Jump to content
Sign in to follow this  
efa

phisher hide them behind Spamcop "refuse this type of report"

Recommended Posts

SpamCop will not send reports to people who have asked us not to.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Do they get treated differently in the BL?

Share this post


Link to post
Share on other sites
Do they get treated differently in the BL?
...Long answer: see SpamCop FAQ (links to which can be found near top left of each SpamCop Forum page) entry entitled "What is on the list?"

...Short answer: no, SpamCop does not take in to account whether or not an abuse address has *received* abuse reports when it decides whether to list an IP address.

...However:

  • when I look at the page that comes up with your tracking URL, I do not see any mention of "refuse this type of report" for 'misbruik[at]casema.nl'."
  • this seems to be associated with a hyperlink, not with the spam e-mail source and, therefore, SpamCop will not list it, anyway.

...Having the information from SpamCop that the correct abuse address is misbruik[at]casema.nl, you could send your own complaint. Or you could use Kujon or Complainterator (discussed elsewhere in these fora), which are tools for reporting such "spamvertized" web sites.

Share this post


Link to post
Share on other sites

[*]when I look at the page that comes up with your tracking URL, I do not see any mention of "refuse this type of report" for 'misbruik[at]casema.nl'."

happened on the original post, from tracking url you can understand what happened, because of:

misbruik#casema.nl[at]devnull.spamcop.net

...Having the information from SpamCop that the correct abuse address is misbruik[at]casema.nl, you could send your own complaint. Or you could use Kujon or Complainterator (discussed elsewhere in these fora), which are tools for reporting such "spamvertized" web sites.

I know, I'm the author of xComplaint and xPhish. The question was to warn Spamcop that a phisher (not a simple spammer) is hiding himself behind SC reporting tool behavior.

Edited by efa

Share this post


Link to post
Share on other sites

SpamCop will not send reports to people who have asked us not to.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Maybe that's because it's the wrong abuse address?

83.85.138.10

83.85.136.0 - 83.85.143.255

It's abuse[at]as9143.net

http://www.apnic.net/apnic-info/whois_search2

role:			ZIGGO CO BACKBONE AND SECURITY
address:		 Winschoterdiep 60
address:		 9723 AB Groningen
address:		 The Netherlands
phone:		   +31(0)88 717 0000
admin-c:		 ZIPA1-RIPE
tech-c:		  DM1718-RIPE
tech-c:		  GH1829-RIPE
nic-hdl:		 ZBBS1-RIPE
abuse-mailbox:   abuse[at]as9143.net
mnt-by:		  ZIGGO-MNT
source:		  RIPE # Filtered

Edited by petzl

Share this post


Link to post
Share on other sites
<snip>

The question was to warn Spamcop that a phisher (not a simple spammer) is hiding himself behind SC reporting tool behavior.

...That does not appear to have happened:
Tracking message source: 220.133.64.125:

Routing details for 220.133.64.125

[refresh/show] Cached whois for 220.133.64.125 : network-center[at]hinet.net network-adm[at]hinet.net

Using abuse net on network-center[at]hinet.net

abuse net hinet.net = spam[at]ms1.hinet.net

Using best contacts spam[at]ms1.hinet.net

<snip>

Reports regarding this spam have already been sent:

Re: 220.133.64.125 (Administrator of network where email originates)

Reportid: 5732163047 To: spam[at]ms1.hinet.net

<snip>

So the (e-mail) spam source, 220.133.64.125, was sent a complaint and your report will count towards the statistics used to determine whether or not this spam source will be listed on the SpamCop blacklist! :) <g> As mentioned elsewhere, SpamCop does not consider a spamvertized URLs to be spam sources.

Share this post


Link to post
Share on other sites

I'm worring about someone is hiding phishing activity behind SC reporting tools behavior. The phish mails are all sent via compromised/hijacked PC, and contain link that is the phishing itself. Forgot phish/spam mail source, normally SC send a complaint to host of links inside the spam/phish mail, but with this host does not happen. The phisher know that, and use this method to hide the phish.

Clear now?

Edited by efa

Share this post


Link to post
Share on other sites

I'm worring about ...

I think it has been mentioned before but as a reminder

SpamCop is interested in the source of the spam (stopping the email itself whatever the content)

PhishTank http://www.phishtank.com/index.php is interested in spam that contain links to phishing websites and follow those link to block/close those websites ~ not really interested in the spam, which as you have said may come from a zombi.

KnujOn http://www.knujon.com/index.html is interested in the links in spam that lead to websites that sell the drugs watches or whatever. Focusing on the money trail and the registration of those domain names that enable the flow of money to support the spammers.

There are others each focuses on different areas of the overall problem. Each group has developed different skills, different focus. And I think they should stick to their own netting, so to speak.

Share this post


Link to post
Share on other sites
I'm worring about someone is hiding phishing activity behind SC reporting tools behavior. The phish mails are all sent via compromised/hijacked PC, and contain link that is the phishing itself. Forgot phish/spam mail source, normally SC send a complaint to host of links inside the spam/phish mail, but with this host does not happen. The phisher know that, and use this method to hide the phish.

Clear now?

..Yes, thank you, but it was clear to me in your initial post. :) <g> The SpamCop parser does try to identify an abuse address to report spamvertized URLs as a courtesy but that is not its main mission. As mentioned before, tools such as Knujon and Complainterator are specifically designed to handle spamvertized links, whereas SpamCop is not. If a spammer were taking actions to defeat the discovery of the source of the e-mail spam, SpamCop would definitely want to know. Missing an opportunity to report a spamvertized web site will not get much attention from SpamCop because that is not something about which SpamCop is particularly designed to stop.

...Clear, now? :) <g> If not, please do ask further by replying here!

Share this post


Link to post
Share on other sites

simply, I thought that while missing an opportunity to report a spamvertized web site will not get much attention from SpamCop, missing an opportunity to report a phishing web site will get more attention. This is why I opened this thread.

Anyway thank you for linking the specialized service PhishTank

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×