petzl Posted February 5, 2013 Share Posted February 5, 2013 Sent this (Brazil spam) http://www.spamcop.net/sc?id=z5460340157z3...57ac4d0044434az 216.14.119.238 is IP Reply pretty quick "This is spoofing. This IP address doesn't ping, and armailer.net is not on our network." Tested email server myself and it works or worked http://mxtoolbox.com/SuperTool.aspx?action...a216.14.119.238 Now Brazil spammer has switched to spamming from IP 216.14.118.138 http://mxtoolbox.com/SuperTool.aspx?action...a216.14.118.138 Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted February 6, 2013 Share Posted February 6, 2013 Not sure who wrote what in your post... Anyway.... Received: from arm10.armmailer.net (216.14.119.238) by mxin1.cesmail.net with SMTP; I can guarantee you that mxin1.cesmail.net accurately records the source IP when it gets email. Please don't be distracted by the "spoofed" idea. It's impossible to forge the connecting IP used to send mail. Transferring mail requires the sending and receiving servers to send data packets back and forth to establish the connection before the transfer can take place. If the receiving server doesn't have the real IP of the sending server, it will send the data packet to the wrong place and the connection will not be established. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . Link to comment Share on other sites More sharing options...
InvisiBill Posted February 6, 2013 Share Posted February 6, 2013 To expand on what Don said, certain parts of email headers can be spoofed. All of the previous handoffs (further down in the headers) are unverifiable. The hostname that the server reports may or may not actually be its DNS name. Malicious users can add extra or fake info there. However, the IP that connects to your own mail server has to be real in order for the connection to happen. As your MXToolbox link shows, that IP resolves to that hostname and appears to be a working email server. As far as I can tell, all the facts support your side, and they're simply saying, "Nuh uh!" If they can dispute the MXToolbox results, then I'll take them seriously. Link to comment Share on other sites More sharing options...
petzl Posted February 6, 2013 Author Share Posted February 6, 2013 Not sure who wrote what in your post... Anyway.... Received: from arm10.armmailer.net (216.14.119.238) by mxin1.cesmail.net with SMTP; I can guarantee you that mxin1.cesmail.net accurately records the source IP when it gets email. Please don't be distracted by the "spoofed" idea. It's impossible to forge the connecting IP used to send mail. Transferring mail requires the sending and receiving servers to send data packets back and forth to establish the connection before the transfer can take place. If the receiving server doesn't have the real IP of the sending server, it will send the data packet to the wrong place and the connection will not be established. - Don D'Minion - SpamCop Admin - - Service[at]Admin.SpamCop.net - . Thanks Don what I thought (but times can change just checking) Brazil spammers are going off shore to spam to avoid countrywide block lists I had a reply from abuse[at]eboundhost.com that "This is spoofing. This IP address doesn't ping, and armailer.net is not on our network." I think the abuse desk was confused "arm10.armmailer.net" is on their network "armailer.net" is not Link to comment Share on other sites More sharing options...
petzl Posted February 6, 2013 Author Share Posted February 6, 2013 As far as I can tell, all the facts support your side, and they're simply saying, "Nuh uh!" If they can dispute the MXToolbox results, then I'll take them seriously. Thanks Yes as Don said SpamCop email headers received by it's servers can't be spoofed Link to comment Share on other sites More sharing options...
Farelf Posted February 6, 2013 Share Posted February 6, 2013 ...I think the abuse desk was confused "arm10.armmailer.net" is on their network "armailer.net" is not Thanks petzl, Don, InvisiBill - that sounds like the explanation. Not reasonable that the abuse desk at eboundhost.com would be ignorant of their network's operational functions or incapable of doing a reverse lookup but I guess that's the best explanation and anyone can have a bad day. Have to say armmailer.net's DNS records are not very helpful (compared to, say, those of spamcop.net) but maybe they like it like that. Of course you could always take advantage of the handy little facility on the AR Marketing homepage: NÃO Quero Receber (Opt-Out) Informe o email para NÃO receber propagandas da AR Marketing ou seus clientes (não válido para newsletters): Enter your e-mail to express your desire NOT to receive e-mail marketing from AR Marketing or its customers (not valid for newsletters): No, no, I'm JOKING - of course you know "don't unsubscribe to anything you never subscribed to in the first place." Well, unless you're quite sure "they" already have you down as a confirmed active address and are not going to simply move that to yet another (affiliate) "subscription" list if you do "opt-out". Spammers lie (or hold back the whole truth) and they and their marketing customers are proven spammers (for the benefit of other readers). An interesting case ... Link to comment Share on other sites More sharing options...
petzl Posted February 6, 2013 Author Share Posted February 6, 2013 Thanks petzl, Don, InvisiBill - that sounds like the explanation. [snip] Of course you could always take advantage of the handy little facility on the AR Marketing homepage: No, no, I'm JOKING - of course you know "don't unsubscribe to anything you never subscribed to in the first place." Well, unless you're quite sure "they" already have you down as a confirmed active address and are not going to simply move that to yet another (affiliate) "subscription" list if you do "opt-out". Spammers lie (or hold back the whole truth) and they and their marketing customers are proven spammers (for the benefit of other readers). An interesting case ... These Brazilian spammers are the worst one's I've seen to unsubscribe from! Once you do within a week the spam from Brazil escalates considerably. Not sure if they belong to a chain of spammers sharing address's? More probably once you "unsubscribe" they sell that email address as confirmed I don't even speak Brazilian. Link to comment Share on other sites More sharing options...
Farelf Posted February 6, 2013 Share Posted February 6, 2013 ...I don't even speak Brazilian. you should learn (Portuguese) then you can sing along with Joan when you finally get clear of the sods them - Até amanhã eu me vou, meu amor Sinto muito, não posso ficar Terminei é melhor p' ra nós dois Vou partir e você vai ficar. Lá la la la, la la lá la lá So now I am leaving, my love Sorry, I cannot stay Finished (it) is better for us both I will leave and you must stay. La la la la, la la la la la (You have to admit the last line is easy at least, não?) Link to comment Share on other sites More sharing options...
SpamCop 98 Posted February 6, 2013 Share Posted February 6, 2013 I don't even speak Brazilian. Nor do they, it seems, speak Australian Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.