about 50 min, upon completing the first draft of the re-write.

    I still report spam to spamcop when I'm not innundated, but if I could forward reports to spamcop in my little proggie, I'd be very happy to. I've thought about automating that, but understand it's against the rules, so I haven't even considered it.

    However, if I could get some ppl here to check this program out, and offer advice, I'd be pleased to make corrections and additions given time.

    I intend to turn it into an open source project hosted by SourceForge.net if they'll accept it. Although I don't know if it's a good idea to place this tool in the hands of the general public. Which is *another reason* I raise the offer here.

    If you've got python experience, I might send the source. However, I have a windows installable version. I use PostgreSQL to store reporting information. Although I've not tested it w/out stuff a database full of spam, it should work w/out PostgreSQL.

    In ether case, the database tables will probably be changing sometime in the future, and you'll have to install postgres and run a few scripts to get that setup, should you wish to use that feature.

    Let me know if you are interested.


  7. Still trying to adjust to their 'new' layout ... call me old-fashioned, but I saw nothing wrong with the old (basically) text-only format ...


    I liked their old format too. But it's seems easier to find some things now.

  8. I would report the website to the ISP whom hosts the website.

    Don't expect much action taken, but you might at least help the spammer move to the their next ISP victem.

    The vampire effect is the another course of action, but that's not necissairly a good idea.

  9. ... Since reporting spam to (most) overseas server operators is pointless (few will do anything about it), there is no net loss and such spam as I do report is more likely to be acted on. ...


    I recieve spam more rarely from the same ip address across the pond than here in the US.

    Comcast customers are the most frequent repeat offenders.

    Maybe Asian ISPs have more "dynamic" ip addresses???

    Websites hosted in china seem to be the least likely to be terminated tho. :(

  10. I wouldn't report those messages, other than striking up a conversation with the person who's bounced the message to you.

    Someone who has you in their address book is infected with a virus. The only way I know to resolve this type of issue is to write the isp of the origniating infected message.

    Bounces too often have any/all useful information removed from the original e-mail. Appearently the author of the anti-virus wares chooses to blame the named "originator" instead of pinpointing the actual originating address as the culprit.

    If you recieve an infected e-mail, you need to report to the isp where the infection originated, unless you can guess who might be the infected party. In that case contact them directly and point them to some of the free tools or have their anti-virus wares updated.

    ISP's will shut off infected computers connections, so if it's a friend of yours it would be nice of you to contact them first. But you're stuck guessing, because ip address often don't provide very difinative identification.

    Now it seems strange to me that a virus would send mail under your e-mail address, yet never send e-mail to you. So if you've recieved infected messages with somone elses address (would would make sense), it may be coming from the same infected computer, trying to entice you into clicking on the infection. Report these!

    If you don't recieve viri in the mail, encourage the bounce originators to report the infected mail.

    If the viri continue to spread, we'll never see an end of the spam. So far, they propogate better than rabbits.

    80 percent (if not more) of all spam is relayed thru zombies this viri creates.

    I've taken it upon myself to report all viri I recieve to the originating ISP. After living with a years worth of viri in the mail, after a couple of months reporting (LOL?) it's completely ceased.

  11. I've noticed a notable increase in spam over the past few days.

    This year I've reported spam 110 days

    Averaging 48.05 reports a day.

    58 | 2005-04-15 | Fri

    52 | 2005-04-16 | Sat

    48 | 2005-04-17 | Sun

    43 | 2005-04-18 | Mon

    64 | 2005-04-19 | Tue

    57 | 2005-04-20 | Wed

    67 | 2005-04-21 | Thu

    77 | 2005-04-22 | Fri

    Argh... 3.6 hours to go before that 77 stops climbing :(

    Mostly stock spams... Funny thing tho, seems none of the pill popping spams resolve to actual websites anymore.

    I have noticed an increase in the $make$ money at home scams.

  12. I don't intentionally use spamcop to report that type of spam.

    40-50 spams a day makes shmengie a persistent reporting machine.

    Sometimes get too carried away and send out a report on an associate of mine. Hate when I do that, because I then must report myself as being bad. I really wish the spam would end or be the exception rather than the norm.

    I once reported one of Hanaro's replies, to my reports, as a spam to hanaro. They quit accepting my reports for a while after that :o

    One e-mail acoc**t is hurrendously spammed. Cannot alter the server configuration, to use a blacklist :( I could forgo using that account, but I've used it with soo many contacts, I haven't considered that a viable option.

    Because I recieve so much spam daily, I've found it difficult to use spamcop with out spending a large portion of my day. For this reason, I wrote a program which allows me to report directly to the Originating ISP of the spam... I even extended it to parse the spams and write a note to the web site ISPs referenced in the spam. This is the tool I use to report the psuedo spams. AFAIK no blacklists are involved in this method of reporting.

    After I dig my way out of the stack of spams that arrive overnight, I then start submitting spams to spamcop as well as using my reporting tool. Usually spamcop and my tool are in sync with whom to report spam. But they aren't always, so I find this is slightly more thorough means to report/handle spam.

    The amount of time lost in web-transit during spam reporting with spamcop is filled nicely by using my tool as well. Often the isp's recieve a couple of reports about the same spam, but none have raised an issue with me for this.

    Some day, I may make this reporting tool publically available as an open-source project. But... For now, it's too kludgey for me to feel comfortable with that.

    There are a few down sides too... I've recieved virus's in the mail from foriegn countries, where as that had not happened before using this tool. I suspect that I reported a spammer to himself, and he figured he'd fix my wagon and virus me. >:o

    The amount of spam recieved has neither diminished nor increased since I started reporting with this tool. All in all, it's kind-of a wash, but the quality and volume I report has increased, so I guess it's worth the effort. I feel better, which is all that matters (to me).

    A couple of days ago, I did recieve confirmation (personalized email) that a website operator who spammed me, was shut-down. That felt very good.

  13. FWIW: I've reported legatimate spam on purpose. I know it may not be what you want to hear, but its true. One company I manage e-mail for, when I person leaves the organization, their e-mail gets bounced to me. When those ppl sign up for news letters purposefully or not, I end up getting spammed.

    Unless the link for unsubscription is clearly visible in these cases, I consider this unwanted message no better than professional spam.

    Since I've recieved soo much spam in my life (4048 this year alone), that I took the time to write a program to report this unwanted by-product. However, spam-cop often does pull a few more addresses than my program, so I usually report via both spam-cop and my program.

    Since this doesn't guarentee I'll stop recieving this psudo "spam", I also take the time to find the unsubscribe link as well. I hate, having to do that.

    An explaination of why the person is recieving commercial e-mail should be first and an easy-out 1 click web link second, should be the can-spam policy, IMO.

  14. AOL indeed has broadband customers.  Their "AOL for Broadband" and "AOL Over Broadband" services are described here.


    AOL works over broadband. Which a convoluted issue. When you read the fine print, *other charges* and/or *other contracts* may apply. Althought it sounds like a lot of users continue to use AOL even tho they not the Broadband provider...

    AOL broadband customers are reported by spamcop as originating from their actual broadband provider, which really invalidates the comparision between AOL and Broadband providers.

  15. I've been submitting reports from Thunderbird source w/out incident.

    The "From" line is an antiquated standard used on unix systems, to separate mail messages in the mailbox. Since Mozilla runs on mutiple platforms (including Unix/Linux) I guess they chose that as the start of the mail.

    Crazyness: If you send a mail to yourself on (presumably any e-mailer) and have a blank line before a prior to a line that starts with the word "From", the e-mail will obfuscate the "from" so that it won't be recognised as a blanks line preceding the "From" keyword.

    Tho I haven't tracked it down, I think the e-mailer is responsible for mangeling the from, it could be the SMTP server that does this job.

    Other extra headers usually starting with "X" have no meaning, unless the e-mail reader is looking for them, and are quitely ignored.

  16. http://www.ece.arizona.edu/~edatools/etc/  I've used this chart in discussions on other forums, always with the caveat that this is a very small sample.  I would like to improve the chart with a better sample, maybe several hundred SpamCop reports, and maybe a better selection of "typical" domains to compare with AOL.


    I was curious, so I took a look. After reflection, I don't see the relavance. Does AOL still have Cable customers? I'm going under the assumption they don't, and in that event your comparing apples to oranges.

    I applaud AOL for their antivirus initiative, and suspect that may actually influence the numbers, but aside from that, dail-up and cable/dsl are two different beasts.

  17. I send maybe 10-20 to clients each day. Now I find that I can't send to some people because of this spamcop crap and I don't have any other way to contact them. I hope I don't lose any sales because of this sh**. :angry:


    Appearently one/some of your customers don't appreciate this feature... :blink:

  18. These "habitual offenders" are big ISP shops.

    The addresses you actually recieve the "spam" from usually are NOT repeat offenders.

    I've recieved about maybe 30 spams from duplicate IP addresses out of 3000+ spams. That's about 1 percent.

    If the ISP shops you referenced were blacklisted (all of their customers would have to be blacklisted) and (probably) some of your correspondents would may not be able to send mail to you.

    That would cause a serious communication breakdown for a lot of people.

  19. There's another issue... You knever know when someone you actually communicate with, will take the initiative to dress up their e-mail with html decorations.

    Although I have no appreciation for this, I do recieve a couple of dressed up e-mails a year I would perfer not to reject.

    I could tell these ppl to stop, but they spent extra time doing that sort of thing, in effort to make their mails look "good". I don't see anything good coming from griping about it.