.chat.ru

[rconner]

It wouldn't actually hurt to throw in some history - when spamcop began, reports to the abuse address of the web host were educational both to the web host and the person sending spam - who were often legitimate businesses (both online and offline).

Point very well taken. In the old days, the spammer might be violating the AUP of a hosting service, or may even have set up shop in an obscure directory on a cracked web server, so it was easy to pinpoint exactly where they were, and one presumed that the services responsible would want to get reports on the activity (which I think they did by and large). Nowadays, we have chased the spammers into the underworld, only really naive or well-placed spammers will use a single traceable resource for web hosting anymore.

-- rick

[rconner]

Thanks for crystallizing that out Rick - worthy of preservation for future reference/referral I think. While all of that (and much more) is covered in your 'spamweb' pages, I don't think there's anything quite so compact/single page there? For these pages an outline is a useful thing to be able to pull up (though I can't quickly check against what's in the Wiki at the moment).

A lot of this is touched on in ReportingSpamWebsites.

-- rick

[Farelf]

...A lot of this is touched on in ReportingSpamWebsites.

So it is, thanks again Mr. C (I can get to a specific Wiki page without wasting too many of my allocated 2,209,032,000 heartbeats - some say 3,162,071,520 but who's counting? ).

[marhleet]

I don't mind getting bitten, again.

if I paste just the .chat.ru web page into the reporting box, all on it's own, spamcop will spit up yuri's email address instantly.

every time.

why does the resolving link obfuscation routine sometimes manage it, but mostly not manage it.

If i get 100 emails, I'd like to just quick.report them. I'd like to think I can trust spamcop to report the offending IP addresses that sent the email.

and the .chat.ru resolves easily, so send yuri an email too.

Do I then havet o go through 100 spamcop reports to check which ones also need manually sending to yuri ?

[rconner]

I don't mind getting bitten, again.

if I paste just the .chat.ru web page into the reporting box, all on it's own, spamcop will spit up yuri's email address instantly.

every time.

why does the resolving link obfuscation routine sometimes manage it, but mostly not manage it.

That's a good question, the only explanation I can offer is that possibly you are not subject to the same timeout limit when you just paste in the domain as when you are actually reporting spam. There's a long list of things that the parser has to do when it is working on a spam message, it cannot afford the luxury of waiting for long timeouts (and, to a computer, a timeout of as little as one second can be "long" in some cases). You may be using a different bit of code when you are just looking up the domain info, one that allows longer timeouts.

Do I then havet o go through 100 spamcop reports to check which ones also need manually sending to yuri ?

In Quick Reporting, SpamCop doesn't report websites at all. This is no doubt because of the many uncertainties discussed above. So, if you absolutely insist on filing reports on chat.ru via SpamCop, you can't use Quick Reporting for this purpose.

-- rick

Edited to add reply to second question.

[Miss Betsy]

What makes you think that yuri gives a blanketedy-blank? Most probably the only reason that he would even accept your email (or spamcop's report) is to harvest email addresses.

Miss Betsy

[Farelf]

...I don't mind getting bitten, again....

Hopefully your actual mindset is that you're picking the brains of experienced spamfighters rather than that you're braving the put-downs of nasty trolls who unaccountably don't smite themselves with multiple d'ohs at their individual, several and collective stupidity in not realizing, until you show them, how simple it all really is

chat.ru has multiple addresses that could be used to complain about their hosting iniquities:

yuri[at]ehouse.ru (SC, current)

yuri[at]unix.ru (RIPE, SC former)

domain[at]ehouse.ru (ripn.ru)

The trouble with all of them is that, domain or server, there is good reason to believe they are well aware of the activity of their subdomains and just how unwelcome it is to most on whom it is inflicted. I guess the same could be said about MSN and their frequently-abused spaces.live.com but chat.ru also carries exploits (http://safeweb.norton.com/) which would lead some to believe they are definitely 'blackhat' or 'owned' (I say 'not proven' FWIW). Blackhat, slack or overwhelmed, the feeling is they have plenty of evidence already and it is not worth bursting a boiler using a barely appropriate tool to give them more. If they're blackhat such activity could even be counter-productive.