Jump to content

andyroo

Members
  • Content Count

    2
  • Joined

  • Last visited

Community Reputation

0 Neutral

About andyroo

  • Rank
    Newbie
  1. Hi! For the last week I've been getting targeted spam (to .edu addresses) that spamcop identifies as being from liquidweb.com. When I run a whois by domain name, the owner comes back whoisguard protected, registered by either namecheap or enom. when I run by IP address, the address block comes back registered to liquidweb. Both enom and namecheap state that they have policies prohibiting users of their services from sending unsolicited bulk commercial email, but they don't come up in spamcop reporting as options to email to. Liquidweb is unresponsive. I am preparing to manually report the spam to enom and namecheap, but I wanted to get feedback on this. A detailed description of the spam sources and content follows. I'm guessing that liquidweb is allocated the block of IP addresses that these domain names (six so far) are registered to. But I haven't seen any replies from them in over a week of spams. I'm getting 5-10 per day from these addresses (IP addresses are just the last few I've reported): [http:// flightsinthedark.com] ( 69.16.251.182 )( 69.16.242.62 ) [http:// bigbrownsquares.com] ( 69.16.242.61 ) [http:// medianaliter.com] ( 69.16.251.181 )( 69.16.242.61 ) [http:// nomoechopollo.com] ( 69.16.242.59 )( 69.16.242.60 )( 69.16.242.210 ) ( 69.16.242.211 )( 69.16.242.212 )( 69.16.251.180 ) [http:// fishgrantisotis.com] ( 69.16.242.59 )( 69.16.242.61 ) [http:// beejungleribbon.com] ( 69.16.251.180 )( 69.16.251.182 ) ( 69.16.242.62 ) Each email has links that redirect to a site that runs you through a kajillion offers (I just filled in the info from the unsubscribe address when I was looking into it). Then, right before you're supposed to get whatever free thing they're offering, the page hangs on a survey (in MSIE or firefox). It appears to be a deceptive site designed to get you to fill out a whole bunch of personal info on a whole bunch of marketing lists. I imagine they get a kickback. If you want to follow the links, some valid three digit codes are 156,157,158,064 The general email format is: From: Financial Department <studentpromotion[at][insert domain name from above]> Subject: [insert promotional offer name here To: myemail[at]university.edu Students Get our [ insert offer here] What are you waiting for? Congratulations! You have been selected to receive a [insert offer here] Simply click on the link to complete the application. Click Here (http:// nomoechopollo.com/redir.php?id=158&e=myemail[at]university.edu) [more offer-specific text) Click Here (http:// nomoechopollo.com/redir.php?id=158&e=myemail[at]university.edu) Sincerely, [offer dependent signature] College Group Only Sends Top Offers and Services To Students. We Wish You Great Success This Fall. Please click here to unsubscribe or mail your unsubscribe request to the address below. [http:// nomoechopollo.com/uns.php?c=studentpromotion&m=] [ten digit identifier]&e=myemail[at]university.edu College Group Services 5715 Will Clayton #2158 Humble, TX 77338 Moderator edit - URLs delinked ... Farelf
  2. I apologize if I should be starting a new topic, but my issue seemed so similar to copacetic's that it's eerie... Also this is my first post and I'm a spamcop newb. I use thunderbird v1.5.0.5 (20060719) with an IMAP server. expert computer user. Like copacetic, I have a forwarding account for alumni (which primarily gets spam at the moment) and an active account at a university. So my email addresses are myemail[at]x.yyy.edu and myemail[at]alumni.yyy.edu. currently, myemail[at]alumni.yyy.edu forwards to myemail[at]x.yyy.edu. I registered myemail[at]x.yyy.edu, selecting all (relays?) and was able to get success messages (finally) after 4 attempts (discussed more below). BUT, when I tried to register myemail[at]alumni.yyy.edu, I got the account config emails, used the method that was successful in registering my previous email, and never got any additional success replies. However, when I looked at the mailhosts tab, it only lists the alumni.yyy.edu address under Hosts/Domains. Since I followed the instructions re - registration order, I'm not going to do anything else until I hear from somebody. But I thought it odd that I don't see both registered email addresses, and that I didn't get more success messages. Re- failures replying to test msgs prior to success First, I fwded the messages inline (with show all headers ON). I got a reply that the headers were mangled. 2nd, I fwded the messages by starting a new email for each, copy paste reply address, and copy/paste email source (CTRL-U,CTRL-A,CTRL-C). same reply 3rd, I fwded the messages as attachments (although I did try to attach them all to one email). same reply 4th (and finally success) I copy/paste source to the webpage at: http://www.spamcop.net/mcgi?action=mhreturn So.. until I understand why the outcomes discussed above happened, I'll just paste spam I get into spamcop I guess (it sure would be easier to fwd it!). Please advise, and thank you! ARoo
×