Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by paul101

  1. Hey Suzer... Your post helped me smile after a long day on planet hell. Yeah, the good old days... when spam pretty much just peddled harmless crap. I'm in contact with Webmasters.com about this issue and will post any useful information at this thread. Meanwhile, you can view a related page here. best - paul
  2. Hope the following is useful regarding "pump and dump" stock spam. We've routinely sent a copy of related reports to the enforcement at sec dot gov address for a few years now and they appear to go through the system without any trouble. What happens once they reach the S.E.C. will probably never be known... perhaps they're just trashed due to the stock spam avalanche, or perhaps the S.E.C. uses them for statistical analysis somehow. In any case, here's another tip. We recently wrote to the info address for Pinksheets.com, asking if they wanted a copy of such reports when the spamvertised company is listed with their exchange. Our original email to them said we'd be pleased to send copies of such reports, but only if they were useful and wanted. We also explained that the copies would arrive directly from Spamcop (not from our "real" email address) and to let us know if such automated reports were no longer wanted. We received a polite and personally addressed reply a few days later saying, yes, please send copies of such reports. The representative who wrote said he was grateful that we were willing to take the time to help fight this scourge. So... if the stock spam you receive involves a company with a ".PK" ticker symbol, they welcome your reports. Send copies to info at pinksheets dot com. Some examples: WBRS.PK (Wild Brush Energy) LITL.PK (L International Computers, Inc.) If the company is dually listed with Pinksheets and the OTCBB, Pinksheets still wants a copy of the report. Example: ADYN.OB (AlgoDyne Ethanol Energy Corp.) If the spam doesn't include a complete ticker symbol (example of only four letters: WBRS) -- and you feel like taking the time to do a little research -- a Google search for something like "WBRS stock spam" will usually help you find the complete stock ticker symbol (WBRS.PK). Since Pinksheets is interested in receiving copies of such reports, try not to burden them with complaints about companies not listed with their exchange. Again, hope this is helpful. I'll try to answer any questions. We recently found an interesting site where you can look up stock tickers and vote on the volume of spam you receive regarding spamvertised companies: spam Stock Report.
  3. Thanks, Steven... I'll send all relevant info along to Webmasters.com tech support with a link to this thread. They'll probably refer me back to SpamCop or Comcast in a never-ending Catch-22 loop from planet hell. Meanwhile, a few jerkoff spam gangs continue to highjack the 'net, rendering it worse than useless for the rest of us. Argh. What a world.
  4. I appreciate Don's SpamCopAdmin post saying that the engineers are looking at this problem. It would be great to hear updates or news with regard to any progress. I carefully read through this entire thread. I'm in the same boat with dhanna in many ways... I simply don't have time to devote to this issue (and in my case, lack the technical know-how to do so). I report as much spam as my frazzled life allows, delete the rest, and move on to making a living. No time to fiddle with missing semicolons, etc., or risk altering the original headers. Like most SC users, my determination to help SC fight spam is a volunteer effort. While I'm happy to do what I can to help, I simply must use my time for billable work. I won't be able to report any spam at all if I can't pay my bills... I'll end up living on the street, mumbling and babbling about the death of the Internet and asking for spare change - heh. An increasing volume of my spam reports bang in to the same "This email contains no date" wall. It's disturbing and frustrating to take the time to file a report only to find the effort apparently wasted. I'm sure the engineers can appreciate this. Here's hoping they can solve the "no date" problem. Here's hoping that the following is useful... 1) Received a typical "pump-n-dump" stock spam this morning (one of over 50) containing text salad and an embedded GIF. It arrived in our "real" inbox, not our SpamCop account held mail folder, defeating all filters we have in place. Our ISP is Comcast and our mail goes to a POP account via our web hosting and mail service, Webmasters.com. 2) Opened the spam with Eudora the usual way to reveal full headers. Forwarded the spam to our regular SC reporting address. 3) Received the normal "[spamCop] has accepted 1 email for processing" message, enabled cookies, and followed the link to the tracking URL: http://www.spamcop.net/sc?id=z1211407019zc...231530bf4d7293z 4) Briefly considered making a double vodka martini but quit my browser and started doing billable work instead. If I can provide any other info the engineers need to dig through this, I'll be happy to do so. If it makes any sense to do so, I'll take the time to write directly to the SC deputies address with additional details and a copy of the original spam exactly as I received it. Thanks and good luck. - Paul
  5. paul101

    PinkSheets Interested in Pump 'n Dump Spam

    Thanks, Lking. At the risk of going off-topic, I'd like to expand on my original post. If everybody takes the time to fight spam, maybe we can still kill it and reclaim the net. Maybe. Probably not. AlgoDyne Ethonol Energy Inc. (ADYN.OB): A stock spam detective story Like most everybody on planet Earth with an email address, I've received hundreds of spam messages touting a company called AlgoDyne Ethonol Energy Inc. (ADYN.OB). Variations of the spam typically say things like, "Alternative energy is a Red Hot sector right now and ADYN is a pioneer! Check the news and you will see that at this very moment they are in negotiations with major Asian investors. They are also in negotiations for partnerships for development of their amazing technology." More stock spam from planet hell Amazing technology? More like an amazing ripoff. Anyone gullible enough to invest in spamvertized stocks deserves to lose every penny of their investment. Everyone with a brain in their head sees through this endless avalanche of stock spam pump and dump scams. Let's do some detective work. Let's dig a little deeper. Let's ignore the general spam avalanche for a moment and focus on a company called "AlgoDyne Ethonol Energy Inc." Let's pretend that a company associated with stock spam actually offers something worthy of our trust. Let's pretend that this company is merely the victim of third party money-grubbing spammers... like those jerkoff Russian spam gangs and their global botnets. An unknown company that claims to honor alternate energy resources and misspells ethanol in its corporate name is immediately suspect. When I saw the words "Ethonol Energy Inc." in the spam, I laughed out loud. Ethanol is spelled e-t-h-A-n-o-l. If you're gonna rip off investors, learn how to spell your core product. ADYN.OB is the subject of a massive illegal stock spam campaign which includes image-based spam designed to foil spam filters, "normal" text-based spam and related blog comment spam. All spam associated with this firm is in clear violation of several US federal laws. As if that wasn't bad enough, nothing about this company adds up. Anyone gullible enough to invest in this firm deserves to lose every penny of their investment... and that's exactly what I suspect will happen. According to official S.E.C. documents, this company was previously named "Eagle Ridge Ventures, Inc." and is supposedly in the business of buying and selling "reclaimed textiles throughout North America." Finding their website requires some determination. Their website appears to be http://freshlypressedinc.com. The site makes no mention of the name change - and despite various "news" articles and "press releases" floating around the 'net referring to unnamed "Asian Investors" - says nothing about being involved with alternative energy in any manner. If these jerks even have a company, they just sell old clothes. When I telephoned the firm to ask for a comment about the spam campaign, their voicemail box was full and was not accepting new messages. When I used a WhoIs server to find a registrant email address for their website, messages sent to the "private registration" address bounced with a typical "mailbox full" error. ----- Registrant: Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States Registered through: GoDaddy.com, Inc. (http://www.godaddy.com) Domain Name: FRESHLYPRESSEDINC.COM Created on: 14-Dec-04 Expires on: 14-Dec-07 Last Updated on: 14-Dec-06 Administrative Contact: Private, Registration FRESHLYPRESSEDINC.COM[at]domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Technical Contact: Private, Registration FRESHLYPRESSEDINC.COM[at]domainsbyproxy.com Domains by Proxy, Inc. DomainsByProxy.com 15111 N. Hayden Rd., Ste 160, PMB 353 Scottsdale, Arizona 85260 United States (480) 624-2599 Domain servers in listed order: WSC1.JOMAX.NET WSC2.JOMAX.NET If you can't contact them, and their misnamed corporate website has nothing to do with the spam campaign claims, how can you possibly trust them with your money? How can you think that they're merely the victim of some unknown third party stock spam scumbag? Their business address is listed in the state of Washington, but the firm is incorporated in Las Vegas, Nevada. Right. Las Vegas is known the world over as a shining example of corporate ethics. Not. Nothing here adds up... and I wouldn't trust the firm as far as I could toss an old textile reclaimed shirt. Visit the sec.gov website and search for the name Greg McAdam for more info about this scam. Address: 301 West Holly Street, D-15, Bellingham, WA 98225 USA. Phone: 360.820.2620. Primary State of Incorporation: Nevada. Officers: Greg McAdam, President/Secretary/Treasurer/Dir. SIC Number: 5131. Fiscal Year End: 08-31. Industry: Retail. CIK: 1346848. I've reported all spam received regarding this firm to the S.E.C. and Pinksheets.com. Beware, investors, beware. This firm is clearly a typical example of Capitalism run amok in our fabulous new spam driven digital world. Greed rules and no one will stop it.
  6. Greetings: If this is covered elsewhere or is in the wrong forum, please point me to a relevant thread. Couldn't find anything on a quick search. I handle mail and spam issues for my employer (or try to). Here's what's going on... an awful lot of illegal "pump and dump" investment spam is slipping through SC filters and landing in our 'real' inbox. It's addressed to our SC address, then forwarded to our real address by the system. Our SC address was illegally harvested and is becoming increasingly polluted. This spew all follows the same general pattern: 1) It's coming from different (always changing) sources all over the planet, making it difficult to filter and blacklist. Even our local mail client (Eudora for Mac) doesn't recognize it as spam and can't just dump it in our Junk folder - so it must be dealt with by hand. Dozens of these a day eat up otherwise useful office time pretty quickly. 2) Subject line is a few words that constantly change, like "decade feels takes" and "he studies history". 3) Most of it arrives with an attachment (usually a GIF image of text peddling some bogus "investor alert" about some unknown company that's about to "explode" or reveal some "news" that will make it valuable - you know the drill). The GIFs are generally all identical images, but the file names constantly change - nonsense names like "jauugv.gif" and "taojrmew.gif" - again making it challenging to filter. The body contains a string of words and phrases carefully chosen to evade filters. Two questions: 1) Anyone have some tips / tricks for successfully filtering this sort of stuff - and is the team at SC working to beef up the filters and help prevent this type of spam sneaking through? 2) Based on the language in the "investor alert" I'd be willing to bet that the source is some money-grubbing jerk right here in the good ole USA, so I often Cc our SC reports to the Securities Exchange Commission anti-spam address (enforcement at sec dot gov). Hopefully, they monitor the junk and can use SC reports to help track down and prosecute the criminal(s) responsible. However, if I'm just wasting time and bandwidth, I won't bother... anyone have an opinion about that? See a typical sample here: Report ID 1960742949 Sorry if I'm being dense here, but I'm not really a programmer and know only the very basics for fighting off this sort of garbage. Thanks for your time and patience, Paul
  7. Thanks, turetzsr. That thread and Jeff G.'s earlier reply are interesting and useful. While the whole world waits for a solid filtering solution, art101.com has decided to kill all incoming mail containing any graphic files from untrusted senders (read: anybody we haven’t previously whitelisted). It'll all get flushed into a giant devnull black hole toilet. This is the best solution we can think of at the moment... and it’s unsatisfying on many levels. Simply refusing to receive this avalanche of sh*t won’t stop it. Spammers punch through to millions of gullible users every minute, stealing terabytes of bandwidth from networks all over the planet. We want to find these psychopaths and stop them. It really isn’t difficult... just pay attention and follow the money. Spammers are a tiny minority of the millions of decent people who use the net... and yet we allow them to wreck it for the rest of us. Why do we allow them to wreck the net for the rest of us? But the real shame here is how an amazing avenue of communication is being killed. The free flow of ideas and information is stifled and twisted and conned and scammed. Damn those politicians who wrote and signed that worse than useless ‘Can-spam’ act... and the corporate lobbyists who bought them. Historians (assuming our species can survive long enough to have a history) will marvel at our legislative idiocy. I love receiving email from strangers all over the world... artwork, songs, ideas, poems, news, lyrics, snapshots, stories... the surprising messy light that makes life worth living. And now, every day, we chop ourselves off at the knees... cuz a few money-grubbing jerks steal our time and bandwidth to peddle crap we didn’t ask for and do not want. Maybe humankind is still too stupid for the Internet. Maybe it’s just a tower of babel. Oops. Yikes. I’m so way off topic. Long day. Me go sleepy bye now. We finished up a long session here at the studio this weekend... you can hear the song here.
  8. Heh. Thanks for the backstory, Wazoo. Big grins here at art101.com while reading your reply. It's good to get a better picture of who you are and why you do what you do. Kudos for your time and care in the SC forums. We're working (among many other projects) the Sacramento Housing Alliance (helping people find affordable housing in a realty market dominated by racketeers who make an utterly stupid amount of money peddling bloated McMansions and bulldozer economics). Uh-oh... I'm drifting off-topic again. Sorry. Focus, Paul, focus! OK. I'm still trying to figure out how to track down and stop the money-grubbing jerk(s) responsible for this ongoing stock market 'pump and dump' spam assault. The SEC seems overwhelmed, utterly lame, and/or (at best) resigned and unaccountable. The FTC and our elected representatives are so clearly distracted by war, fear, payola and greed that they're completely paralyzed. Argh. Maybe SC admin and forum users could pool their reports and resources to stop this 'pump and dump' crap and discover who's behind it? Your pal, Paul
  9. Thanks, Farelf. Sorry for the reply delay. We're busy here making billable work during another hectic political campaign season. Despite the ongoing spam assault, we manage to get some work done. What a concept, huh? (grin) I can't help but wonder... if only our (money-grubbing, corrupt, corporate) congress had passed an anti-spam bill with real teeth, the Internet might still be useful, safe, sane, and productive. The Can-spam Act is so worse than useless that it's almost funny. Apparently, short term greed trumps a better world for everyone. Archaeologists will dig us up in a few thousand years and wonder why we screwed up the most important advance in human communication since the invention of the wheel. You're probably correct in assuming that most businesses will eventually block all email that contains a graphic file attachment. We're considering the same policy here at art101.com. How sad. We'll probably only allow graphic attachments from trusted, white-listed clients and friends. The brief and wonderful days of an open Internet were killed by corrupt politicians, nutbag marketers, and jerkoff spammers.
  10. Sorry, Wazoo. Honestly didn't intend to open up a new can of worms for you to deal with. You clearly have enough stuff on your plate and everyone appreciates the work you do ("what life?"). A little backstory: I thought about this issue often for weeks - and tried to carefully compose a useful post, follow the rules, and seek answers elsewhere before posting (including the pinned stuff and announcements). It didn't occur to me to poke around in the Lounge area, but I'll remember to check there in the future. I'm just not a lounge sort of guy. Based on the forum descriptions, I took my best shot when I finally decided to post. I tried search terms that seemed to make sense... investment, investor, words like that. I can't remember if I tried the word "stock" - and in retrospect, that's obviously an utterly stupid mistake. Live and learn. With all due respect, sometimes it feels a little like walking around on eggshells in here... that's why I hardly ever post and only do so when I'm genuinely exhausted. If it makes sense to "start all over" and port similar posts into this 'new' topic, I'm glad to have helped. If it's just more fiddle-faddle, by all means delete this thread. I'll leave it in your capable hands. I provided that report ID in the hope that it might be useful... I remember reading somewhere in the rules for posting that it might be useful and tried to oblige. Sorry to have included something so useless. I'll carefully scan the FAQ for future guidance. Got it that there's no "team at SC" ...I just sorta assumed that since SC hooked up with Iron Port, JT (and Julian, for that matter) had an actual staff for help dealing with the avalanche. I could write for hours about our account configurations, settings, mail hosts, all that stuff. It didn't seem relevant to the core issue... but if it's useful, I'm happy to post it. On a personal (and totally off-topic) note, when was the last time you took a vacation? When was the last time you curled your toes in some warm sand on a sunny beach somewhere? I sorta get the impression that you might find a break beneficial, so that's why I ask. Respectfully, Paul Thanks for the link, Jeff G. I skimmed it and will study it in detail later (it's late and time to turn off this silly box, go get dinner, and find out how my sweetie's day worked out).
  11. Thanks, Wazoo, your reply is much appreciated. Lots to ponder here and I'll work up a better reply tonight or tomorrow (hopefully, something that will be useful to other SpamCop users who find themselves in this situation). It's been a long day and I'm turning off this silly box for a while. - Paul
  12. Something odd cropped up this morning. We received 80 bounced message reports regarding messages we didn't send. At first I thought it was a standard joe-job or spoof... that some spammer was using our domain name in forged headers to try getting around spam filters. They all contain the same original message... all in Russian characters; since I don't read Russian, I have no idea what they say. I looked over the (original spam) headers and discovered the forged return address is our Spamcop.net address (not our domain mail server). I can post a few samples here if that would help. I'm on a deadline today, so it might not be 'until later. Almost all of them also involve a domain called artbairdpottery.com and relays from all over the world (mostly Australia). The wave has subsided somewhat in the last hour, so maybe the attack is dying out. I'm wondering if there's something that can be done on the Spamcop side to kill this stuff before it floods my inbox... or tips on how to blacklist it easily, without having to dig through each spam. I'm also wondering if I should take the time to forward them all to the reporting service -- or if that's just a waste of resources (your and ours). Thanks, Paul
  13. PS and update... the latest attack doeas not appear to be related to the original bounces I talked about in my original post. I'm posting here to continue this thread, rather than start a new one. I should have mentioned that earlier. Sorry. Really slammed with this issue today, plus we're trying to conduct business (read: have a life). I'll keep checking in here. I see Wazoo stopped by and a few other familiar user names. Note that if you call our phone number and you have caller ID disabled, we won't pick up. Please leave voicemail and we'll call back. - Paul Thanks, Don. Further, ever further. - Paul I just used 'Quick Reporting' to clear out our held mail folder. Thanks again, Don. My boss just told me his blood pressure went down a notch or two after reading your reply. (grin) - Paul
  14. The problem resurfaced this week and was especially bad today. 36 bounced message reports punched through to our 'real' pop email address, and 56 bounced message reports are currently sitting in our SpamCop held mail folder. Spammers are using our SpamCop address as the forged "from" address in their spew and we're receiving bounced mail reports from ISPs all over the planet. Any help from SpamCop admins would be greatly appreciated. Sorting through the 'real' spam and the bounced message reports is time consuming and frustrating. Obviously, we don't want to report the bounces as spam (got a warning from Don at SpamCop admin when we accidentally reported legit ISP reports). Questions: 1) Should we just delete the bounce reports in our held mail folder, or would a SpamCop admin like to look at them? If the latter, can a SpamCop admin look over our held mail folder directly? We'll be glad to supply whatever user info SpamCop might need. 2) Is there an address at SpamCop admin where we can forward them... in hopes that SpamCop can use them to refine the filters some how? Is there a contact phone number at SpamCop where we can discuss this in real time without the need for lots of back and forth emails or posts? That would save us all lots of time. 3) Changing our SpamCop address will be a real hassle. We've been using it for years and many clients, online accounts and acquaintances only know us through that address. Is there some way we can keep our current SpamCop address, or is it so polluted that we'll need to kill it and get a new one? I don't want to vent here, but my boss is livid...I'm frustrated and in over my head. The purpose of the SpamCop address was to reduce the amount of spam (or at least make it easier to manage). I hope some one at SpamCop can go to bat for us. I could really use some help. Thanks, Paul
  15. We're curious to know how long Spamcop archives its spam reports. How far back in time do reports remain in the system before they're tossed? After an extensive search of the Spamcop site, we're unable to locate info on this topic. If it's available somewhere, please excuse this post and point us to a page where that info is available. We're posting this because we may be able to take a notorious spammer to court. While we maintain extensive records of a serious spam attack on our domain in 2003, corroborative evidence on the Spamcop site could prove helpful. Thanks in advance for any tips or help.
  16. Thanks. Here are four typical example tracking URLs. We've only received one more in the past few hours, so maybe the spammer has moved on to greener pastures. We'll look over our settings and see what we can do. Please let us know if more samples would be useful. - Paul http://www.spamcop.net/sc?id=z918270274z40...b8e54ac32be1f2z http://www.spamcop.net/sc?id=z918271126z0d...9362520e49aa20z http://www.spamcop.net/sc?id=z918271828z6f...3d9deea6be482ez http://www.spamcop.net/sc?id=z918272956z73...b76079eee74cf4z
  17. Greetings: I'm not sure exactly where to post this, so I made my best guess. Please move this post to the correct forum if I goofed. This spam is interesting because it evaded both Spamcop filters and our own domain filters. Unlike the vast majority of spam sent to our Spamcop email address these days, this spam punched through to our real inbox. That's why I'm taking the time to alert Spamcop admins about it. I hope the following info is useful. Two copies of this spam arrived today, with a JPEG attachment referencing a website called colomby.net. Let us know if Spamcop needs additional info to help block these criminals. ----- Examine spam version 1 at: http://www.spamcop.net/sc?id=z901092431z42...9b829d727bb237z Examine spam version 2 at: http://www.spamcop.net/sc?id=z900915847z15...ce161ff9552bb5z ----- Here's some additional basic Whois info we collected regarding this spam: domain: colomby.net owner: Vladimir Mironov email: whois[at]rattlings.com address: Abonensky yashik 16 city: Moscow state: -- postal-code: 117525 country: RU phone: +7095.2349449 admin-c: whois[at]rattlings.com#1 tech-c: whois[at]rattlings.com#1 billing-c: whois[at]rattlings.com#1 nserver: ns1.unmnemonic.net nserver: ns2.unmnemonic.net status: lock created: 2006-03-10 14:23:12 UTC modified: 2006-03-14 14:06:24 UTC expires: 2007-03-10 09:19:43 UTC source: joker.com live whois service query-time: 0.020415 db-updated: 2006-03-19 17:28:21 ----- domain: unmnemonic.net owner: Vladimir Mironov email: whois[at]rattlings.com address: Abonensky yashik 16 city: Moscow state: -- postal-code: 117525 country: RU phone: +7095.2349449 admin-c: whois[at]rattlings.com#1 tech-c: whois[at]rattlings.com#1 billing-c: whois[at]rattlings.com#1 nserver: a.ns.joker.com nserver: b.ns.joker.com nserver: c.ns.joker.com status: lock created: 2006-03-10 14:23:03 UTC modified: 2006-03-14 14:02:28 UTC expires: 2007-03-10 09:19:35 UTC source: joker.com live whois service query-time: 0.016137 db-updated: 2006-03-19 17:30:13 ----- inetnum: - netname: CSL-194-176-0 descr: CSL Computer Service Langenbach GmbH descr: Hansaallee 191-193 descr: D-40549 Duesseldorf country: DE admin-c: CSL6-RIPE tech-c: CSL6-RIPE rev-srv: a.ns.joker.com rev-srv: b.ns.joker.com rev-srv: c.ns.joker.com status: ASSIGNED PA mnt-by: CSL-MNT source: RIPE # Filtered role: CSL Computer Service Langenbach GmbH address: Hansaallee 191-193 D-40549 Duesseldorf Germany e-mail: noc[at]nrw.net admin-c: JL1322-RIPE tech-c: UO86-RIPE nic-hdl: CSL6-RIPE remarks: *************************************************** remarks: * Please use abuse[at]nrw.net for reporting abuse... * remarks: *************************************************** source: RIPE # Filtered % Information related to '' route: descr: CSL origin: AS5517 mnt-by: CSL-MNT source: RIPE # Filtered
  18. paul101

    Spam evading Spamcop filters

    Thanks for the quick reply and info, petzl. I'll pass this along. We've never had much luck reporting spam to Joker. Joker seems to be more interested in profits than ethics. In any case, we'll save a copy of all relevant files for any agency that might find them useful.
  19. Couldn't find this elsewhere and this seems like the right place to ask. My boss opened our paid SpamCop email account several years ago. Probably in 2002, maybe earlier. That date is lost and we need to know when it was. How do I find it in the system? I don't see some sort of account management or history feature. Thanks for your time, Paul
  20. paul101

    Our account activation date

    Thanks, Andrew. He needs it for a media interview that includes a mention of how groovy SpamCop is for users who want to make a dent in stopping the avalanche. The reporter wanted to know how long he's been using SpamCop -- so I'll advise him to say something like, "Well, they've been around since '98 and I've been a member since around 2001." That should work, if somebody checks sources. There's backup data in a safety deposit box that includes the original email receipt, but we can't get to it this morning.
  21. paul101

    Our account activation date

    I followed that trail, but ended up on a thread about getting renewal notifications. That's not what I'm looking for - we just need to know the date when we first set up the account. Is there someplace that just tells us the date when we first established the account? You know, a "Member since May 20, 2000" sort of thing. I've looked, can't find it. Thanks again, Paul
  22. Greetings and happy new year. Hope this is the correct place to post this; searched the forums for "comcast" and couldn't find any directly related threads. I've taken over reporting duties for my employer and I'm still learning my way around. We currently get 'net connectivity through a Comcast account (although we're actively looking for another provider, since Comcast is consistently listed in Spamhaus.org "The 10 Worst spam Service ISPs" list - usually in the top 5, actually). Lately, we've seen a big increase in spam relayed through Comcast's network, most of it peddling pharmaceuticals. The spam invariably contains a link to various suspect sites (we never click the links, but it's always one of those typical "click here" inline text links). The spam comes from different forged addresses (or maybe highjacked machines) so building a filtering rule for it is difficult. This spam slips right through Comcast filters and our local mail software filters to arrive in the inbox of our main Comcast account address. We never use that address for regular correspondence, so all mail arriving there is usually spam. When we attempt to report it through Spamcop, the parser displays a message that says, "No source IP address found, cannot proceed." This happens when we simply forward the full header and spam to the address Spamcop provides us via our Spamcop account -- and also when we open the full headers and manually paste everything into the Spamcop web reporting form. The vast majority of our spam reports work fine... just these blasted Comcast spams return that result. Anyone know a workaround? Any tips for reporting this sort of Comcast spam? Forwarding the spam directly to 'abuse at comcast.net' results in an annoying auto-ack that basically says "we didn't do it and won't take any action." Often, there's no response from Comcast at all. Calls to Comcast "customer care" only result in confusing and conflicting advice, but nothing remotely actionable. One support rep hinted that Comcast uses Brightmail filters and simply can't (read: won't) keep up with the deluge. Although I can't give you a Spamcop report link (since there's no report to reference), I'd be happy to paste a few sample headers here if that would help diagnose what's going on. Let me know if I can supply anything else that might be useful. Thanks in advance for any time and trouble. Paul
  23. Good job, Jeff... and I'm starting to understand how the Tracking URL thingie works. I just tried parsing another sample from today - http://www.spamcop.net/sc?id=z850549681z0b...2214252775a387z That returned the same "cannot proceed" message, so I didn't know how to file the report. I wonder if it's a Safari (Mac OSX browser) issue? I need to go have a life for a while (bet you know how that works - grin), but I'll check back here later. I'll try Firefox, too. Thanks again and here's to a spam-free '06. (well, we can dream, right?) Paul
  24. Thanks, Jeff. Sorry sorry to be dense; I'm not clear on which URL you're asking for. However, here are two sample headers from today -- exactly as they appear when I open full headers. I don't know if this will help, but please note that the "To:" field is addressed to an address we never heard of. Comcast previously said the spammer(s) is/are exploiting the "Cc:" or "Bcc" fields somehow. Sample header 1: Received: from dsl-KK- ([](misconfigured sender)) by rwcrmxc14.comcast.net (rwcrmxc14) with SMTP id <20060101204511r14002r3mfe>; Sun, 1 Jan 2006 20:48:47 +0000 X-Originating-IP: [] Message-Id: <4006203969.86138225331[at]boraxpaper.com> From: "Clay Ruffin" <plfrpofcjgdb[at]path1.net> To: "Shml1912" <plfrpofcjgdb[at]path1.net> Subject: impost flotilla Date: Sun, 01 Jan 2006 15:45:06 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" [contains a sales pitch for drugs with a link to nolonfeel.com/?a=447] Sample header 2: Received: from dyndsl-080-228-183-144.ewe-ip-backbone.de ([]) by rwcrmxc21.comcast.net (rwcrmxc21) with SMTP id <20060101215950r2100et1lke>; Sun, 1 Jan 2006 22:00:56 +0000 X-Originating-IP: [] Message-Id: <7566343718.35394168922[at]halldesign.com> From: "Tara Singh" <hntmsoqkfycn[at]canadianalodging.com> To: "Bglam" <hntmsoqkfycn[at]canadianalodging.com> Subject: peale dada Date: Sun, 01 Jan 2006 16:57:49 -0500 MIME-Version: 1.0 Content-Type: text/html; charset="us-ascii" [contains a sales pitch for drugs with a link to lihurtinors.com/?a=447]
  25. paul101

    A Few Newbie Questions

    Thank you, Wazoo. I missed that link before. There's so much to explore here! I'm still learning my way. Kudos to all forum admins for what must be a monumental, never-ending, and often thankless task. I'll continue to explore and learn -- and I'll try to stay on topic, avoid duplication and practice all other forms of good netiquette. Paul