Jump to content
Sign in to follow this  
mailguy99

Spamcop "probing"?

Recommended Posts

This email came through to one of our helpdesk accounts:

Received: from newabe.citeglobe.com ([209.44.124.120]) by mail.xxx.au with MailMarshal (v6,5,4,7535)

id <B4f2f385e0000>; Mon, 06 Feb 2012 13:18:06 +1100

Date: Sun, 5 Feb 2012 20:53:49 +0000 (UTC)

From: Cerys Macdonald via LinkedIn <member[at]linkedin.com>

Reply-To: Cerys Macdonald <billroberts[at]newmail.spamcop.net>

To: helpdeskxxx.au <helpdeskxxx[at]xxx.au>

Message-ID: <1392939564.36279827.1588003540399.JavaMail.app[at]ela9-bed53.prod>

Subject: Cerys Macdonald sent you a message via LinkedIn

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

Our helpdesk software generated a "Thanks for your enquiry" message back to billroberts[at]newmail.spamcop.net and we appear on SCBL and can't send mail to key clients. ??!

The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net?

- mailguy99

Share this post


Link to post
Share on other sites
<snip>

The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net?

...One that either wants you to get on blacklists or wants you to think SpamCop is spamming or both.

...Now that you understand the issue of auto-responders, you have turned yours off, right?

...It is unlikely that this one auto-response alone will have caused you to be listed unless billroberts[at]newmail.spamcop.net is a spam trap. If you wish to see the details, go to SpamCop FAQ (links near top of every SpamCop Forum page) entry labeled "What is on the list?" for an explanation -- scan down to the sections labeled "How the SCBL Works" and "SCBL Rules."

Share this post


Link to post
Share on other sites

209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Share this post


Link to post
Share on other sites

209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap.

- mailguy99

Share this post


Link to post
Share on other sites

Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap.

- mailguy99

The IP seemed to be sending a lot of "spam" possibly vacation notices (I only see subject lines)? This to real peoples email accounts.

Spamtraps alone will not get you listed, they have to be backed up by real reports.

Also the abuse reports to that IP are disabled "abuse (#) netelligent.ca"?

Pay to ask for it to be re-enabled maybe. The spam is still coming from real people today but may be late submissions (just two so far)

Share this post


Link to post
Share on other sites

>- why the reply-to address on the spam they were sending led to a spamcop spamtrap.

What makes you think the address is a trap address? It doesn't look like one to me.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×