Jump to content
Sign in to follow this  
Devider

Spamvertising - the way of competition.

Recommended Posts

In Russia … is often used for unfair competition. Hackers send spam with the link to the web site of the victim in the result of this the web site gets into different black lists and it is blocked by the registrator.

Imagine that you have a web site (let it be mywebsite.com) and it is very popular. One day the registrator blocks it because of spam which you have not sent. spam was sent by your rivals as they want to block your web site. spam sending costs about 200-300$, it's cheaper than DDoS attack. Your enemies will send letters to thousands of foreign (in order not to advertise you) with the link to your web site and people received spam-letters will complain about your web site and it will be blocked by the registrator.

For this purpose the instruction was written showing how to write a spam complaint correctly. And you will complain about the real spammers but not the sites and email addresses which can easily be the victims of spamming.

The situation is rather complicated by the fact that some spam services, for example, SURBL.org do not communicate with the administrator of the site on behalf of whom spam has been sent. For the site being added to the black lists it is enough to point out the links in the body of the letter and it is not required any proves. It would be better if the administration of the services that are responsible for antispam gave the opportunity to prove your innocence to the administrators of the sites even at least paying money. But there is no such a possibility.

For example, the administration of the site SURBL.org does not communicate with the administrators of the sites which are in the black lists (I haven’t received the answer yet for 2 weeks) and on the basis of their lists of domains Registrator blocks them. Thus, the registrator of internet.bs has blocked my domain because of the fact that my domain name has appeared in the black lists of SURBL.org. I tried to explain them that spam wasn’t sent by me as IP of the senders does not relate with my site. Moreover my site has a Russian version and is not interested in the English speaking audience. But the registrator simply ignores all my letters.

letter example:

Return-Path: <jpluwxylgnr[at]sputniktech.ru>

Received: from 118.163.78.26 (cpdc-pix.cpdc.com.tw [210.65.213.253])

by mtain-mc06.r1000.mx.aol.com (Internet Inbound) with SMTP id 749DC38000090

for <x>; Mon, 24 Dec 2012 22:29:12 -0500 (EST)

Received: from unknown (HELO 66i) ([90.119.146.198])

by 118-163-78-26.HINET-IP.hinet.net with ESMTP; Tue, 25 Dec 2012 11:32:17 +0800

Message-ID: <0004______________________92c6[at]NBX200G0029866i>

From: "Hugh Dudley" <jpluwxylgnr[at]sputniktech.ru>

To: <x>

Subject: Legendary Narkop is back

Date: Tue, 25 Dec 2012 11:24:25 +0800

MIME-Version: 1.0

Content-Type: text/plain;

format=flowed;

charset="windows-1250";

reply-type=original

Content-Transfer-Encoding: 7bit

X-Priority: 3

X-MSMail-Priority: Normal

X-Mailer: Microsoft Outlook Express 6.00.2800.1158

X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1158

x-aol-global-disposition: S

X-AOL-REROUTE: YES

x-aol-sid: 3039ac1d604e50d91d873e0c

X-AOL-IP: 210.65.213.253

X-AOL-SPF: domain : sputniktech.ru SPF : none

Text: Legendary Narkop is back [link]

IP 118.163.78.26 - Taiwan. But ip domain "sputniktech.ru" - 46.254.20.1 - this Moskow. Ip of my site (where [link]) - Romania.

Dispatches spam this ip(118.163.78.26), get but of a problem the domain sputniktech.ru (jpluwxylgnr[at]sputniktech.ru) and the domain specified in a letter body.

How to cope with this problem? When antispam services organize normal dialogue with the administrators of the domains and won't include all of them in the black lists, thus they encourage the activity of the hackers intended to discredit the objectionable sites.

Share this post


Link to post
Share on other sites

Have often suspected some "spamvertizing" is actually a type of attack on reputation by competitors/opponents or some "protection racket" enforcement by criminals and some evidence of these practices has been offered in the past.

Not exactly the same circumstances but the FAQ http://www.spamcop.net/fom-serve/cache/88.html addresses "innocent bystanders". Your service provider (or whoever receives SpamCop reports) can register your website as an innocent bystander (so they no longer receive the reports) - see http://www.spamcop.net/fom-serve/cache/117.html - but first you have to convince them of your innocence and you might have to satisfy SpamCop staff as well, if reporters subsequently appeal against the innocent bystander status.

One thing you can do is refute any negative "community reviews" and/or negative content analysis by posting "Web site owner comments" for your domain(s) in McAfee SiteAdvisor and find out what similar "right of reply" there might be for other reputation-checking services.

Share this post


Link to post
Share on other sites

Sorry to be late to this discussion!

I am a member of an antispam forum whose members get a LOT of these "joe jobs." We try to keep each other informed of them. We don't want to report an innocent site for spam the owner didn't send. It's usually easy to tell the joe jobs, but it helps us to be able to compare notes.

The joe jobs are specifically targeted at email addresses most likely to lead to them being blacklisted. So any email address [at]spamcop.net is likely to be flooded with copies of these spams, as are any addresses used for spam reporting.

We have been posting notices of some of the joe jobs in this thread:

http://ksforum.inboxrevenge.com/viewtopic.php?f=1&t=2818

The thread is meant as a means of informing antispammers, as well as being a link that site owners can use in their own defense when they are victims. There is additional discussion in the registered-member-only forums. (The public thread is closed to comments.)

In some cases, the site being "advertised" is conducting illegal activity. Even if the domain isn't reported for spam, the joe job will attract attention to the site and can lead to its being shut down. We're not really interested in being tools in the dirty wars among criminals, nor in defending them when they are suffering because of unwanted attention to their illegal activities. So when we were getting a lot of email about those sorts of sites, we got lax in keeping the thread updated. We'll try to do better about posting the other spam samples, though.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×