Jump to content
Sign in to follow this  
Wintermute

Malicious Reporting of a message..

Recommended Posts

Hi there.

This morning, we have been troubleshooting a pretty nasty Internet outage in our office... only to find that our ISP had withdrawn service due to us being listed on the Spamcop blacklist.

Fair enough, I support Spamcop's efforts, and was more concerned to quickly plug any problem.

This turned to anger as soon as I realised that there was no open relay on our site, nor in fact had any spam originated here. We have up to date AV, spyware scanners, and a firewall that logs all port 25 connections.

We appear to have been blacklisted due to a single message which was posted (by me) to Yahoo Groups. As I'm sure everyone is aware, Yahoo groups are opt-in discussion lists that users have to subscribe to, so recieving the list mails is hardly unsolicited.

On seeing a copy of the suspect email from my ISP, it's blindingly apparent that the message was properly sent through Yahoo Groups, and is not IN ANY WAY a spam message.

It's also apparent that the true reason for the complaint is that the reporter simply did not like the CONTENT of the email, which expressed my opinion about an off topic religious message sent to the group.

So, the next question - do spam reporters have anonymity to hide behind, or do I have a path to hold someone to account for causing my office several hours of downtime by a malicious, false report?

(not to mention that I don't really appreciate having my freedom of speech stomped on in this way)

Ian.

Share this post


Link to post
Share on other sites
Hi there.

This morning, we have been troubleshooting a pretty nasty Internet outage in our office... only to find that our ISP had withdrawn service due to us being listed on the Spamcop blacklist.

Fair enough, I support Spamcop's efforts, and was more concerned to quickly plug any problem.

This turned to anger as soon as I realised that there was no open relay on our site, nor in fact had any spam originated here. We have up to date AV, spyware scanners, and a firewall that logs all port 25 connections.

We appear to have been blacklisted due to a single message which was posted (by me) to Yahoo Groups. As I'm sure everyone is aware, Yahoo groups are opt-in discussion lists that users have to subscribe to, so recieving the list mails is hardly unsolicited.

On seeing a copy of the suspect email from my ISP, it's blindingly apparent that the message was properly sent through Yahoo Groups, and is not IN ANY WAY a spam message.

It's also apparent that the true reason for the complaint is that the reporter simply did not like the CONTENT of the email, which expressed my opinion about an off topic religious message sent to the group.

So, the next question - do spam reporters have anonymity to hide behind, or do I have a path to hold someone to account for causing my office several hours of downtime by a malicious, false report?

(not to mention that I don't really appreciate having my freedom of speech stomped on in this way)

Ian.

One report does not cause an IP to list. However without knowing the IP I cannot query the database. If you prefer to keep that information private write to me at the address in my sig.

Share this post


Link to post
Share on other sites

One report will not list you and spamcop is not a list of open relays. If you would like assistance post the IP you think is blocked or post the block/reject message you received.

Share this post


Link to post
Share on other sites

I'm not too concerned about it being in the public domain - the IP address in question is: 82.152.28.237

Edited by Wintermute

Share this post


Link to post
Share on other sites
I'm not too concerned about it being in the public domain - the IP address in question is: 82.152.28.237

...Here's the result of the checkblock:

Query bl.spamcop.net - 82.152.28.237

DNS error: 82.152.28.237 has no reverse dns

82.152.28.237 not listed in bl.spamcop.net

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 31.7 days. It has never been listed.

In the past week, this system has:

Been witnessed sending mail less than 10 times

Edited by turetzsr

Share this post


Link to post
Share on other sites

Couldn't be that one.

82.152.28.237 not listed in bl.spamcop.net

Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users. It has been sending mail consistently for at least 31.7 days.

It has never been listed.

Also this IP has no reverse DNS so if you were/are using it for a mail server most Admins would not accept mail from it.

It is being used by eclipse.net.uk but This IP has not been announced yet so it would be considered a Bogon. IP blocks not allocated by IANA and RIRs to ISPs and organizations plus all other ip blocks that are reserved for private or special use by RFCs

TARGET: 82.152.28.237

NAME: RESERVED-11

NUMBER: 82.0.0.0 - 95.255.255.255

CITY: MARINA DEL REY

STATE: CALIFORNIA

COUNTRY: US

LAT: 33.98

LONG: -118.45

LAT_LONG_GRAN: City

LAST_UPDATED: 09-Apr-2001

NIC: ARIN

LOOKUP_TYPE: Block Allocation

RATING:

DOMAIN_GUESS: iana.org

STATUS: OK

Edited by Merlyn

Share this post


Link to post
Share on other sites

Well...

A lot of statements that may well describe the desired process don't unfortunately marry well with the facts.

I would agree that one report *shouldn't* list you, but it certainly seems to have done so in this case (or possibly the same post being reported multiple times)

When I entered our IP address into the spamcop checker, I got the same information you have posted here. It certainly isn't listed here now.

However, our IP address *was* blocked as a result of being blacklisted - Eclipse claim because of a notification by spamcop.

An Open relay is simply something that we checked for internally - I wasn't implying that spamcop is a list of open relays.

Of course, a lack of reverse DNS may cause problems with strict RFC1912 mailservers, however, In practice, we have a delivery rate of around 99.8%.

At this point, I suspect that eclipse are in fact using another RBL service, or are otherwise confused. As our IP does not appear to be listed (how did you tell that it had never been listed, incidentally?) there must be another explanation.

Thanks for helping to unravel this part of the problem.

Share this post


Link to post
Share on other sites
At this point, I suspect that eclipse are in fact using another RBL service, or are otherwise confused. As our IP does not appear to be listed (how did you tell that it had never been listed, incidentally?) there must be another explanation.

Thanks for helping to unravel this part of the problem.

I agree, they seem to ave sent you in the wrong direction as you have never been listed here.

Good Luck.

Share this post


Link to post
Share on other sites
However, our IP address *was* blocked as a result of being blacklisted - Eclipse claim because of a notification by spamcop.

AFAIK SpamCop doesn't notify providers when IPs become listed in the SCBL. If email originating at your IP was reported as spam then Eclipse could have received one or more spam reports but the fact they received reports doesn't mean that the IP has been listed.

Share this post


Link to post
Share on other sites
At this point, I suspect that eclipse are in fact using another RBL service, or are otherwise confused. As our IP does not appear to be listed (how did you tell that it had never been listed, incidentally?) there must be another explanation.

I checked the 9 main ones (and about another 99 as well) - http://dnsbl.info/lookup.asp?IP=82.152.28.237 No sign of you being listed anywhere.

The statement that the IP has never been listed comes from the SCBL checker http://www.spamcop.net/w3m?action=checkblo...p=82.152.28.237 "Since SpamCop started counting, this system has been reported less than 10 times by less than 10 users.

It has been sending mail consistently for at least 31.8 days. It has never been listed."

Your ISP has some explaining to do to you.

Share this post


Link to post
Share on other sites

Is it possible that a report was sent to the ISP, just the report, after a single spam was submitted, and someone at the ISP mis-read the report and overreacted? I agree that the ISP has some 'splainin to do.

Share this post


Link to post
Share on other sites
On seeing a copy of the suspect email from my ISP, it's blindingly apparent that the message was properly sent through Yahoo Groups, and is not IN ANY WAY a spam message.

If you saw a copy of the report, then it is possible that a reporter made a mistake and reported a mailing list email that s/he missed in among all the spam. Reporters can be fined or suspended for mistakes, but even the best reporters will occasionally miss one. Many would apologize and email the deputies so that the IP address would not get listed. (Deputies can delist if there are errors.)

However, most ISP's read the report and make their own determinations about whether it is spam. If it is as obvious as you say, then they could either just ignore the spamcop report, ask you about it and take your word that it was not spam, or send a message to the reporter pointing out that this email doesn't look like spam and did they make a mistake? There are other things that an ISP can do to correct the problem through the links in the report.

So, I do think that your problem is with your ISP. A Spamcop report is just that - a report that someone thinks this is spam. If it is spam (or something other than real email) and the ISP ignores the report, then there is likely to be more reports and the IP address will be listed. However, the ISP needs to read the report before making rash judgments.

However, on behalf of all those who have made a mistake, I apologize that you had a trying morning. Now if your ISP apologizes for his part in it, maybe you will feel better. And you got some good advice, too.

Miss Betsy

Share this post


Link to post
Share on other sites

your questions are always inciting and provocative Merlyn, I hope we get some answers...this is deffinitely an interesting case!

Share this post


Link to post
Share on other sites
I would like to know why your ISP is giving you unannounced IP's

Um, 82.0.0.0/8 is currently allocated to RIPE per ARIN.

Allocation seems to be good in RIPE (http://www.ripe.net/perl/whois?form_type=simple&full_query_string=&searchtext=82.152.28.237&do_search=Search)

Maybe their BGP was flapping.

(Or am I *totally* missing the boat here?)

Share this post


Link to post
Share on other sites
Maybe their BGP was flapping.

Whoa. Might want to have a doctor look at that.

Border Gateway Protocol (4). Not something the average third tier ISP would deal with but I suppose there could be issues there.....

Can you show us the actual LART you got from your ISP or was that done over the phone? Seems that we've seen this before out here. People seem to use the term "SpamCop" as a generic term. Kind of like Kleen-X or Band-Aid (brand names for tissue and bandage). Although some of the other posters have done some snooping around and it doesn't look like you were listed anywhere so I would guess they are blowing smoke up your leg.

Have them show you the actual SpamCop message, not just the Yahoo posting.

The definition of spam is pretty obvious and ranting on religion or any other subject may not be to someone's liking, but it ain't spam.

"I can't define spam, but I know it when I see it." -- Anon

Share this post


Link to post
Share on other sites
The definition of spam is pretty obvious and ranting on religion or any other subject may not be to someone's liking, but it ain't spam.

spamâ„¢ is SPiced hAM, a product of the Hormel Foods Corporation.

"spam" is Unsolicited Bulk Email and "ranting on religion" certainly CAN be spam if it is sent via email, is bulk in nature, and was unrequested by the recipient.

Share this post


Link to post
Share on other sites
your questions are always inciting and provocative Merlyn, I hope we get some answers...this is deffinitely an interesting case!

Thanks, sometimes ya just got to ask why :D

Share this post


Link to post
Share on other sites

Thanks for the continued input folks -

On the unallocated IP address issue... that's strange, but outwith my scope I guess - Eclipse are a major UK ISP, and one of the best regarded on the usual metrics of customer care, performance, reliability and so on - not the folks you expect to be doing fly-by-night stuff.

I have asked for some clarification from them - I'd like to see the original alert that prompted the issue, and yes, I fear there's possibly a "generic" use of the word spamcop.

Spambo - I can see what you are saying, however, this was a reply to a yahoo discussion group, not a direct mailing. Given Yahoo's use of a specific ID, action requried to join a group and a confirmation message being required, I'd consider it a fairly safe assumption that a reply directly to the list wasn't spam.

The investigation continues...

Share this post


Link to post
Share on other sites

I belong to a half dozen yahoo group and all Group Admins had to change their ways because too many spammers were signing up to the groups to send spam.

Yes , many Yahoo Group Admins let spammers sign up and they do not know it until it is too late. That is why some Yahoo Groups mail servers get listed occasionally.

Why would your ISP give you a hassle over something reported about a Yahoo Groups message? The complaint would go to Yahoo not your ISP. I believe you have not explained things correctly or you do not understand how the system works.

Share this post


Link to post
Share on other sites

Another way people might think SpamCop has an IP listed when it doesn't is a mis-configured email server that blocks incoming email with the wrong message.

I've seen SMTP reject messages that named the SCBL but were blocking based on another RBL. Easy to make an error setting up a sendmail.cf with a copy/paste/incomplete edit of the feature. For example, make the DNS check against the SORBS RBL, but leave the text of the reject message with the link going to SpamCop.

If you can somehow get hold of the original bouncy-gram that led someone to claim that SpamCop was blocking you, it might help track it down if this is the problem. Maybe some admin needs to fix their sendmail (or other MTA) configuration so they stop misdirecting people.

Share this post


Link to post
Share on other sites

I also have seen a server reject emails with a generic reference to the spamcop BL. On researching the issue it turned out that the people who configured our mail server didn't setup a correct rDNS for it and the other servers reject message incorrectly credited spamcop for the reject not the missing rDNS information.

Share this post


Link to post
Share on other sites

Okay, update from the ISP - this is the report that triggered the block on our IP.

"fullalbumtorrents" (guess what that does then) is the name of the yahoo group - 82.152.28.237 is (as mentioned) our static IP address. All email into the wintermute-ltd.com domain is handled by an MS Exchange 2003 box at that IP - all outbound mail is similarly sent from this IP - we don't use an ISP's upstream relay server.

I see a couple of ID numbers in the subject - an "id" of 950047427 and a second number = 042204. Do those have any significance to someone in the know?

I'm noting as well that it does say SpamCop pretty clearly on the subject line - are we still sure that this didn't originate from spamcop.net?

I wonder, is it possible that someone simply faked an email from spamcop?

pretty sloppy on behalf of Eclipse if that's the case I guess, but it would help to know.

I.

Subject: FW: [spamCop (82.152.28.237) id:950047427][fullalbumtorrents] Re: 042204 - ALL IMPORTANT PRETEST

Date: Tue, 11 May 2004 15:02:26 +0100

From: "Neil Caborn" <NCaborn[at]eclipse.net.uk>

To: i_lowe[at]yahoo.com

[ Offending message ]

Status: U

Return-Path: x

Received: from spf7.us4.outblaze.com ([205.158.62.41])

by pickering.mail.mindspring.net (EarthLink SMTP Server) with

ESMTP id 1biuTE7j63Nl3p20

for <x>; Tue, 27 Apr 2004 11:53:22 -0400 (EDT)

Received: from n19.grp.scd.yahoo.com (n19.grp.scd.yahoo.com

[66.218.66.74])

by spf7.us4.outblaze.com (Postfix) with SMTP id 8D6E12AC7B

for <x>; Tue, 27 Apr 2004 15:52:59 +0000 (GMT)

X-eGroups-Return:

sentto-10157034-722-1083081028-rcuteri=email.com[at]returns.groups.yahoo.co

m

Received: from [66.218.66.30] by n19.grp.scd.yahoo.com with NNFMP; 27

Apr 2004 15:50:28 -0000

X-Sender: ian[at]wintermute-ltd.com

X-Apparently-To: x

Received: (qmail 89902 invoked from network); 27 Apr 2004 15:50:26

-0000

Received: from unknown (66.218.66.216)

by m24.grp.scd.yahoo.com with QMQP; 27 Apr 2004 15:50:26 -0000

Received: from unknown (HELO n15.grp.scd.yahoo.com) (66.218.66.70)

by mta1.grp.scd.yahoo.com with SMTP; 27 Apr 2004 15:50:26 -0000

Received: from [66.218.67.167] by n15.grp.scd.yahoo.com with NNFMP; 27

Apr 2004 15:49:16 -0000

To: x

Message-ID: <c6lv___khg3[at]eGroups.com>

In-Reply-To: <001401c428a0$b125f630$6700a8c0[at]wacko1>

User-Agent: eGroups-EW/0.82

X-Mailer: Yahoo Groups Message Poster

X-eGroups-Remote-IP: 66.218.66.70

From: "Ian Lowe" <ian[at]wintermute-ltd.com>

X-Originating-IP: 82.152.28.237

X-Yahoo-Profile: i_lowe

MIME-Version: 1.0

Mailing-List: list x; contact fullalbumtorrents-owner[at]yahoogroups.com

Delivered-To: mailing list x

Precedence: bulk

List-Unsubscribe:

<mailto:fullalbumtorrents-unsubscribe[at]yahoogroups.com>

Date: Tue, 27 Apr 2004 15:49:16 -0000

Subject: [fullalbumtorrents] Re: 042204 - ALL IMPORTANT PRETEST

Reply-To: x

Content-Type: text/html; charset=ISO-8859-1

Content-Transfer-Encoding: 7bit

X-ELNK-AV: 0

<html><body>

<tt>

Be kind - he has a mental illness and needs your help.<BR>

<BR>

God is a fantasy, a myth. People with an over-active temporal lobe <BR>

in their brain sometimes cannot tell the difference between the <BR>

fantasy world of dreams and childish stories and the real world. <BR>

<BR>

Perhaps someday he'll come to understand that it's all just a <BR>

fantasy story to scare kids with - more likely, he'll die deluded <BR>

that he's about to meet his mystical maker... but that's something <BR>

to be pitied, not something to flame him for.<BR>

<BR>

Best solution for weak minded fools with imaginary best friends? <BR>

never acknowledge their hallucinations as being anything other than

<BR>

mental illness, and just ignore them when they froth at the mouth -

<BR>

they will soon become bored and find someone else to annoy.<BR>

<BR>

I.<BR>

<BR>

</tt>

</body>

</html>

0

Share this post


Link to post
Share on other sites
I see a couple of ID numbers in the subject - an "id" of 950047427 and a second number = 042204. Do those have any significance to someone in the know?

I'm noting as well that it does say SpamCop pretty clearly on the subject line - are we still sure that this didn't originate from spamcop.net?

At first glance, I was sure it didn't come from SpamCop. The "id number" I'd say is a spoof to make it look like it's a SpamCop Complaint/Report ... but nothing else in the entire e-mail looks like anything other than plain crap.

However, while looking for data to back up the "source of this spam is 82.152.28.237" ... I'm now thinking that a major portion of the actual e-mail you're quoting is missing. What ISP are you referring to that provided this "report" ??? For example, if this was actually an alleged SpamCop report, where's the Tracking URL? That would answer a lot of questions right there.

handled by an MS Exchange 2003 box at that IP - all outbound mail is similarly sent from this IP - we don't use an ISP's upstream relay server.

I'm suspecting that you have no idea just how scary this definition is. You might want to walk around these Forums and note just how many times the words "Exchange server" and "spam issues" show up together in the same scenario.

Share this post


Link to post
Share on other sites
I see a couple of ID numbers in the subject - an "id" of 950047427 and a second number = 042204. Do those have any significance to someone in the know?

I'm noting as well that it does say SpamCop pretty clearly on the subject line - are we still sure that this didn't originate from spamcop.net?

At first glance, I was sure it didn't come from SpamCop. The "id number" I'd say is a spoof to make it look like it's a SpamCop Complaint/Report ... but nothing else in the entire e-mail looks like anything other than plain crap.

However, while looking for data to back up the "source of this spam is 82.152.28.237" ... I'm now thinking that a major portion of the actual e-mail you're quoting is missing. What ISP are you referring to that provided this "report" ??? For example, if this was actually an alleged SpamCop report, where's the Tracking URL? That would answer a lot of questions right there.

handled by an MS Exchange 2003 box at that IP - all outbound mail is similarly sent from this IP - we don't use an ISP's upstream relay server.

I'm suspecting that you have no idea just how scary this definition is. You might want to walk around these Forums and note just how many times the words "Exchange server" and "spam issues" show up together in the same scenario.

The report does exist I just looked it up.

I just parsed it Wazoo and this does look strange, check it out

(Don't worry Wintermute I did not submit it again ;) )

Received: from spf7.us4.outblaze.com ([205.158.62.41]) by pickering.mail.mindspring.net (EarthLink SMTP Server) with ESMTP id 1biuTE7j63Nl3p20 for <x>; Tue, 27 Apr 2004 11:53:22 -0400 (EDT)

205.158.62.41 found

host 205.158.62.41 = spf7.us4.outblaze.com (cached)

host spf7.us4.outblaze.com (checking ip) = 205.158.62.41

Possible spammer: 205.158.62.41

Received line accepted

Relay trusted (outblaze.com)

Received: from n19.grp.scd.yahoo.com (n19.grp.scd.yahoo.com [66.218.66.74]) by spf7.us4.outblaze.com (Postfix) with SMTP id 8D6E12AC7B for <x>; Tue, 27 Apr 2004 15:52:59 +0000 (GMT)

66.218.66.74 found

host 66.218.66.74 = n19.grp.scd.yahoo.com (cached)

host n19.grp.scd.yahoo.com (checking ip) = 66.218.66.74

Possible spammer: 66.218.66.74

66.218.66.74 is not an MX for n19.grp.scd.yahoo.com

host n19.grp.scd.yahoo.com (checking ip) = 66.218.66.74

Possible relay: 205.158.62.41

205.158.62.41 not listed in relays.ordb.org.

205.158.62.41 has already been sent to relay testers

Received line accepted

Received: from [66.218.66.30] by n19.grp.scd.yahoo.com with NNFMP; 27 Apr 2004 15:50:28 -0000

Ignoring NNFMP line to properly assign blame at border

Received: (qmail 89902 invoked from network); 27 Apr 2004 15:50:26 -0000

Ignored

Received: from unknown (66.218.66.216) by m24.grp.scd.yahoo.com with QMQP; 27 Apr 2004 15:50:26 -0000

66.218.66.216 found

host 66.218.66.216 = mta1.grp.scd.yahoo.com (cached)

host mta1.grp.scd.yahoo.com (checking ip) = 66.218.66.216

66.218.66.74 not listed in dnsbl.njabl.org

66.218.66.74 not listed in cbl.abuseat.org

66.218.66.74 not listed in dnsbl.sorbs.net

66.218.66.74 is not an MX for spf7.us4.outblaze.com

66.218.66.74 is not an MX for n19.grp.scd.yahoo.com

66.218.66.74 is not an MX for m24.grp.scd.yahoo.com

66.218.66.74 is not an MX for spf7.us4.outblaze.com

66.218.66.74 not listed in dnsbl.njabl.org

Possible spammer: 66.218.66.216

host m24.grp.scd.yahoo.com (checking ip) = 66.218.66.30

66.218.66.30 not listed in dnsbl.njabl.org

66.218.66.30 not listed in cbl.abuseat.org

66.218.66.30 not listed in dnsbl.sorbs.net

Chain test:m24.grp.scd.yahoo.com =? n19.grp.scd.yahoo.com

host n19.grp.scd.yahoo.com (checking ip) = 66.218.66.74

66.218.66.74 is not an MX for m24.grp.scd.yahoo.com

host m24.grp.scd.yahoo.com (checking ip) = 66.218.66.30

66.218.66.74 is not an MX for m24.grp.scd.yahoo.com

ips are close enough

m24.grp.scd.yahoo.com and n19.grp.scd.yahoo.com have close IP addresses - chain verified

Possible relay: 66.218.66.74

66.218.66.74 not listed in relays.ordb.org.

66.218.66.74 has already been sent to relay testers

Received line accepted

Received: from unknown (HELO n15.grp.scd.yahoo.com) (66.218.66.70) by mta1.grp.scd.yahoo.com with SMTP; 27 Apr 2004 15:50:26 -0000

66.218.66.70 found

host 66.218.66.70 (getting name) = n15.grp.scd.yahoo.com.

host n15.grp.scd.yahoo.com (checking ip) = 66.218.66.70

66.218.66.216 not listed in dnsbl.njabl.org

66.218.66.216 not listed in cbl.abuseat.org

66.218.66.216 not listed in dnsbl.sorbs.net

66.218.66.216 is not an MX for m24.grp.scd.yahoo.com

66.218.66.216 is not an MX for mta1.grp.scd.yahoo.com

66.218.66.216 is not an MX for mta1.grp.scd.yahoo.com

66.218.66.216 is not an MX for m24.grp.scd.yahoo.com

66.218.66.216 not listed in dnsbl.njabl.org

Possible spammer: 66.218.66.70

host mta1.grp.scd.yahoo.com (checking ip) = 66.218.66.216

66.218.66.216 not listed in dnsbl.njabl.org

66.218.66.216 not listed in cbl.abuseat.org

66.218.66.216 not listed in dnsbl.sorbs.net

Chain test:mta1.grp.scd.yahoo.com =? mta1.grp.scd.yahoo.com

mta1.grp.scd.yahoo.com and mta1.grp.scd.yahoo.com have same hostname - chain verified

Possible relay: 66.218.66.216

66.218.66.216 not listed in relays.ordb.org.

66.218.66.216 has already been sent to relay testers

Received line accepted

Received: from [66.218.67.167] by n15.grp.scd.yahoo.com with NNFMP; 27 Apr 2004 15:49:16 -0000

Ignoring NNFMP line to properly assign blame at border

Sender relay: 66.218.66.70

Routing details for 66.218.66.70

[refresh/show] Cached whois for 66.218.66.70 : netblockadmin[at]yahoo-inc.com

Using abuse net on netblockadmin[at]yahoo-inc.com

abuse net yahoo-inc.com = mail-abuse[at]yahoo-inc.com, postmaster[at]yahoo.com, postmaster[at]yahoo-inc.com

Using best contacts mail-abuse[at]yahoo-inc.com postmaster[at]yahoo.com postmaster[at]yahoo-inc.com

mail-abuse[at]yahoo-inc.com redirects to yahoo[at]admin.spamcop.net

postmaster[at]yahoo.com redirects to yahoo[at]admin.spamcop.net

postmaster[at]yahoo-inc.com redirects to yahoo[at]admin.spamcop.net

Tracking message source: 82.152.28.237:

Routing details for 82.152.28.237

[refresh/show] Cached whois for 82.152.28.237 : james[at]eclipse.net.uk gary.holder[at]eclipse.net.uk abuse[at]eclipse.net.uk jim[at]eclipse.net.uk

Using abuse net on abuse[at]eclipse.net.uk

abuse net eclipse.net.uk = abuse[at]eclipse.net.uk

Using best contacts abuse[at]eclipse.net.uk

Sorry, this email is too old to file a spam report. You must report spam within 3 days of receipt. This mail was received on Tue, 27 Apr 2004 11:53:22 -0400 (EDT)

Meassage is 15.4 days old

Nothing to do.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×