Jump to content
Sign in to follow this  
jldk

Spammer as third party interested in reports

Recommended Posts

About once a month I recieve one or two spammails from a company that claims they are exercising "permission marketing". I´m on their list because I used one of their services about 2½ years ago. They claim that by using that service I´ve agreed to recieve advertisement mails. I don´t remember agreeing to that, but can´t honestly remember that I didn´t. So when I started to recieve their mails (just a couple of months ago) , I tried to unsubscribe from their list. It turned out that I needed a password to access an unsubscribe page (which I had forgotten long time ago). To make a long story a bit shorter, I finally got access to that unsubscribe page. I followed the instructions, mailed their support etc. but I still recieve advertisement mails from them (from then on definitely spam). I reported through spamcop, and on the reporting page I see an e-mail adress for "third party interested in spam" belonging to a representative of the spamming comany. It is my understanding, that in order to obtain that right you have to be trusted by spamcop. Their unresponsivenes to my reports etc. makes me think, that they shouldnt have that privilege. I know about unchekking the boxes, but should spamcop be notified about such matters? And how?. I realize that they are probably too small to ever get near a blocklisting but I feel I should report it anyway.

Regards

Jan

Share this post


Link to post
Share on other sites

I'm not sure where you picked up the "must be trusted" to be a third-party notify. It used to be a simple web-form, then the request had to be "authorized" by the ISP involved ... now the method is to create an ISP account, then request the next level (3rd party notify) ... This leads into a thing called "reputation points" ... so it's not as much a matter of trust as it is a lack of background 'bad' data.

You've provided noting to really dig into. One poor/good example of your described scenario would be Topica .... They swear they do not spam, they swear that all addesses are absolutly verifiable opt-in, they swear that anything they send out was positively begged for by the recipient .... Reality seems to be totally different .... Send them the appropriate data and you will get whitelisted, but this isn't the same as actually controlling the spew ...

If you have any desire of a specific response, you need to identify the parties invlved, preferably using a Tracking URL to provide the linking sequence involved. i.e., is it an IP address or a spamvertised web-site?

Share this post


Link to post
Share on other sites

I suppose I just guessed (and guessed wrong) what would qualify for obtaining third party reports. But I understand from your answer that "bad background data" would qualify for denial of third party reports right?

I know my informations were sparse, and I really was thinking in more general terms. I forgot to write down the tracking URL, but the company I was talking about is ofir.dk. From the "past reports section" on the spamcop page I can see that the IP adress is 193.138.124.247. But I would be suprised if it is anyway near a listing. Afterall Denmark is a small country B)

(Is it possible to deduce the tracking URL from the "past reports" section?)

Ofir.dk is among other things a marketing company (It was one of the other "things" I used previously). Companys pay them to mail advertisements to people who have accepted to recieve them (they claim). Below I have pasted the header of todays spam. I believe you have no use for the spam content (it is in danish anyway). But again I was wondering about the third party interested stuff, and I believe you clarified that a bit for me. Thanks

Return-Path: <mail[at]ofir.dk>

Received: from appleton6.uni2.net (appleton6.uni2.net [129.142.244.20])

by ting.uni2.net (8.12.6/8.12.6) with ESMTP id j1E9i9A7010131

for <x>; Mon, 14 Feb 2005 10:44:09 +0100

Received: from postfix4.ofir.com (postfix4-out.ofir.com [193.138.124.247])

by appleton6.uni2.net (8.12.11/SQL-8.12.11-8/8.12.11) with ESMTP id j1E9i6lC024964

for <x>; Mon, 14 Feb 2005 10:44:06 +0100

Received: from GENERATOR1 (generator1.ofir.dom [192.168.201.201])

by postfix4.ofir.com (Postfix) with SMTP id 14C8F9C2E2

for <x>; Mon, 14 Feb 2005 10:44:02 +0100 (CET)

From: OFiR <mail[at]ofir.dk>

To: "x" <x>

Date: Mon, 14 Feb 2005 09:44:05 "GMT"

X-mailer: AspMail 2.59 (QSMT2F85E1)

Subject: Illustreret Videnskab og fedt Skagen ur KUN 49,50!

Mime-Version: 1.0

Content-Type: text/html

Content-Transfer-Encoding: quoted-printable

Message-Id: <2005_________________C2E2[at]postfix4.ofir.com>

X-UNI2-MailScanner-Information: See www.mailscanner.info for information

X-UNI2-MailScanner: Found to be clean

X-UNI2-MailScanner-SpamCheck: not spam, SpamAssassin (score=-0.769,

required 5, AWL 0.69, BAYES_00 -2.60, HTML_EVENT_UNSAFE 0.52,

HTML_IMAGE_RATIO_06 0.13, HTML_MESSAGE 0.00, INVALID_DATE 0.24,

MIME_HTML_ONLY 0.18, MIME_QP_LONG_LINE 0.04, TO_ADDRESS_EQ_REAL 0.03,

URI_REDIRECTOR 0.01)

X-Antivirus: AVG for E-mail 7.0.300 [265.8.7]

Share this post


Link to post
Share on other sites

If Denmark has implemented the EU directive on spam (don't remember them on the list of defaulters), you could also try going through the official channels there since you have a good case.

Share this post


Link to post
Share on other sites
If Denmark has implemented the EU directive on spam (don't remember them on the list of defaulters), you could also try going through the official channels there since you have a good case.

24357[/snapback]

Denmark has implemented the directive, and I have notified the relevant authorities a couple of times, but so far without any result. But thank you for your support :)

Share this post


Link to post
Share on other sites
I realize that they are probably too small to ever get near a blocklisting but I feel I should report it anyway.

Regards

Jan

24352[/snapback]

They are not "too small" to be blacklisted; The process has begun (they operate a /24 netblock). You should see results within a week (some already).

Share this post


Link to post
Share on other sites
They are not "too small" to be blacklisted; The process has begun (they operate a /24 netblock).  You should see results within a week (some already).

24367[/snapback]

They also run a free E-mail service. If spammers use that service, and OFIR is as reluctant to deal with their spamming costumers as they are to exercise responsible list management, they surely will end up on a blocklist sooner or later I guess. But the main reason will probably their spamming costumers and not because of themselves spamming danes who at some point voluntarily gave them their E-mail adress.

Share this post


Link to post
Share on other sites
They also run a free E-mail service. If spammers use that service, and OFIR is as reluctant to deal with their spamming costumers as they are to exercise responsible list management, they surely will end up on a blocklist sooner or later I guess. But the main reason will probably their spamming costumers and not because of themselves spamming danes who at some point voluntarily gave them their E-mail adress.

24384[/snapback]

Actually they are run by a small newpaper and spam for their advertisers. Primarily for not honoring remove requests *and* needing a password for removal, they will be blacklisted quite quickly. Also they have many domains trackable to them, several have false registration data - another blacklistable offence. Also, they seem to be spamming themselves (other reports can be found in search engines), not "free-email customers" (mis-)using their system. Notice, they generally do not forge headers, but anything sent to the U.S. would appear to not be CAN-spam compliant (No subject header noting an advertisement, no remove instructions in the email). You can get spam from them, if you want, by siging up, then canceling - the deluge comes quickly! This is already sufficient evidence for a few lists. If it continues after a day or two - what they say it should take, - I'll start reporting to SpamCop also. BTW. you also start getting mail from other domains which they control, you just have to dig to determine their ownership. Also. the email is such egregious spam, I'll have to open filters to let it by blocking which has already occured (i.e. my servers already refuse the mail based on blacklists they are already on *and* on content alone).

Share this post


Link to post
Share on other sites

You know this company better than I do :D Are you danish your self? If not I can suggest, that you, in addition to reporting to spamcop send a report to fs.dk]spamdk[at]fs.dk. That E-mail adress is for reporting spam from Denmark to the authorities (you probably know that already).

Share this post


Link to post
Share on other sites

Once in awhile, I get a spam that generates a "third party" report to mrbooger2002[at]yahoo.com. I always uncheck the boxes. I figure if he uses such a goofy email address, he's probably not serious about spam fighting.

Anyone else seen this? Is there a way to report suspicious third parties to Spamcop?

Here's a recent tracker:

http://www.spamcop.net/sc?id=z733490170z76...593bb9bb26729fz

Share this post


Link to post
Share on other sites

jseymour's post was merged into this discussion due to the same ground being covered ... advised via PM of the Move/Merge.

Share this post


Link to post
Share on other sites
Once in awhile, I get a spam that generates a "third party" report to mrbooger2002[at]yahoo.com.  I always uncheck the boxes.  I figure if he uses such a goofy email address, he's probably not serious about spam fighting.

24461[/snapback]

Yes, that Booger is a bad guy. He is the webmaster for opt-in-specials dot com, a spammy porn and dating site. He writes back to people who report his spams, threatening them that he will report them to SpamCop "for writing fraudulent complaints" and have their reporting abilities taken away. Search Google Groups for his email address and you will see what I mean. You are doing the right thing by unchecking this box.

Share this post


Link to post
Share on other sites

Based on the above, Deputies have been given a heads-up on this 3rd-party notify address.

Share this post


Link to post
Share on other sites

Just in from Ellen;

mrbooger no longer receives reports -- thanks

Ellen

SpamCop

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×