Jump to content
Sign in to follow this  
rooster

spammer report

Recommended Posts

Forum folk;

id=z743331454zfb431d841acb842b545c92ddc74c6eaaz

I submitted the above report, but noticed an unusual note, in red, saying SC did not want to bother the ISP. I sent it anyway, but I am curious to know what the notice is intended to tell me. What differentiates this spammer from the others?

rooster

Share this post


Link to post
Share on other sites

You didn't provide a Tracking URL, so I can't get specific. It could be an ISP that has asked not to be bothered with more reports (whether due to already handling the issue or one of those ISPs that don't give a damn) .. it might be due to a bad address (non-routable type perhaps) ... just a couple of possibilities.

Share this post


Link to post
Share on other sites

Please don't remove "http://www.spamcop.net/sc?" from Tracking URLs - it only serves to confuse Admins when they are up past their bedtimes (3:12am CST?).

In any case, using the full Tracking URL http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz, from which I dummied up a new test submission (10 days newer) to form http://www.spamcop.net/sc?id=z743427190z24...27350a7968bdebz, the Parser is now willing to report source 81.84.164.169 to abuse<at>tvcabo.pt and abuse<at>netcabo.pt, and is sometimes willing to report URL http://dnqdgz.rxspecialsnow.net/a/k20911875/hrmyc/ on 61.156.239.208 to support<at>pub.sd.cninfo.net, postmaster<at>pub.sd.cninfo.net, security<at>pub.sd.cninfo.net, ct-abuse<at>abuse.sprint.net, abuse#cnc-noc.net.cn<at>devnull.spamcop.net, abuse<at>cnc-noc.net, postmaster#cnc-noc.net<at>devnull.spamcop.net, and postmaster<at>sd.cninfo.net.

Share this post


Link to post
Share on other sites

Wazoo & Jeff;

Please don't remove "http://www.spamcop.net/sc?" from Tracking URLs - it only serves to confuse Admins when they are up past their bedtimes (3:12am CST?).

My apologies; I was up past my bedtime, too (12:30 am), and wasn't thinking. (That's my story .......)

In any case, using the full Tracking URL http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz, from which I dummied up a new test submission (10 days newer)

why 10 days newer? I rec'd and reported the spam in about an hour.

to form

, the Parser is now willing to report source...."

What changed to make it "willing"?

Should I complete/ send report if I encounter this kind of message in future?

Regards,

rooster

Share this post


Link to post
Share on other sites

Well, it's about 12 hours later (and still no sleep) .. and I'm just as confused ... I'm thinking Jeff was repeating some of my bad thought process and doing too many things at once (?) ... the spam involved in his fix of the original "id" sample and the "re-worked" spam aren't dealing with the same spam <g> The re-worked item I think came from a totally different discussion <g>

In the case of the 'original' query about http://www.spamcop.net/sc?id=z743331454zfb...5c92ddc74c6eaaz ... the URL in question is based on the parser seeing an item in the body (strangely wrapped onto a new line) "http://www.w3.org/TR/html4/loose.dtd"

This one falls under "Innocent Bystander" .... W3 (actually W3C) is the World Wide Web Consortium, which "develops interoperable technologies (specifications, guidelines, software, and tools) to lead the Web to its full potential. W3C is a forum for information, commerce, communication, and collective understanding." Basically, the place offering the guidelines on how the great "www" works ... they have nothing to do with the spam other than being the repository of HTML coding ....

(BTW: fixed the quoting issue in the above post)

Share this post


Link to post
Share on other sites

Sorry, pasting error on my part. All those Tracking URLs start to look the same after a while. :)

Share this post


Link to post
Share on other sites

Off-topic .. but in my e-mail to Don earlier today about the Buying Fuel issue ... I'd sent him the URL of whatever IPB Forum thing I had opened up (working on an item there, flipped back to this Forum for more data, saw new posts, reacted to that one, and then hit the wrong window to grab the URL to direct Don to the right place .. ooops!)

Share this post


Link to post
Share on other sites

At least the info I leaked was already public from this site. :)

Share this post


Link to post
Share on other sites

Thanks guys;

If I had kicked it off properly, I could have prevented the kafuffle.

the URL in question is based on the parser seeing an item in the body (strangely wrapped onto a new line) "http://www.w3.org/TR/html4/loose.dtd"

This one falls under "Innocent Bystander" .

...... is this quirk something the spammer did on porpose to evade complaints?

Happy trails,

Share this post


Link to post
Share on other sites

Not in this case .. that entire line is actually pretty "standard" HTML code (notmally for web page use, but unfortunately e-mail applications have been written that respond to HTML) ... in this case, ut's stating that the "page data" was written to HTML version version 4.0 'loose' .. meaning some possibility of code that is headed towards being dropped or stuff that's not fully "approved and accepted" yet ... the alternative would be "strict" ....

Share this post


Link to post
Share on other sites

It's a DTD (document type definition), part of how HTML 4.01 works. Please see http://www.w3.org/TR/html4/loose.dtd, http://www.w3.org/TR/1999/REC-html401-19991224, and http://www.w3.org/TR/1999/REC-html401-1999...ro/sgmltut.html (search for "document type definition") for details, and please don't even try to report it.

Share this post


Link to post
Share on other sites

What can we do further about ISP's doesn't want to get bothered while we take time to report them?

I don't mean phoning them and flaming etc.

Anyone knows?

Share this post


Link to post
Share on other sites
What can we do further about ISP's doesn't want to get bothered while we take time to report them?

I don't mean phoning them and flaming etc.

Anyone knows?

25969[/snapback]

...My guess would be: nothing. Your reporting of them keeps them on the block list, so it is helping those who use it.

Share this post


Link to post
Share on other sites

Report them to their upstreams, peers, and shareholders. :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×