Jump to content
Sign in to follow this  
Lking

My "joke" for today

Recommended Posts

Several days ago my catch-all folder caught this tracking URL Today I received, forwarded from SpamCop & from gmail

Hello SpamCop user,

This is not a spam but a monthly (once a month) newsletter to OUR customers (to all our registered users). Also the particular newsletter has an unsubscribe link which needs one click in order to be activated.

You were registered on our website on 08.28.2014 05:59:11 (GMT +3) with the email door[at]knob.com and IP address 173.57.44.62. When you registered you agreed with our terms of use that include the following section:
By registering you agree to receive email from us. The aim of our newsletter service is to keep our customers updated about new releases or new service offerings. The subscription to our newsletter service is not mandatory.

Please close the issue with the spamcorp otherwise we will be forsed to file an appeal against your decision to SpamCop administrators.

Thank you,
Administration of Music-bazaar


I like the reference to "spamcorp" and "forsed" just typing errors of course. But I thought it deserved a replay from Postmaster{AT} and composed the following

Music-bazaar Administration,
It is obvious that your emailing list registration system does not employ a double opt-in email verification system, because if it did, door{AT}knobDOTcom would not have validated on 08/28/2014, nor at any other time.

KnobDOTcom is my private domain and as cute as it seems, "door knob" is not a valid mailbox at this domain. The email reported to SpamCop was retrieved from the domain catch-all folder. As a matter of policy, I do not "unsubscribe" from email sent to invalid mailboxes nor do I "unsubscribe" from email list that I did not subscribe to.

I strongly suggest you implement a double opt-in email verification system for your mailing list to avoid future errors such as this.

I also suggest you scrub you mailing list, removing all email addresses from this domain. For your information, I have not received any services from Verizon Online LLC (the manager of NetRange 173.48.00 - 173.63.255.255) for over 10 years.

Before hitting the send button I stopped to think, always a good thing to do.

  • Looks like the original spam and the replies came from 217.0.0.0/8 (Amsterdam - RIPE)
  • I did receive 2 replies, both addressed through SpamCop and to "door[AT]knob" (wanted to make sure I got it I guess).
    • One was forwarded through SpamCop, as it should, coming from Administration of Music-bazaar <admin[at]music-bazaar.com>
    • The other copy came from Music-bazaar Co. Ltd. <musicbazaarmb[at]gmail.com> through gmail to door[AT]knob.
  • SpamCop sent reports to:
    • abuse[at]mtu.ru
    • abuse[at]caravan.ru

Decided not to send. Life is to short here in the fast lane.

Share this post


Link to post
Share on other sites

Some spambot activity seen from AS15756 (CJSC Caravan-Telecom) through 217.23.143.0/24 (CleanTalk search on 217.23.143, nothing on SFS or BotScout) - obviously they're trying relatively hard to keep that node at 217.23.143.156 clean. Nothing much on SenderBase, could be a bit to learned through an account-enabled search on SenderScore - but as you say, "Life is too short ...". Any more from them (and they're not resiling from further, quite to the contrary) I would simply add an appropriate note to your "user" comments to go to their abuse desks (something like "e-mail address NEVER used or supplied by domain users, no validation of it obtained by your sender, address not obtained by any legitimate means.")

Share this post


Link to post
Share on other sites

Steve, I like. If I spot them again we will try that. A big if, to spot one out of ~200. not sure it is worth a filter to find it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×