Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by karlisma

  1. It doubles the work to be done, like for me, as a volunteer. Besides: Get things right and push those two out of the market.
  2. Ah, Your answer does not encourage at all. It is sooooo bad. While i think, that reporting here does good to all others except for me (because I already got that spam in my box). But to the question - it has always been said that the philosophy of spamcop is to report just the sender, and i have had my time reading this philosophy. None the less - philosophy still keeps link parser alive, then - why not make it better? It is not the question that parser cannot pick those links, it obviously can. It just cannot adjust to "web 2.0" which is already 5-10 years old, the web that allows take domain names in any other alphabet there is in the world. Let's say as i see it parser has hard times translating addresses like http://www.адреÑÑ.рф to language that is understandable to all parsers. (it translates into http://xn--80aid7bga.xn--p1ai or to the http://xn--80aid7bga.рф because .рф is accepted domain under this protocol http://www.icann.org/en/resources/idn). And - why not make the damn thing here better, cooler and more usable, living according to times that are changing.... i.e. being progressive?
  3. Yes, I think it is a problem. The same spammer who is bugging me once in a while uses bit.ly links, if he has small budget client, who is not into byuing koi-8 domain name. Manual reporting to bit.ly stops those messages immediately. So I think, "it would be great" if spamcop picked up all sites and reported them. The thing is those are not unreal/fake/unresolvable addresses. I'v tried them all. Today's stats - 35 unpicked sites with both of answers ("no links found" if no www follows hhtp://; and "cannot resolve http://www. if http:// is followed by those magic letters of WorldWideWeb)
  4. Just some experience of submitting spam to spamcop and waiting whether spamcop will parse message body fro links or no: SpamCop's parser does not pick up links encoded and written in koi-8, although I found forum topic marked [resolved] for that. My human memory tells me that link with koi-8 characters was parsed correctly 2 times in 100 messages. When not parsing answers are (Parsing text part, no links found) if there's no http://www. at the beginning, http://аптека-онлаин.рф or (www is not a routeable IP address Cannot resolve http://www/) for links that have www at beginning http://www.мода-на-футболки.рф You would say - there's philosophy of not finding spamvertised sites abuse addresses and reporting, but... it ain't so. This particular spammer was using bit.ly system to hide spamvertised site from parser - took time to report the link manually [at]bit.ly spam with those particular links stopped right then. Now he is using links like http://www.мода-на-футболки.рф which are not picked up 99% of time.
  5. http://www.spamcop.net/sc?id=z2313046828z7...9493a5e7dbcd67z Internal spamcop handling: (level3) what does this mean? (searched, could not find the answer) and - Yum - that spam is fresh! all the time? c'mon.
  6. karlisma

    Internal spamcop handling: (level3)

    These reporting addresses on those IP Blocks appear since I am reporting spam . More less - every two days (of course, you can say i have dejavu). You can say they are not worst, though - they have a long lasting continuity. Clueless owner with so wide address blocks? Turkish Telecommunications? C' mon.
  7. karlisma

    Internal spamcop handling: (level3)

    Yes, that's more like this, Betsy. Though Wazoo (looks to me) is appealing to ISP innocence. I would not say so just looking at this: http://www.senderbase.org/senderbase_queri....110.165.0%2F24 every single address... every. Same with 88.240.x.x etc. who are those turks? Russian spammers.
  8. karlisma

    Internal spamcop handling: (level3)

    Oh, thank You, Miss Betsy. (i adore your patience). I understand about level3 and it's universe-like behavior. In my report, i hope everybody could see those other addresses like kayit[at]turkline, iletisim[at]turktelekom. Which are very repetitive. Every single day. And the question to explain is more like... Why they have special treatment at spamcop, and why they spit and spit?
  9. karlisma

    Internal spamcop handling: (level3)

    Aha, that great talk about what each single word means. Thank You for being so patient explaining this. Can anybody stitch this all together? The spam from that block of ips is frequent and fresh almost all the time, it even has some internal handling... though it spits and spits. As it looks from here: ISP doesn' t care. That was why i even tried to ask. and I know this ISP... is instructive... say what?
  10. karlisma

    Spammer Secre Society

    http://www.spamcop.net/sc?id=z1332464584zf...a49e3fe36d4bfbz evil's dozen
  11. karlisma

    Spammer Secre Society

    give me a favour - do so, I am not so keen
  12. http://www.spamcop.net/sc?id=z1268887032zf...1d38e28ea80849z http://www.spamcop.net/sc?id=z1268887034z3...df0543b4c1bae1z imageshack.us doesn't parse... why? is it because it is allowed to link messages to here from imageshack? or? [irony on] spamer thinks that he has found a new way to send spam messages, thinking (maybe) that i use mail client which automatically opens http content... or does he think i will ever click on that link? And: how many messages have to be sent so that it works out (makes revenue)? [irony off]
  13. karlisma

    new way to send pump and dump or...

    aha, that' s why it doesn't parse... i see. sorry, was looking to but serach wound up with different links at imageshack used here to illustrate something the poster had in mind. is hosting such spam messages allowed on imageshack? Don't they really wanna know, which smartass is wasting their bandwidth ignoring original purpose of their service?
  14. karlisma

    Badly formatted spam

    that's just paylod text from some book, to fool filters. Transliteration used mainly for those who carry "non russian characters set containig/supporting" computers around the world. So they can read some book...
  15. http://www.spamcop.net/sc?id=z1264906611zd...0e1b69bab45747z attached to this message was file with no extension named "0" and containing trojan Exploit-MS01-034
  16. karlisma

    Hello, I'm a Mac

    geez, Merlyn.... it's A MICROSOFT MESSENGER.
  17. karlisma

    Hello, I'm a Mac

    look, who's talking. Norton security software by itself is a complete disaster... And I have not seen Mac as being part of botnet, wormsender or hijeked-by-native browser. probably you need to consult your doctor, if commercial REALLY can annoy you. Go, feed ducks in the park, for a change.
  18. karlisma

    Can't find a reported spammer IP

    how and where do you try to find tpnet.pl? with internet browser - it redirects to tp.pl (which is right) and this works fine too: http://www.spamcop.net/sc?track=http%3A%2F%2Fwww.tpnet.pl
  19. karlisma

    Spammers are human, they make mistakes ;)

    maybe that's because of 48 hours "spam validity" time at this service? Maybe they are flooding on Friday-Saturday night, 'couse they know that I will do my reporting on Monday?
  20. karlisma

    spam: how it's made

    Received: from x (x [REA.LIP.ADD.RES]) by my.mail.server (8.11.6/8.11.6) with ESMTP id WQRTETQRT for <x>; Fri, 23 Feb 2007 20:26:09 +0200 (EET) Received: from x (x [SOU.RCE.ADD.RES] (may be forged)) by x (8.13.6/8.13.6) with ESMTP id WQRTETQRT for <x>; Fri, 23 Feb 2007 21:12:08 +0300 (EET) Date: Fri, 23 Feb 2007 21:12:06 +0300 (EET) and then the best part: Received: from 192.168.0.%RND_DIGIT (x-%DIGSTAT2-%STATDIG.%RND_FROM_DOMAIN [203.219.%DIGSTAT2.%STATDIG]) by mail%SINGSTAT.%RND_FROM_DOMAIN (envelope-from %FROM_EMAIL) (8.13.6/8.13.6) with SMTP id %STATWORD for <%TO_EMAIL>; %CURRENT_DATE_TIME Message-Id: <%RND________________WORD[at]mail%SINGSTAT.%RND_FROM_DOMAIN> From: "%FROM_NAME" <[at]FROM_EMAIL> X-SpamPal: PASS so - the only real header is the first... all others - fake just to make last line X-SpamPal: PASS. spamcop parser discards the second part, as it knows my mail hosts... other tools are being fooled by it. plain and simple, and - thus - spamcop may delete it from report (in my opinion) because that string: SINGSTAT, in second part of the code, will be my mail.mysubdomain.com, which never really exist, therefore reveling my identity. the headers are taken from message that somehow slipped out from zombie with empty form fields. All they do - fill forms.
  21. karlisma

    Replace "*" with "."

    Good day, http://www.22rx*com ( Important! Replace "*" with "." may there be adjustment in spamcop parser to replace that thing spamer has demanded? so it traces... it is quite common since last week.
  22. karlisma

    Split off from What should I do ??, Attack

    If "we" may interpret it that way, then it is not the right answer, is it? if "some reply" does any good, i can ask my grandma. If the user is first time poster, believe - he has hard time navigating overcrowded FAQ and pinned posts. It is hard for some users "been here" since 2004. no ANSWER, no post.
  23. karlisma

    Split off from What should I do ??, Attack

    See. It takes a long time for You, being a long time member/user of this forum and service. When a newbie posts, it is visible right under his nick, it's the first post. He is already mad that something isn't working as he expects. He, as a newbie, doesn't have the knowledge nor the skills to navigate in system where he has gotten, because he HAS NOT. Even You cannot find it right out the bat. What can he do? Wait for the answer, and most of the times he HAS THE PATIENCE to wait for USEFUL answer, not USELESS bitching ala: We can't find it either, go look Yourself, You incompetent and lousy bastard. So, as You write here: another poster will come along and give them a link (or an explanation) even if the first poster doesn't. Why post if YOU DO NOT HAVE THE ANSWER?
  24. karlisma

    Split off from What should I do ??, Attack

    aha... they get mad because they cannot find anything in that/this FAQ... then they turn here, by posting a question.... and - voila - 1st thing they get turned back to FAQ. Yes. Very helpful. As i noted, if You (poster) cannot give correct ANSWER (ANSWER is in Caps!) or point to that particular FAQ, not just the that page of different FAQs, then don't post. There is no time for You already, but still You manage it. Post useless blah blah... by bitching in mind: pheeeew... even i can't remember where that s#%t was. Thewre is Way TOO MUCH FAQS, Pinned THREADS... etc.
  25. karlisma

    Split off from What should I do ??, Attack

    [irony on] hmm, mey be not just pointing out that there IS A FAQ YOU HAVE TO READ. Probably correct link to that particular FAQ topic could be provided.... as FAQ part of SPAMCOP and this forum, look at it... just look at it... is so messy and so hard to navigate... because there is too much topics, too much pinned threads + there is that wiki... It makes a really hard time finding anything at all, not to mention the right place. Maybe FAQ about finding correct FAQ locations could be invented... or MAYBE - JUST SPRING CLEANING should be put on the list? Call this Bitching. [irony off] The procedure in this case maybe should be that "do not post at all" if You do not have an adequate ANSWER, or don't have the time to "guide" the newbie to CORRECT FAQ THREAD. "Bitching" by users marked "Admin" about FAQ being overcrowded-so-admin-cannot-find-in-few-clicks the correct FAQ thread is just ridiculous. sorry.