spammer report

[rooster]

Forum folk;

id=z743331454zfb431d841acb842b545c92ddc74c6eaaz

I submitted the above report, but noticed an unusual note, in red, saying SC did not want to bother the ISP. I sent it anyway, but I am curious to know what the notice is intended to tell me. What differentiates this spammer from the others?

rooster

[Wazoo]

You didn't provide a Tracking URL, so I can't get specific. It could be an ISP that has asked not to be bothered with more reports (whether due to already handling the issue or one of those ISPs that don't give a damn) .. it might be due to a bad address (non-routable type perhaps) ... just a couple of possibilities.

[Jeff G.]

Please don't remove "http://www.spamcop.net/sc?" from Tracking URLs - it only serves to confuse Admins when they are up past their bedtimes (3:12am CST?).

In any case, using the full Tracking URL http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz, from which I dummied up a new test submission (10 days newer) to form http://www.spamcop.net/sc?id=z743427190z24...27350a7968bdebz, the Parser is now willing to report source 81.84.164.169 to abuse<at>tvcabo.pt and abuse<at>netcabo.pt, and is sometimes willing to report URL http://dnqdgz.rxspecialsnow.net/a/k20911875/hrmyc/ on 61.156.239.208 to support<at>pub.sd.cninfo.net, postmaster<at>pub.sd.cninfo.net, security<at>pub.sd.cninfo.net, ct-abuse<at>abuse.sprint.net, abuse#cnc-noc.net.cn<at>devnull.spamcop.net, abuse<at>cnc-noc.net, postmaster#cnc-noc.net<at>devnull.spamcop.net, and postmaster<at>sd.cninfo.net.

[rooster]

Wazoo & Jeff;

Please don't remove "http://www.spamcop.net/sc?" from Tracking URLs - it only serves to confuse Admins when they are up past their bedtimes (3:12am CST?).

My apologies; I was up past my bedtime, too (12:30 am), and wasn't thinking. (That's my story .......)

In any case, using the full Tracking URL http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz, from which I dummied up a new test submission (10 days newer)

why 10 days newer? I rec'd and reported the spam in about an hour.

to form

, the Parser is now willing to report source...."

What changed to make it "willing"?

Should I complete/ send report if I encounter this kind of message in future?

Regards,

rooster

[Wazoo]

Well, it's about 12 hours later (and still no sleep) .. and I'm just as confused ... I'm thinking Jeff was repeating some of my bad thought process and doing too many things at once (?) ... the spam involved in his fix of the original "id" sample and the "re-worked" spam aren't dealing with the same spam <g> The re-worked item I think came from a totally different discussion <g>

In the case of the 'original' query about http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz ... the URL in question is based on the parser seeing an item in the body (strangely wrapped onto a new line) "http://www.w3.org/TR/html4/loose.dtd"

This one falls under "Innocent Bystander" .... W3 (actually W3C) is the World Wide Web Consortium, which "develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential. W3C is a forum for information, commerce, communication, and collective understanding." Basically, the place offering the guidelines on how the great "www" works ... they have nothing to do with the spam other than being the repository of HTML coding ....

(BTW: fixed the quoting issue in the above post)

[Jeff G.]

Sorry, pasting error on my part. All those Tracking URLs start to look the same after a while.

[Wazoo]

Off-topic .. but in my e-mail to Don earlier today about the Buying Fuel issue ... I'd sent him the URL of whatever IPB Forum thing I had opened up (working on an item there, flipped back to this Forum for more data, saw new posts, reacted to that one, and then hit the wrong window to grab the URL to direct Don to the right place .. ooops!)

[Jeff G.]

At least the info I leaked was already public from this site.

[rooster]

Thanks guys;

If I had kicked it off properly, I could have prevented the kafuffle.

the URL in question is based on the parser seeing an item in the body (strangely wrapped onto a new line) "http://www.w3.org/TR/html4/loose.dtd"

This one falls under "Innocent Bystander" .

...... is this quirk something the spammer did on porpose to evade complaints?

Happy trails,

[Wazoo]

Not in this case .. that entire line is actually pretty "standard" HTML code (notmally for web page use, but unfortunately e-mail applications have been written that respond to HTML) ... in this case, ut's stating that the "page data" was written to HTML version version 4.0 'loose' .. meaning some possibility of code that is headed towards being dropped or stuff that's not fully "approved and accepted" yet ... the alternative would be "strict" ....

[Jeff G.]

It's a DTD (document type definition), part of how HTML 4.01 works. Please see http://www.w3.org/TR/html4/loose.dtd, http://www.w3.org/TR/1999/REC-html401-19991224, and http://www.w3.org/TR/1999/REC-html401-1999...ro/sgmltut.html (search for "document type definition") for details, and please don't even try to report it.

[rooster]

Wazoo & Jeff;

Thanks; ...time y'all put on some Brahms and got some ZZZ's.

Happy trails,

[Ilgaz]

What can we do further about ISP's doesn't want to get bothered while we take time to report them?

I don't mean phoning them and flaming etc.

Anyone knows?

[turetzsr]

What can we do further about ISP's doesn't want to get bothered while we take time to report them?

I don't mean phoning them and flaming etc.

Anyone knows?

25969[/snapback]

...My guess would be: nothing. Your reporting of them keeps them on the block list, so it is helping those who use it.

[Jeff G.]

Report them to their upstreams, peers, and shareholders.