KNERD

What more can be done? Endless reporting on same offender

15 posts in this topic

OKay, so for the past month I have been getting spam from a Lord and Taylor (domain is the same but with a .com at the end).

I get a spam from the twice a day; in the morning, and the afternoon. I report it, and resolves to Qwest (Now CenturyLink)

Apparently this is a case of someone had entered the incorrect email address, then which started spamming me, without any confirmation.

If nothing is going to be resolved with my reporting this, then it seems spam reporting altogether just is a waste of my time.

Unless, more can be done?

Thanks for any tips, and hints in the matter.

Latest spam report id 6444298183

Share this post


Link to post
Share on other sites

Unfortunately you have provided a report id, which only you can see. You should have provided the Tracking URL

If in fact this is/these are email from Lord and Taylor, due to your email address being added without confirmation, I would use the 'unsubscribe' at the bottom of the email.

Myself I do not normally use the 'unsubscribe' button in spam. In the case of "real spam" that only confirms that a real person read the spam.

However, in the case of a legitimate business, I do when I have checked all the links and source of the email.

You could also go to their website. there may be an unsubscribe there, or a contact area where you could ask them to remove your email address.

Share this post


Link to post
Share on other sites

I think this is the tracking URL

http://www.spamcop.net/mcgi?action=gettrack&reportid=6444298183

But isn't just unsubscribing not helping the problem?

Sorry, I can't access that page, only you and admins will be able to see it. The Tracking link is what you see at that top of the page when you look at reports sent on your behalf, just below where it says: "Here is your TRACKING URL - it may be saved for future reference:"

On the topic of unsubscribing, sometimes it helps, sometimes it doesn't. Shouldn't be a problem for responsible list managers, and with the rogues, they already have your email address......

Edited by lisati

Share this post


Link to post
Share on other sites

Okay, with yur help, I have found the tracking URL

https://www.spamcop.net/sc?id=z6230247543z1d9c1cc2dba0f0fe4a3e9819db57013az

Thanks!

Sometimes pays to use SpamCop notes

They are spewing spam their abuse address bounces

include in notes

abuse[at]eccmp.com bounces (99 sent : 99 bounces)

also send to

spam[at]uce.gov as well

Edited by petzl

Share this post


Link to post
Share on other sites

I did not really notice those bounces until you brought it up. The odd thing is eccmp is an Experian web site.

Maybe a marketing service by them?

Thanks for the SpamCopt notes. I will try in when I get the next spam from them.

Share this post


Link to post
Share on other sites

I tried using an unsubscribe recently for several of the Spanish-language repeat spammers  -- I'd just been deleting them.

The volume doubled and the subject lines got more varied. 

I used Translate to verify it's real spam, not something I'd care about if I could read Spanish

Then I started reporting them with Spamcop, properly set up with Mailhosts.

The volume redoubled several times further

Then I looked more carefully at the full text of the Spamcop report

Spamcop sends unmunged the "unsubscribe" code identifying the user -- the code appears in at least four places

-- down at the bottom of the spam, as a link

-- in the line List-Unsubscribe: <http://perumailing.info/unsubscribe.php? ...)

-- elsewhere in the headers

Here are four (4) places I see the unique code appears -- these all from one typical Spanish spam (truncated at the [...]

(1)  List-Unsubscribe: <http://perumailing.info/unsubscribe.php?M=2998695&C=06a94559c9502337b8cf98aa08987[...]

(2)  src="http://perumailing.info/open.php?M=2998695&L=48&N=724&F=H&image=.jpg"
height="1" width="10"><br/><aList-Unsubscribe: <http://perumailing.info/unsubscribe.php?M=2998695&C=06a94559c9502337b8cf98aa08987[...]

(3)  Para verlo en línea, por favor ir aquí:
http://perumailing.info/display.php?M=2998695&C=06a94559c9502337b8cf98aa08987[...]

(4)  Para dejar de recibir estos
emails:http://perumailing.info/unsubscribe.php?M=2998695&C=06a94559c9502337b8cf98aa08987[...]

plus at the end:

href="http://perumailing.info/unsubscribe.php?M=2998695&C=06a94559c9502337b8cf98aa08987[x]">Click
here to unsubscribe</a></body></html>


There are other long strings that partly overlap the one I suspect is a unique ID, but I don't know for sure.

 

Allowing this to identify the spam reporter seems ill-advised.

I'll be looking for those "unsubscribe" lines -- now that I know they're just using them to verify someone receiving the mail -- and editing that line out from now on -- Spamcop reports fine with that bit removed.

Edited by hank
edit

Share this post


Link to post
Share on other sites

In my case, maybe using the Notes section did work. I normally would have received the first email from Lord and Taylor by now. It normally arrives about 7:30 AM local time.

I have yet to get today's email, however upon closely examining the past emails because of the post above this one from hank, I do see it has a unique identifier. Thus I feel I was probably just removed from the mailing list, rather than punitive action was taken. 

 

Edited by KNERD

Share this post


Link to post
Share on other sites

The list-washers have gotten clever.

Spamcop just yesterday started [x]ing out my email from the  fake "unsubscribe" links

and already the spam comes through with an extra couple of characters added before my userid[at]spamcop, and so Spamcop fails to detect those.

There are also other lines with what seems like unique strings showing up down at the bottom of the spam text area, masked by html codes.

 

What's even stranger is -- nowadays almost all the spam I get was originally sent to my userid[at]spamcop

and Spamcop is just forwarding it -- then my ISP's SpamAssasin or other tool marks it as graymail.

So:

 

How much spam would spamcop stop if spamcop would stop spam?

Share this post


Link to post
Share on other sites

I think you give spammers way to much credit. Spamming is a "business" of volume. They have no incentive to list-wash.  The one sending the spam is paid for the number of spam sent, not the number read. The only advantage to list-washing would be to remove addresses that report their spam, and thus try to stay off of block-list.  It sees that it would follow from that, that you would want them to know who is reporting them so they would take your address off of the list.

Points to consider:

1) If spammers were sentient beings, you would think the first addresses to remove from a spam list would be ???[at]SpamCop.net.  But obviously they have not.

2) The spammers already have your [at]spamcop.net email address, so what difference does it make that the address is in the report?  By leaving your address in the report, that gives them an option to remove your address for the list(s) of 1M addresses they send spam to.  That has not happened ~~ see above.

Personally I do not have access to any large volume of spam statistics nor insight into the "thinking" of spammers, but my anecdotal experience is:

  • I have used the same email address for more that 20 years.
  • My email address, or standard webmaster[at], postmaster[at] etc., are clearly visible on, scrapable from, all the web domains/ forums I manage.
  • Visibility nothing great, 87K page views the first 20 days this month. (~ average of +4K/day)
  • I have been reporting all/most of the spam received at my domain to SpamCop (and others) for almost that long, without munging.
  • In spite of the general upward trend of spam, the volume of spam I receive seems to have decreased.

JMHO

Share this post


Link to post
Share on other sites

>  It sees that it would follow from that, that you would want them to
>   know who is reporting them so they would take your address off of the list.

Well, no.  The whole point of bothering with SpamCop reporting is to get to the ISPs that are enabling the spam to go through -- not just to listwash me off the spammer lists, but to affect the whole chain of enablers.

If I just didn't want to see the spam myself, I'd just let my graymail folder flush and delete what got by it and not bother with the hassle of reporting.  That'd be the easiest option for me.

The point of SpamCop is to try to make it easier for everyone else.

Having said that, SpamCop could be making it easier.

What puzzles me is why SpamCop isn't using SpamCop to graylist identified spam -- instead it's just forwarded to my ISP.

I know SpamCop dropped CESMail and no longer offers email at all.  But SpamCop/IronPort is in business selling spam blocking service.

And our reporting must be helping them with their new business model.

I don't get why SpamCop is letting all the spam flood through unfiltered -- stuff that's obviously already identifiable because it gets held as graymail by my ISP.

Is there no way that mail to userid[at]spamcop could get filtered for the obvious, already identifiable, graymail-grade spam?

And leave us the meaty stuff that's fresh and actually needs help?

Edited by hank
explication

Share this post


Link to post
Share on other sites
5 hours ago, hank said:

I don't get why SpamCop is letting all the spam flood through unfiltered -- stuff that's obviously already identifiable because it gets held as graymail by my ISP.

An earlier post by a deputy said that, in the absence of the former Spamcop email service, Spamcop (aka Cisco) does absolutely no processing on mail sent to spamcop DOT net (or cesmail DOT net, etc.) addresses. There's just a line in a server configuration file that forwards them to the user's specified forwarding address.

In other words, the Spamcop email service is gone. It no longer exists. Cisco merely provides forwarding as a courtesy to former users of the email service.

Edited by Dave_L

Share this post


Link to post
Share on other sites

Keep in mind that my opinion is just that, my opinion and that I have no real connection to Iron Post or Cisco (or anyone else for that matter) that have any money in this game .

Maybe a little history would help explain why the answer to you question(s) is/are 'No' there is no way.

When we were all younger, SpamCop was a private effort.  As an aside to that effort, on different servers an email service was offered using SpamCop block list to filter the incoming email and place the spam in a "blocked folder" for the owner of the account to review.  (This may have been a practical demonstration of how to use or how effective the blocklist was.)

Cisco bought the SpamCop blocklist operation. In reality becoming a ISP/email provider was/is not part of Cisco's business plan.  Lets be honest, providing just email service is not a revenue center providing anything that looks like positive cash flow. (Only the Clinton's could afford to try it. And look where it gotten them).  As part of the sale of the SpamCop operation, filtering and forwarding [at]spamcop.net email was continued as a courtesy to those that had accounts.  At that time it was announced that this was a temporary arrangement. Many, most(?), account holders realized that this was a tenuous situation and took the time provided to make new email forwarding arrangements. (there are several threads here about the pros and cons of other service providers, as account holders moved to other services.)

A year after the sale, last fall, the free courtesy service was change to just a forwarding arrangement (See Dave_L above).

JMHO but at some point in time, that 'line in a server configuration file' will be lost.  Seems to me that the handwriting has been on the wall for some time, and two years ago, or last fall was/is the time to reorder all email routing that involves [at]SpamCop.net.

 

Share this post


Link to post
Share on other sites

My $0.02, for what it's worth..... I don't think there's a "one size fits all" answer. Some people prefer to have the suspected bad guys blocked outright, others prefer to have junk mail directed to a separate folder for later review, and yet others like to slow the suspected bad guys down with tools such as grey listing.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now