Jump to content
Sign in to follow this  
RogerC

Is an unsolicited mail? How to prove it?

Recommended Posts

From almost a year ago, I keep getting ads via mail, and they offer me an opt-out option, sometimes I opt-out, but trying to research more on this mails, they have the same format, looking into the source of the message all uses the same mail server, the domains that are used uses the same dns servers, so my guessing is that even tough effectivily have opted out, someone when create a new campaign they use again my email on every new email campaign. I'd checke the domain on black lists checks and there aren't any report on them (Maybe nobody in my country is doing anything?), I'm not sure if I signed for this, they claim not to be spam:

"Este mensaje se envia en concordancia con la Ley 34/2002, del 11 de julio de Servicios de la Sociedad de la Informacion y del Comercio Electronico (LSSI), regulado en su articulo 21, numeral tercero, y la Ley 15/1999, de 13 de diciembre (LOPD) Ley Organica de Proteccion de Datos de la UNION EUROPEA, donde este email no sera considerado spam por cumplir con todas las normativas establecidas"

A rough translation:

"This message is sent according with the Lay 34/2002, of july 11 of Law of Information Society Services and Electronic Commerce (LSSI), regulated in its 21th article, third numeral, and the Law 15/1999, december 13 (LOPD) Data Protection Organic Law of the EUROPEAN UNION, where this email won't be consedered spam by fullfilling with all the stablished rules"

I'm including the X-Antiabuse header:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - host.eferias.info

X-AntiAbuse: Original Domain - hotmail.com

X-AntiAbuse: Originator/Caller UID/GID - [99 32007] / [47 12]

X-AntiAbuse: Sender Address Domain - usabolivia.com

The whois for usabolivia.com is:

Domain Name: USABOLIVIA.COM

Registrar: DOMAIN.COM, LLC

Whois Server: whois.domain.com

Referral URL: http://www.domain.com

Name Server: NS1.EFERIAS.INFO

Name Server: NS2.EFERIAS.INFO

Status: ok

Updated Date: 23-oct-2012

Creation Date: 20-sep-2011

Expiration Date: 20-sep-2013

usabolivia.com is using eferias.info name servers that seems suspicious

Another strange thing is when I opted out some times, almost immediatly an email arrived saying that my email had being confirmed:

Your email address XXXX.XXXX[at]hotmail.com is confirmed!

Thank you!

with the following X-Antiabuse header:

X-AntiAbuse: This header was added to track abuse, please include it with any abuse report

X-AntiAbuse: Primary Hostname - host.eferias.info

X-AntiAbuse: Original Domain - hotmail.com

X-AntiAbuse: Originator/Caller UID/GID - [99 32007] / [47 12]

X-AntiAbuse: Sender Address Domain - yourdomain.com

This raises me the suspicion of spam

If someone read through everything thanks, and any advices would be appreciated

Edited by RogerC

Share this post


Link to post
Share on other sites

From almost a year ago, I keep getting ads via mail, and they offer me an opt-out option, sometimes I opt-out,

Using the opt-out simply confirms to the spammers that they have a 'live' address. If you never opted in then NEVER opt out. Simply report all such crap to spamcop as spam.

Share this post


Link to post
Share on other sites

Using the opt-out simply confirms to the spammers that they have a 'live' address. If you never opted in then NEVER opt out. Simply report all such crap to spamcop as spam.

While a opt-out may (more likely not) get that spam stopped I find often that confirmed email address is passed on to other spammers causing spam to increase. Particularly with Brazil spam

Share this post


Link to post
Share on other sites

Using the opt-out simply confirms to the spammers that they have a 'live' address. If you never opted in then NEVER opt out. Simply report all such crap to spamcop as spam.

Thanks for the replies. What will happen after I reported the spam, i see that generated a spam report message that has been sent to the "supposed" administrator of the mail server, but then what?

Share this post


Link to post
Share on other sites

Thanks for the replies. What will happen after I reported the spam, i see that generated a spam report message that has been sent to the "supposed" administrator of the mail server, but then what?

Reporting spam through SpamCop conceals your email address as best it can. That is unless you have selected the option in preferences "Leave spam copies intact"

Best to leave the default setting "Obscure identifying information"

Share this post


Link to post
Share on other sites
Thanks for the replies. What will happen after I reported the spam, i see that generated a spam report message that has been sent to the "supposed" administrator of the mail server, but then what?
Hi, RogerC,

...Two things:

  • SpamCop considers it as it decides whether to list the IP address in its blacklist -- see the SpamCop FAQ entry labeled "What is on the list?" for more information about that.
  • The "supposed" administrator (abuse address) of the IP address has a report that they may use, if they wish, to investigate the spammer and take whatever action, if any, she/ he/ they deem appropriate. What we hope is that they will find the offending party and terminate their abuse of the service.

Share this post


Link to post
Share on other sites

It looks to me like SpamCop would be offering to send reports to spamreports[at]privatesystems.net. The next level up would be khnoc[at]khnoc.net, as far as I can tell (which would need to be added as a "user-defined" address, if reported at all). I can see no problem in reporting to [at]privatesystems.net. SpamCop tries to avoid sending reports to the spammers or to administrators who are known to pass on the reports to spammers with the addresses it uses.

Share this post


Link to post
Share on other sites

It looks to me like SpamCop would be offering to send reports to spamreports[at]privatesystems.net. The next level up would be khnoc[at]khnoc.net, as far as I can tell (which would need to be added as a "user-defined" address, if reported at all). I can see no problem in reporting to [at]privatesystems.net. SpamCop tries to avoid sending reports to the spammers or to administrators who are known to pass on the reports to spammers with the addresses it uses.

How effective is the report to spamreports[at]privatesystems.net? Are there any precedents?

Share this post


Link to post
Share on other sites

SC has sent a handful of reports there in the last 90 days. Seemingly it is not an address found by ARIN lookup or abuse.net, perhaps it was one provided to SC by the network? It was responsive but cannot say if effective (or if it is still responsive). The main point is, any report, even if sent to devnull, will add weight to the SC blocklist data.

I now see reports for khnoc[at]khnoc.net have been going to devnull. That does not affect SC - if the source is a sufficient nuisance on the internet it will fall into the blocklist when there are sufficient reports from different reporters (or if it hits spamtraps).

Steve

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×