Spammer as third party interested in reports

[jldk]

About once a month I recieve one or two spammails from a company that claims they are exercising "permission marketing". I´m on their list because I used one of their services about 2½ years ago. They claim that by using that service I´ve agreed to recieve advertisement mails. I don´t remember agreeing to that, but can´t honestly remember that I didn´t. So when I started to recieve their mails (just a couple of months ago) , I tried to unsubscribe from their list. It turned out that I needed a password to access an unsubscribe page (which I had forgotten long time ago). To make a long story a bit shorter, I finally got access to that unsubscribe page. I followed the instructions, mailed their support etc. but I still recieve advertisement mails from them (from then on definitely spam). I reported through spamcop, and on the reporting page I see an e-mail adress for "third party interested in spam" belonging to a representative of the spamming comany. It is my understanding, that in order to obtain that right you have to be trusted by spamcop. Their unresponsivenes to my reports etc. makes me think, that they shouldnt have that privilege. I know about unchekking the boxes, but should spamcop be notified about such matters? And how?. I realize that they are probably too small to ever get near a blocklisting but I feel I should report it anyway.

Regards

Jan

[Wazoo]

I'm not sure where you picked up the "must be trusted" to be a third-party notify. It used to be a simple web-form, then the request had to be "authorized" by the ISP involved ... now the method is to create an ISP account, then request the next level (3rd party notify) ... This leads into a thing called "reputation points" ... so it's not as much a matter of trust as it is a lack of background 'bad' data.

You've provided noting to really dig into. One poor/good example of your described scenario would be Topica .... They swear they do not spam, they swear that all addesses are absolutly verifiable opt-in, they swear that anything they send out was positively begged for by the recipient .... Reality seems to be totally different .... Send them the appropriate data and you will get whitelisted, but this isn't the same as actually controlling the spew ...

If you have any desire of a specific response, you need to identify the parties invlved, preferably using a Tracking URL to provide the linking sequence involved. i.e., is it an IP address or a spamvertised web-site?

[jldk]

I suppose I just guessed (and guessed wrong) what would qualify for obtaining third party reports. But I understand from your answer that "bad background data" would qualify for denial of third party reports right?

I know my informations were sparse, and I really was thinking in more general terms. I forgot to write down the tracking URL, but the company I was talking about is ofir.dk. From the "past reports section" on the spamcop page I can see that the IP adress is 193.138.124.247. But I would be suprised if it is anyway near a listing. Afterall Denmark is a small country

(Is it possible to deduce the tracking URL from the "past reports" section?)

Ofir.dk is among other things a marketing company (It was one of the other "things" I used previously). Companys pay them to mail advertisements to people who have accepted to recieve them (they claim). Below I have pasted the header of todays spam. I believe you have no use for the spam content (it is in danish anyway). But again I was wondering about the third party interested stuff, and I believe you clarified that a bit for me. Thanks

Return-Path: <mail[at]ofir.dk>

Received: from appleton6.uni2.net (appleton6.uni2.net [129.142.244.20])

by ting.uni2.net (8.12.6/8.12.6) with ESMTP id j1E9i9A7010131

for <x>; Mon, 14 Feb 2005 10:44:09 +0100

Received: from postfix4.ofir.com (postfix4-out.ofir.com [193.138.124.247])

by appleton6.uni2.net (8.12.11/SQL-8.12.11-8/8.12.11) with ESMTP id j1E9i6lC024964

for <x>; Mon, 14 Feb 2005 10:44:06 +0100

Received: from GENERATOR1 (generator1.ofir.dom [192.168.201.201])

by postfix4.ofir.com (Postfix) with SMTP id 14C8F9C2E2

for <x>; Mon, 14 Feb 2005 10:44:02 +0100 (CET)

From: OFiR <mail[at]ofir.dk>

To: "x" <x>

Date: Mon, 14 Feb 2005 09:44:05 "GMT"

X-mailer: AspMail 2.59 (QSMT2F85E1)

Subject: Illustreret Videnskab og fedt Skagen ur KUN 49,50!

Mime-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

Message-Id: <2005_________________C2E2[at]postfix4.ofir.com>

X-UNI2-MailScanner-Information: See www.mailscanner.info for information

X-UNI2-MailScanner: Found to be clean

X-UNI2-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.769,

required 5, AWL 0.69, BAYES_00 -2.60, HTML_EVENT_UNSAFE 0.52,

HTML_IMAGE_RATIO_06 0.13, HTML_MESSAGE 0.00, INVALID_DATE 0.24,

MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, TO_ADDRESS_EQ_REAL 0.03,

URI_REDIRECTOR 0.01)

X-Antivirus: AVG for E-mail 7.0.300 [265.8.7]

[jldk]

I found the tracking URL sorry!

It is

http://www.spamcop.net/sc?id=z732421531z35...6bc47093a1700dz

[michaelanglo]

If Denmark has implemented the EU directive on spam (don't remember them on the list of defaulters), you could also try going through the official channels there since you have a good case.

[jldk]

If Denmark has implemented the EU directive on spam (don't remember them on the list of defaulters), you could also try going through the official channels there since you have a good case.

24357[/snapback]

Denmark has implemented the directive, and I have notified the relevant authorities a couple of times, but so far without any result. But thank you for your support

[get-even]

I realize that they are probably too small to ever get near a blocklisting but I feel I should report it anyway.

Regards

Jan

24352[/snapback]

They are not "too small" to be blacklisted; The process has begun (they operate a /24 netblock). You should see results within a week (some already).

[jldk]

They are not "too small" to be blacklisted; The process has begun (they operate a /24 netblock).  You should see results within a week (some already).

24367[/snapback]

They also run a free E-mail service. If spammers use that service, and OFIR is as reluctant to deal with their spamming costumers as they are to exercise responsible list management, they surely will end up on a blocklist sooner or later I guess. But the main reason will probably their spamming costumers and not because of themselves spamming danes who at some point voluntarily gave them their E-mail adress.

[get-even]

They also run a free E-mail service. If spammers use that service, and OFIR is as reluctant to deal with their spamming costumers as they are to exercise responsible list management, they surely will end up on a blocklist sooner or later I guess. But the main reason will probably their spamming costumers and not because of themselves spamming danes who at some point voluntarily gave them their E-mail adress.

24384[/snapback]

Actually they are run by a small newpaper and spam for their advertisers. Primarily for not honoring remove requests *and* needing a password for removal, they will be blacklisted quite quickly. Also they have many domains trackable to them, several have false registration data - another blacklistable offence. Also, they seem to be spamming themselves (other reports can be found in search engines), not "free-email customers" (mis-)using their system. Notice, they generally do not forge headers, but anything sent to the U.S. would appear to not be CAN-spam compliant (No subject header noting an advertisement, no remove instructions in the email). You can get spam from them, if you want, by siging up, then canceling - the deluge comes quickly! This is already sufficient evidence for a few lists. If it continues after a day or two - what they say it should take, - I'll start reporting to SpamCop also. BTW. you also start getting mail from other domains which they control, you just have to dig to determine their ownership. Also. the email is such egregious spam, I'll have to open filters to let it by blocking which has already occured (i.e. my servers already refuse the mail based on blacklists they are already on *and* on content alone).

[jldk]

You know this company better than I do Are you danish your self? If not I can suggest, that you, in addition to reporting to spamcop send a report to fs.dk]spamdk[at]fs.dk. That E-mail adress is for reporting spam from Denmark to the authorities (you probably know that already).

[jseymour]

Once in awhile, I get a spam that generates a "third party" report to mrbooger2002[at]yahoo.com. I always uncheck the boxes. I figure if he uses such a goofy email address, he's probably not serious about spam fighting.

Anyone else seen this? Is there a way to report suspicious third parties to Spamcop?

Here's a recent tracker:

http://www.spamcop.net/sc?id=z733490170z76...593bb9bb26729fz

[Wazoo]

jseymour's post was merged into this discussion due to the same ground being covered ... advised via PM of the Move/Merge.

[swingspacers]

Once in awhile, I get a spam that generates a "third party" report to mrbooger2002[at]yahoo.com.  I always uncheck the boxes.  I figure if he uses such a goofy email address, he's probably not serious about spam fighting.

24461[/snapback]

Yes, that Booger is a bad guy. He is the webmaster for opt-in-specials dot com, a spammy porn and dating site. He writes back to people who report his spams, threatening them that he will report them to SpamCop "for writing fraudulent complaints" and have their reporting abilities taken away. Search Google Groups for his email address and you will see what I mean. You are doing the right thing by unchecking this box.

[Wazoo]

Based on the above, Deputies have been given a heads-up on this 3rd-party notify address.

[Merlyn]

See also: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19535

A few more of their names are listed there also.

[Wazoo]

Just in from Ellen;

mrbooger no longer receives reports -- thanks

Ellen

SpamCop