Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About PhilS32767

  • Rank
  1. One thing that would really be helpful is a depth count of how many unreported spams are waiting in the queue to be reported/sent -- *before* clicking the "remove all unreported spam" link. The Spamcop UI reports how many queued messages it deleted *after* you click on "remove all unreported spam", but it would be very helpful to see that count *before* deciding to blow it all away. Please pass along to deputies/Julian or whomever should be getting enhancement requests like this. Thanks! -- Phil Schwarz mostly-satisfied paid user (3rd year, now, just renewed)
  2. Looking to the collective wisdom of the Spamcop user community for some insights here... What is the real point behind all the phony "mortgage application accepted" spams? Are they a kind of phishing expedition, to get the gullible to provide working e-mail addresses or identity and financial info? Should they be copied to the reporting address for contributions to antiphishing.org's database of phishing scams? If they are not phishing hooks but rather simply less-than-honest mortgage brokers and peddlers of deceptive mortgage instruments (such as interest-only mortgages or mortgages that have a mechanism in the fine print for enabling negative amortization of principal), is there a good third party to report actual mortgage scams to? Another category of spam I suspect may be a form of phishing hook: the ads for websites or organizations purporting to match up furtive seekers of sexual encounters of one kind or another... "hot singles", "bored housewives", etc. Are these things basically phishing hooks for identity info and working e-mail addresses? Finally... is there any good third party to report the following categories of spam to? * Fake diploma mills * Advertisements for "bullet-proof" web and mail hosts * Claims of stolen identity and financial data for sale The latter category strikes me as most likely to be crude Joe jobs of one kind or another. Nobody really trafficking in stolen identity information would spam the world about it. Anybody have further insights on this kind of thing? Thanks in advance for any constructive input/insight into what the modus operandi behind each of these categories of spam is likely to be, and any worthwhile third party to copy on any of these categories of spam. -- Phil
  3. http://www.spamcop.net/sc?id=z468834711z37...f67304d5227ab9z Accepted a header with no identification of receiving host, immediately following the last header that *should* have been accepted.
  4. PhilS32767

    Mailhosts-detected forgeries

    This is really a matter of making sure that the reports that Spamcop generates identify disinfecting or disconnecting subscriber PCs that have been infected by Trojans and are functioning as unwitting open relays as the required action to take. -- Phil
  5. PhilS32767

    Mailhosts-detected forgeries

    I enabled Mailhosts yesterday -- so far so good. I notice now that the parser identifies the first IP in the Received: header chain *beyond* my registered mail hosts as the point of origin of the spam (as expected), and labels all subsequent Received: headers as probable forgeries. At first I wondered about this, because some of the Received: headers discarded as untrustworthy look quite plausible: the "by" IP address matches the "from" IP address of the preceding Received: header in the chain, and the "from" IP address looks at minimum well-formed. But even supposing those headers were legitimate, it makes sense to report that first IP address beyond the chain of registered mail hosts -- because if it isn't the source, then it is a relay. Most often, when there are plausible-looking Received: headers after that first IP address beyond the chain of registered mail hosts, that first IP address is in the namespace of one of the big broadband ISPs. Which means that that first IP address may well be a Trojan-infected subscriber's PC. My only question is this: how are the major ISPs responding to those reports? Is it clear to them, when they get such reports, that what has been identified might be a Trojan-infected subscriber's PC? Are they by and large willing to take steps to disinfect or at least disconnect such Trojan-infected PCs? I think that is critical. If we don't succeed in identifying and shutting down or cleaning up as many such Trojan-infected PCs as possible, the spammers will win, because they will have a never-ending supply of anonymizing relay points.
  6. PhilS32767

    Posting to n.a.n-a.e

    I'm a little bit baffled about how and where (if anywhere) on the news.admin.net-abuse.* newsgroups it would be appropriate to forward Spamcop reports. It sounds like the appropriate place for reporting spam, in particular spamvertisements for spammer-friendly web- and e-mail hosting, would be news.admin.net-abuse.sightings. But it appears that n.a.n-a.s wants the original spam, not a Spamcop report. Is that the case? It would be *very* convenient if it accepted forwarded Spamcop reports but sampling it for a couple of days I don't see any. I think it is robo-moderated, so anything not conforming to the bot's format rules is not posted. Is there anyplace that gives a concise summary of how to format a forward of an original spam so that it meets the bot's formatting requirements? Thanks in advance for any pointers... -- Phil
  7. Back before the new Invision board was set up, I started this thread on the spamcop.help newsgroup, and JeffG provided the (non-wacka'ed) responses. I have a few additional categories to request effective 3rd party followup suggestions for: * University diploma "mills" * "Find out secret information about anybody" gambits * Selling the "banned" CD that the government doesn't want you to have :-O * Too-good-to-be-true mortgage/loan offers (3rd parties other than uce at ftc.gov?) * See pay-per-view/cable TV for free gambits (3rd parties other than one's own ISP, which is usually not a directly interested 3rd party?) * Copy DVDs in your computer's CD burner gambits (3rd parties other than software at bsa.org?) * Pornography or sex sites/ads/propositions other than child pornography Any useful suggestions welcome. Perhaps a distillation of all of the suggestions could be made a pinned topic? -- Phil > I've seen the following short list of suggested 3rd party recipients > for spam reports on various posts here in the forums: > > Send your mlm plans and credit plans to uce at ftc.gov > Copy health aids & enhancement pill programs to otcfraud at > cder.fda.gov > African generals and ex-ministers please reply to 419.fcd at > usss.treas.gov > Enforcement at sec.gov is most interested in your secret stock tips. > > Webmaster at bsa.org has been suggested, in addition, for spam > selling software. I've heard that software at bsa.org is better for that. > Are there any additional third parties worth reporting the following > categories of spam to? > > * Pornography Please report child porn to infso-desk/at/cec.eu.int and: mail [at]at[at] wettbewerbszentrale.de info [at]at[at] BKA.de poststelle [at]at[at] regtp.de cp [at]at[at] interpol.int info[at]at[at] europol.eu.int info[at]at[at] computerbetrug.de info [at]at[at] vzbv.de contact [at]at[at] spammer-hammer.de > * Spammer tools & services, eg. CDs of e-mail addresses, > spammer-friendly web & e-mail hosting, software for generating and > mailing spam Please report these in NANAE so that SPEWS will notice. No, I'm not SPEWS or related to them, but I appreciate what they do. > * Travel or vacation offers These usually involve Florida. Try the Florida State Attorney General's Office. > * Bogus lottery notifications (variants of the 419 scam?) 419 (advance fee fraud) should be reported to 419.fcd at usss.treas.gov