Jump to content

Brazil filters not working?


petzl

Recommended Posts

...That figure suggests to me that Brazil IPs and customers are the least security-conscious, leading to their being used by botnets by what I would guess are at least as often American and Russian/Eastern European as Brasilian. And that's in absolute numbers, not proportionally -- Brasil has a large population.

Link to comment
Share on other sites

...That figure suggests to me that Brazil IPs and customers are the least security-conscious, leading to their being used by botnets by what I would guess are at least as often American and Russian/Eastern European as Brasilian. And that's in absolute numbers, not proportionally -- Brasil has a large population.

Nope! All the spam I'm getting is from Brazil and in Brazilian (Portuguese) with spamvertised websites (often with Trojan attachments/infected websites) in Brazil.

I also use Greylisting which means all spam is through a Brazil mail server. Reporting does no good as does"unsubscribing", BOTH just validates your email address for more spam

I don't think the blacklist "br.countries.nerd.dk" SpamCop email uses has ever worked (or been working)

I'm finding from experience Brazil is a complete and proper Ass

Link to comment
Share on other sites

Nope! All the spam I'm getting is from Brazil and in Brazilian (Portuguese) ...
...Okay, although not definitive, it's moderately convincing. I say "not definitive" and "moderately" because if I were an American or Russian spammer and knew I had botnets consisting of Brasilians, I might compose my spam in Portuguese to mislead people into thinking I was Brasilian.
... with spamvertised websites (often with Trojan attachments/infected websites) in Brazil.
...Sorry, I don't find this convincing at all. Anyone can spamvertize any web site; there are no edits that restrict non-Brasilian spammers from spamvertizing Brasilian web sites.
I also use Greylisting which means all spam is through a Brazil mail server.
...Also not convincing to me. As I understand it, greylisting just tells sending machines "not here now, resend later" hoping that spamming machines will not bother to retry. But spammers can retry. Also, an American or Russian spammer can use a Brasilian mail server.
Reporting does no good as does"unsubscribing", BOTH just validates your email address for more spam

<snip>

...Regarding unsubscribing: naturally! As has been repeated here and elsewhere quite often, never try to unsubscribe from something to which you've never subscribed, that's just not good e-mail practice! Regarding reporting: that an oft-repeated claim but I haven't ever seen it shown conclusively -- requests for further analysis either have not been answered or have shown that the conclusion that reporting leads to more spam was erroneous.
Link to comment
Share on other sites

...Okay, although not definitive, it's moderately convincing. I say "not definitive" and "moderately" because if I were an American or Russian spammer and knew I had botnets consisting of Brasilians, I might compose my spam in Portuguese to mislead people into thinking I was Brasilian....Sorry, I don't find this convincing at all. Anyone can spamvertize any web site; there are no edits that restrict non-Brasilian spammers from spamvertizing Brasilian web sites....Also not convincing to me. As I understand it, greylisting just tells sending machines "not here now, resend later" hoping that spamming machines will not bother to retry. But spammers can retry. Also, an American or Russian spammer can use a Brasilian mail server....Regarding unsubscribing: naturally! As has been repeated here and elsewhere quite often, never try to unsubscribe from something to which you've never subscribed, that's just not good e-mail practice! Regarding reporting: that an oft-repeated claim but I haven't ever seen it shown conclusively -- requests for further analysis either have not been answered or have shown that the conclusion that reporting leads to more spam was erroneous.

There is no doubt the spammers are Brazilian as are the Brazilian websites. Even reporting does nothing except increase the spam from Brazil. I'm not a complete idiot

I'm 100% positive the spammers are Brazilian and have the co-operation of Brazils ISP's

Most are caught by spam assassin and my personal blacklist. The few that get through are not caught by the Brazil countrywide blocklist I have activated. If it's not working I need one that does . This regardless of your completely wrong opinion, is what I'm talking of and complaining about

Link to comment
Share on other sites

<snip>

I'm not a complete idiot

...And I did not mean to suggest anything different! I am only suggesting that there are alternative explanations to your claim that the originators of the spam are Brasilian and these can not be eliminated with the information you've provided here so far.
I'm 100% positive the spammers are Brazilian and have the co-operation of Brazils ISP's

<snip>

...While you are under no obligation to do so, as others can judge what you say themselves, I would very much appreciate more convincing evidence.
This regardless of your completely wrong opinion

<snip>

...Well, I think rather than throwing epithets, it would more helpful if you made a real attempt to show that my proposed alternative explanations (I expressed no opinion other than that I find your arguments unconvincing) are mistaken with respect to your experience. What have you seen that will dispel in others' minds any doubt that the spammers are in fact Brasilian rather than, say, American or Russian, so that we are all as sure as you? Reference to the source IP address is not sufficient because those might be part of a spambot under the control of someone outside of Brasil.
Link to comment
Share on other sites

...And I did not mean to suggest anything different! I am only suggesting that there are alternative explanations to your claim that the originators of the spam are Brasilian and these can not be eliminated with the information you've provided here so far....While you are under no obligation to do so, as others can judge what you say themselves, I would very much appreciate more convincing evidence....Well, I think rather than throwing epithets, it would more helpful if you made a real attempt to show that my proposed alternative explanations (I expressed no opinion other than that I find your arguments unconvincing) are mistaken with respect to your experience. What have you seen that will dispel in others' minds any doubt that the spammers are in fact Brasilian rather than, say, American or Russian, so that we are all as sure as you? Reference to the source IP address is not sufficient because those might be part of a spambot under the control of someone outside of Brasil.

Don't understand what your false & delusional rant has to do with the "Block Brazil" filter not working

Link to comment
Share on other sites

...Okay, it is now clear to me that you no longer wish to engage in a rational conversation, where we exchange facts, opinions and interpretations: you seem to wish to merely throw out unsupported statements (perfectly okay, as long as when alternate interpretations are suggested you reply in kind) and reply with insults but no furthering of your position. This behavior is inconsistent with previous posts I've seen under the name of "petzl" -- I guess I was misled into thinking you were the same person who has posted several hundred times before under that name. Sorry to have wasted your time (and mine).

Link to comment
Share on other sites

Hi petzl,

Yes it looks like something is wrong on the SC end of that filter. nerds.dk appears to work fine with that example. Looking up 187.61.57.126

C:\Documents and Settings\Admin>nslookup

...

> 126.57.61.187.br.countries.nerd.dk

Non-authoritative answer:

Name: 126.57.61.187.br.countries.nerd.dk

Address: 127.0.0.2

> set type=txt

> 126.57.61.187.br.countries.nerd.dk

...

Non-authoritative answer:

126.57.61.187.br.countries.nerd.dk text =

"Your IP is in br, rejected based on geographical location"

> exit

C:\Documents and Settings\Admin>

Have you reported this to JT? Seems like the sort of thing he/his support person could sort out fairly easily (possibly with your help to check function given a ready supply of br spam and perhaps to fiddle with your account configuration). I don't know that either looks "here" that often.

Link to comment
Share on other sites

Yes it looks like something is wrong on the SC end of that filter. nerds.dk appears to work fine with that example. Looking up 187.61.57.126

Have you reported this to JT? Seems like the sort of thing he/his support person could sort out fairly easily (possibly with your help to check function given a ready supply of br spam and perhaps to fiddle with your account configuration). I don't know that either looks "here" that often.

Thanks for checking

I thought that SpamCop Email issues was what this forum was about?

Were also interested if anyone else were finding Brazil getting through?

Brazil for some reason has picked up my email address and are flogging it

.

My spam is well over 90% from Brazil with odd bits coming from English speaking spammers.

Last event was security certificates expiring.

SpamCop email also now needs to increase file size to at least 25 megs It's now not with the times

This is not the first time the Brazil Blocklist has fallen over

Boils down to me just being a customer finding SpamCop Email an excellent reliable service and wish it to remain so. I'm finding though that even reporting spam to Brazilian ISP's just creates more spam.

I do check these things out. Brazil is a notorious spam supporting nation with the deserved reputation of being so

My pet hate has always been spammers and been around for years attacking them, Part of my attack has been to cancel or white-ant Brazil exports to Australia which I'm very successful at. I see Brazil is hosting the Golf Olympics, spammers just tarnish the image of the whole nation

Link to comment
Share on other sites

...I thought that SpamCop Email issues was what this forum was about?

Were also interested if anyone else were finding Brazil getting through? ...

Yep and yep. Could be an issue that requires some interaction to sort out and short of SC having a spare account complete with .br spam you might have elected yourself to assist. No "me too"s so far so I'm guessing there's not too many getting and bothered by old-fashioned "straight-up" spam from that location. Or if there are, they don't know about this forum.

As an aside, fully support your stance on (not) using opt-out links in spam but you're already on some lists, the example shown was apparently straight-up (sender e-mail address matches sending server/domain/network) so I wonder what you have to lose by giving it a go? If your Brazilian spam has been steadily declining over the years I guess you would be hesitant but if it hasn't then you should maybe take every prudent step available. Not that responding to straight-up spam is particularly prudent but I figure a 50-50 chance of it being honoured. These guys are (apparently) paying for their own bandwidth, unlike most spam-senders these days.

Anyway, contact with JT - I figure if you log in to your account and hit the "problem" button and give him a reminder to look at this topic (or even send him an email) is another way to increase your odds of getting it resolved in a timely manner.

...SpamCop email also now needs to increase file size to at least 25 megs It's now not with the times...
I'm sure others would agree. Doesn't look like people are ever going to go back to sending plain text with no attachments ... :P
Link to comment
Share on other sites

As an aside, fully support your stance on (not) using opt-out links in spam but you're already on some lists, the example shown was apparently straight-up (sender e-mail address matches sending server/domain/network) so I wonder what you have to lose by giving it a go? If your Brazilian spam has been steadily declining over the years I guess you would be hesitant but if it hasn't then you should maybe take every prudent step available. Not that responding to straight-up spam is particularly prudent but I figure a 50-50 chance of it being honoured. These guys are (apparently) paying for their own bandwidth, unlike most spam-senders these days.

I'm sure others would agree. Doesn't look like people are ever going to go back to sending plain text with no attachments ... :P

spam from Brazil has been increasing

I did check the the owners of this Brazilian spam site (I repeat never contacted Brazil ever except to test their unsubscribe link, these though don't work )

Don't trust them however they are already attacking my email address so I figure what the heck

I would not even trust sending an email to Brazil for checking hotel rates as your email address is likely to be scrapped by a Brazilian ISP "provider (use a free throwaway like gmail if you do). Brazil IS that bad

Link to comment
Share on other sites

I thought that SpamCop Email issues was what this forum was about?

True enough. Yet ,,, I haven't actually talked to JT in a couple of years. He has gone through at least two 'support staff' folks. The latest hasn't actually logged in here in quite a while (not to say that he/she doesn't peruse in Guest mode??) When something does become apparent as a major item, I will try to get it elevated as best I can. Example, the phone nuber still works, left a voicemail about the certificate issue ... however, I have no idea if that was the tipoff or if other e-mails to 'support' brought it to his attention. (Again, I can only point to the lack of direct feedback over the last few years.)

Were also interested if anyone else were finding Brazil getting through?

I also, waiting to see the scale of the problem. Lack of the "me too" Posts really hurt your cause,

My spam is well over 90% from Brazil with odd bits coming from English speaking spammers.

In my case, it's China, with the alleged ISPs and the Domain Host for the spamvertisd URLs apparently working together, moving from one /24 block to another as the weeks go on.

This is not the first time the Brazil Blocklist has fallen over

What are the odds that the slippage is from a specific server or two? Scenario being that a server was added/updated and the specific BL wasn't configured in ...????

Link to comment
Share on other sites

Can I suggest adding "br" (without the quotes) to your Spamcop Mail personal blacklist ?

Done that (I think I told you?) That does catch most

Reporting just don't stop them so I now attack Brazil

True enough. Yet ,,, I haven't actually talked to JT in a couple of years. He has gone through at least two 'support staff' folks. The latest hasn't actually logged in here in quite a while (not to say that he/she doesn't peruse in Guest mode??) When something does become apparent as a major item, I will try to get it elevated as best I can. Example, the phone nuber still works, left a voicemail about the certificate issue ... however, I have no idea if that was the tipoff or if other e-mails to 'support' brought it to his attention. (Again, I can only point to the lack of direct feedback over the last few years.)

I also, waiting to see the scale of the problem. Lack of the "me too" Posts really hurt your cause,

In my case, it's China, with the alleged ISPs and the Domain Host for the spamvertisd URLs apparently working together, moving from one /24 block to another as the weeks go on.

What are the odds that the slippage is from a specific server or two? Scenario being that a server was added/update and the specific BL wasn't configured in ...????

The "me too" as you say hurts my cause. But I see this newsgroup dying

I suspect spam filters work and not as big a concern as it once was?

Greylisting works most effectively

Brazil spammers seem to be institutionalized and part of the risk in contacting Brazil (not that I have ever done so except in reporting)

The Brazil country Blocking though never seems to never pick up spam. Always spam Assassin or my personal blacklist

Link to comment
Share on other sites

The Brazil country Blocking though never seems to never pick up spam. Always spam Assassin or my personal blacklist

Not my area of great expertise but, as I understand, grey-listing is first, then personal blacklist followed by SpamAssassin. So the country specific BLs as well as the SCBL are lower down the check and, therefore, less likely to be triggered.

Andrew

Link to comment
Share on other sites

Not my area of great expertise but, as I understand, grey-listing is first, then personal blacklist followed by SpamAssassin. So the country specific BLs as well as the SCBL are lower down the check and, therefore, less likely to be triggered.

I think you are right? However look

this is blocked by both SpamAssassin and personal blacklist not block Brazil

http://www.spamcop.net/sc?id=z4748157800zb...;action=display

189.109.220.229 BR BRAZIL RIO DE JANEIRO RIO DE JANEIRO COMITE GESTOR DA INTERNET NO BRASIL

Link to comment
Share on other sites

And correctly identified on br.countries.nerd.dk lookup:

C:\...>nslookup -q=txt 229.220.109.189.br.countries.nerd.dk

...

Non-authoritative answer:

229.220.109.189.br.countries.nerd.dk text =

"Your IP is in br, rejected based on geographical location"

C:\...>

But doesn't your example just prove the point that Andrew is making? It says

X-SpamCop-Checked:

X-SpamCop-Disposition: Blocked SpamAssassin=7

X-SpamCop-Disposition: Blacklist br

Doesn't that mean the blacklist "br" triggered before the br.countries.nerd.dk lookup could occur? In other words, would it work if you suspend the blacklist "br"? Sorry, you're "Like hunting with Ray Charles" with me involved, I don't use SC mail.

Link to comment
Share on other sites

Not my area of great expertise but, as I understand, grey-listing is first, then personal blacklist followed by SpamAssassin. So the country specific BLs as well as the SCBL are lower down the check and, therefore, less likely to be triggered.

In fact for the past several years the order has been

SpamAssassin

Block lists and Blocked Russian

Personal Blacklists

The difference is that the

X-SpamCop-Disposition: Blacklist xx

still appears in the headers even if SA triggers "held" but only if SA doesn't trigger is the blocklist look up done.

Link to comment
Share on other sites

OK, both blade4.cesmail.net and mxin2.cesmail.net were involved on this one. What about one of the items that you are complaining about?

http://www.spamcop.net/sc?id=z4730282639zb...54222fac9711d4z

blade4.cesmail.net again (looks like spamAssassin was off?).

mxin1.cesmail.net

I did hit the "problem" button and got the "we know nothing" reply

"We do not maintain the country blocklists; we have no control over what IPs are in them. I expect all the country blocklists are incomplete."

I KNOW the IP was and is listed though

Unless SpamCop email brush up their act they become unlikely get another US$30 out of me.

In fact for the past several years the order has been

SpamAssassin

Block lists and Blocked Russian

Personal Blacklists

The difference is that the

X-SpamCop-Disposition: Blacklist xx

still appears in the headers even if SA triggers "held" but only if SA doesn't trigger is the blocklist look up done.

That's what I thought. which further confirms block Brazil has NEVER worked.

Most gets caught just by my Blacklist or SpamAssassin but never block Brazil

Link to comment
Share on other sites

The Q1 2010 Sophos Dirty Dozen list weighted for estimated internet users per country looks like this:

Country	% spam	% ww users	Ratio
Romania	2.50% 	0.39% 		6.46 : 1 
Vietnam	3.40% 	1.22% 		2.79 : 1 
S Korea	4.80% 	2.02% 		2.38 : 1 
Poland 	2.40% 	1.14% 		2.11 : 1 
Italy	  3.10% 	1.52% 		2.03 : 1 
India	  7.30% 	4.12% 		1.77 : 1 
Brazil 	6.80% 	3.88% 		1.75 : 1 
France 	3.00% 	2.27% 		1.32 : 1 
UK	 	3.10% 	2.61% 		1.19 : 1 
USA		13.10%	12.16%		1.08 : 1 
Russia 	3.10% 	3.05% 		1.02 : 1 
Germany	3.20% 	3.32% 		0.97 : 1 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...