Jump to content

Emerson Prado

Members
  • Content Count

    14
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Emerson Prado

  • Rank
    Member
  1. From what I observed, this spammer is simultaneously subscribed in three providers: oi.net.br, gvt.com.br and backbone-br.com.br. I receive alternating messages from each provider (less from oi). What I'm doing, and intend to keep doing, is reporting all messages to SC and to the upstream provider, which I manually check for every new message :angry: . I still think there should be a way to include upstreams in SC notification. But I don't know if it's feasible, because it'd probably require tracerouting each individual message. So I ran out of ideas . Anyway, I leave the information here for the record and just in case it becomes useful. Best regards all, Emerson
  2. Now the MF seems to have moved to a domain other than datacorpore.com.br. I received spam from him today, and the tracerouting points to two addresses: hospedagem-de-site.info and hostlocation.com.br. I can't tell the stream order - the routing is too confusing to my current knowledge. Even though, it seems the .info address is just a fooling route. But the contact addresses are the same as ever: abuse, postmaster and marcelo[at]hospedagemdesite.com.br, as well as the owner: Marcelo Safatle. Anyway, the upstream is now backbone-br.com.br. Let's get back to the rat and cat chase... Note: I don't know if there's still a way for SC to do something about this drifting spammer. But I'm bringing some feedback here just in case anyone wants it. Best regards, Emerson
  3. It seems datacorpore.com.br moved to another host. I tracerouted it and found their IP (201.33.16.104) routes back to gvt.net.br (189.59.244.182), not to oi.net.br anymore. In Registro.br Whois, I only found and admin contact, not an abuse one. I'll contact them and see what we can get. Best regards, Emerson
  4. I see SC isn't interested in accounts with less than 2000 spam messages per day. I'll skip this one, since I don't get that in an year. The party was short about datacorpore and Oi. I'm receiving spam from datacorpore again, though at a very lower pace. I guess they're trying to avoid blocking by limiting the number of messages. This probably indicates the spammer domain could have been notified by Oi. Could someone share thoughts on copying reports to the upstream address? Best regards, Emerson
  5. I'm afraid you didn't get the whole issue. I'll address each point: The violation I'm talking about, and is the topic, is spam being sent from datacorpore.com.br. The address selling remark intent is to illustrate how serious is the issue - not being able to block an offending domain. The reports are being sent to datacorpore.com.br, not its upstream provider. Adding the upstream provider for such a case is exactly what's being requested. That was said more than once and long understood. The manual action being requested is adding the upstream provider's abuse address to the recipient list of a domain which refuses to take action by itself. Good idea. How does that work? Can it be a free mail, like GMail or Yahoo? Great hint! We just have to make sure the address is really invalid. Though, if it's valid, we won't be able to create an account anyway. The only drawback is to choose an invalid address which was already owned... BTW: it's been 3 days since I received my last spam from datacorpore.com.br, and one spammer previously hosted there (GHR Marketing) moved to a Chinese provider. I wrote datacorpore's upstream provider - oi.com.br - 6 days ago. Before so, I used to receive around 2 spams per day from this server. Is it a coincidence or did the upstream really step in? Best regards, Emerson
  6. I have just received spam from one spammer (GHR Marketing) who was always hosted at datacorpore. But, this time, the message came from China: http://www.spamcop.net/sc?id=z4167494130z4...ce573e95f34930z Let's see what I still receive from datacorpore (I got one spam from them this morning, not from GHR). Best regards, Emerson
  7. Just an update: the said deputies weren't of much help. They just said the blacklist is automatically generated, and just didn't answer yet about adding the upstream provider contact address in the abuse report recipient list. I contacted the upstream provider. Brasil Telecom is being acquired by Oi (oi.com.br), and the Whois (https://registro.br/cgi-bin/whois/) contact is at the latter. Though Whois only indicates a support contact (mariana.bion[at]oi.net.br), I wrote them and they provided me an abuse contact (csirt[at]oi.net.br). One sad issue is the lack of reports. If those were sent by more recipients, datacorpore/hostgold would be blacklisted for sure (they send spam almost daily). Another sad issue is that those spammers sell addresses, and none seems interested in this violation. At least not SpamCop nor Cert. But let's see what Oi does. It ain't over 'till it's over. So long, Emerson
  8. Thanks for the info. Now I see that a possible cause for this spammer not be stopped is lack of reports. They are probably not being caught by spamtraps. Absolutely true. They even have special powers in the Brazilian Supreme Court - but this is a completely different issue... * Even though, since the offending domain seems interested in spams somehow (they even spamvertise mailing lists), it would be a nice try to make the upstream provider aware. We might get somewhere or nowhere - but reporting to the offender only sure leads nowhere anyway. Sorry, but I didn't get you here. The suggestion was to notify the upstream provider (Brasil Telecom), not Nic or Cert. Though, BTW, Cert encourages anyone reporting Brazilian spam to copy them, so they can keep track of the overall situation. Besides, Cert is tied to Registro.br, which controls Brazilian domains. Being Brazilian, I have Cert on my public reporting address by default. What to do about these MF? Best regards, Emerson *If one got curious, search "Daniel Dantas", "Gilmar Mendes" and "BrT Oi". Be seated and certain your heart is healthy before starting.
  9. This seems a long inactive topic, but it's closely related to another one I opened a few days ago: http://forum.spamcop.net/forums/index.php?showtopic=11344# I just want to add something on some questions above: 1.No address is blacklisted. I tried 201.33.16.109 (datacorpore.com.br) and 201.33.16.107 (hostgold.com.br). 2.The current upstream seems to be brasiltelecom.net.br (200.96.255.21), not blacklisted either. 3.I just wrote the deputies, as suggested. Best regards
  10. Emerson Prado

    more unstoppable spam query

    Reading throughly the topic suggested by Snowbat http://forum.spamcop.net/forums/index.php?showtopic=10380# gave me a sad picture of how it really is about this domain and what we can do about it. In fact, my issue is exactly the same discussed in that topic. Would it be better if I followed up there, so we have just one thread for this subject? I'll write the deputies, as suggested in that thread. Let's see. Best regards all, Emerson
  11. Emerson Prado

    Flood of spam?

    I already got good results reporting Brazilian spam. A couple providers wrote me* just to state they cancelled the offender's account and to thank for reporting abuse. Also, my spam receiving rate has lowered quite a bit - from around 10-20 to 3-5 spams per day, after several months of intense reporting. Maybe spammers don't like spamming those who report them. But there are issues there seems to be no action about, like this one: http://forum.spamcop.net/forums/index.php?showtopic=11344. It's interesting to think about the stats. Well, 1 million spams per second is a low rate... Gosh! But it's more interesting to think we can fight it. Pls have patience and shoot fast. BTW, I'm Brazilian. Sad to know so much junk comes from here. Best regards, Emerson *Do you use munged reports? I don't, since spammers can track the message down anyway, and I declared war on them .
  12. Emerson Prado

    more unstoppable spam query

    Pls feel welcome to challenge anything. Maybe I missed something and can look for. In fact, I tried both addresses (cert and mail-abuse at cert dot br), in different time frames. I changed from mail-abuse to cert recently, just to see if something happened. I'll probably revert to mail-abuse, since this is a mail abuse issue (though the guy sells addresses). But, since I used that before, this doesn't seem to be the cause. Many thanks and best regards, Emerson
  13. Emerson Prado

    more unstoppable spam query

    Oops, sorry! Here's the correct url: http://www.spamcop.net/sc?id=z4010880963za...3b90e00a33a834z Thanks, Emerson
  14. Emerson Prado

    more unstoppable spam query

    Hi all, This is my very first post here, so I apologize if I'm doing it the wrong way somehow. I also have a problem with an unstoppable spammer. The offender sells addresses and does mail listings - so it also feed other spammers. But, after dozens and dozens of reports sent thru SpamCop, nothing changed at all. The spammer is still happily sending junk and helping others sending junk around. This is my last report: http://www.spamcop.net/mcgi?action=gettrac...rtid=4944509793 I guessed the offender also owns the domain the messages come from and the links point to - the domain is the same. This way, reporting to him is plainly useless. I still report but unchecking his own addresses. I also wrote to the local (Brazilian) domain certifier (Cert), without answer (what doesn't mean without action). Is there another way to fight this guy? Best regards, Emerson Admin Edit: ectracted from http://forum.spamcop.net/forums/index.php?showtopic=11310 as it isn't actually carrying on 'that' Discussion. PM sent to advise of this action/move.
×