Jump to content
Appleseed

Does Spamcop send report directly to spammer itself?

Recommended Posts

The fake date email spam (Submitted: 8/4/2019, 1:07:01 PM +0300:) i reported. There is gmail address where Spamcop send the report. 

Isnt that the address of the spammer itself? Why Spamcop send the report there?

Share this post


Link to post
Share on other sites

Sorry about the confusion with your post.

SpamCop does not sent spam reports to the spammer but to their ISP, etc.  If you could provide a Tracking URL it would help others see what the parser did with your spam.  It is hard to give an informed opinion based on just your post.

Share this post


Link to post
Share on other sites

Appleseed,

As a user like you, I am not able to see the any spam you may have reported.  So I second Lking's request for a tracking link.

1 minute ago, Lking said:

If you could provide a Tracking URL it would help others see what the parser did with your spam.  It is hard to give an informed opinion based on just your post.

Appleseed, what I suspect you are seeing is some users have signed up for an IP range, but then don't use an abuse address.  Those seem to be using a personal address instead.

Share this post


Link to post
Share on other sites
12 minutes ago, Appleseed said:

No problem, things happen^^

https://www.spamcop.net/sc?id=z6564775200zb0e68f15592a9b6948787f714e4ec177z
The SpamCop tracking URL shows the Gmail abuse address is probably bogus (Bitbin)
the IP of URL is a botnet
https://www.abuseat.org/lookup.cgi?ip=92.63.192.124
Front for child porn phishing spam operator.
Send report to response[AT]cert-gib[DOT]ru no working abuse address.

Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS



>

 

Share this post


Link to post
Share on other sites
17 hours ago, Appleseed said:

There is that gmail address im talking about. 

The address matches the cached entry returned from RIPE.  I am not sure I would trust the other RIPE email any more than the gmail address either.

SpamCop RIPE cached:

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '92.63.192.0 - 92.63.192.255'

% Abuse contact for '92.63.192.0 - 92.63.192.255' is 'vvsg180@gmail.com'

New RIPE query:

e-mail:          vigorv@mail.ru
e-mail:          hawk@diamondc.ru
upd-to:          stell_hawk@mail.ru
abuse: hawk@diamondc.ru

One quick note that you may not be aware of is that thanks to GDPR there might be times where the "-B" gets in the way and someone has performed a manual add.

SpamCop:

Reports routes for 92.63.192.124:
routeid: 78192297 92.63.192.0 - 92.63.192.255 to: vvsg180@gmail.com
Administrator interested in all reports
7/17/2019, 9:45:55 AM -0600 
[Note added by  (no name)]
Route added without comment

 

Share this post


Link to post
Share on other sites
On 8/10/2019 at 5:34 PM, petzl said:

https://www.spamcop.net/sc?id=z6564775200zb0e68f15592a9b6948787f714e4ec177z
The SpamCop tracking URL shows the Gmail abuse address is probably bogus (Bitbin)
the IP of URL is a botnet
https://www.abuseat.org/lookup.cgi?ip=92.63.192.124
Front for child porn phishing spam operator.
Send report to response[AT]cert-gib[DOT]ru no working abuse address.


Child porn spammer 
pictures under 18 or made to look under 18
NO PROOF OF AGE available! 
SENT TO MINORS



>

 

What I'm seeing at the tracking link is typical of mail I receive at an Outlook email account, where the top-most (most recent) Received header trips things up so that reports go to report_spam[at]hotmail.com - I usually delete or comment out the header in such situations, which is normally sufficient to get the report(s) sent to a more appropriate address.

Share this post


Link to post
Share on other sites
3 hours ago, lisati said:

What I'm seeing at the tracking link is typical of mail I receive at an Outlook email account, where the top-most (most recent) Received header trips things up so that reports go to report_spam[at]hotmail.com - I usually delete or comment out the header in such situations, which is normally sufficient to get the report(s) sent to a more appropriate address.

My template attracts Russia's attention it applies to all porn spam/ Not seen one with "proof of age" on file.

Share this post


Link to post
Share on other sites
10 hours ago, petzl said:

My template attracts Russia's attention it applies to all porn spam/ Not seen one with "proof of age" on file.

I've seen some with apparent connections to Russia. Thankfully my provider filters them out before they make it to my inbox or junk/spam folder.

Share this post


Link to post
Share on other sites
5 hours ago, Appleseed said:

This is same spam i get almost every day, but this one use google link instead of that russian site.

I dont know what that link does, but it is to google.com

https://www.spamcop.net/sc?id=z6566161130zd34619e4d85c8adc3716c597c9f69569z

Google seem to of taken link down?

Share this post


Link to post
Share on other sites
11 hours ago, petzl said:

Google seem to of taken link down?

The link still forwards.  Apparently, the link is a search where it clicks the "I feel lucky button" and forwards directly to the first returned google search result.

The "I feel lucky" button as being part of the URL:

btnI=bQm4

 

Share this post


Link to post
Share on other sites
On 8/16/2019 at 11:46 PM, gnarlymarley said:

The link still forwards.  Apparently, the link is a search where it clicks the "I feel lucky button" and forwards directly to the first returned google search result.

The "I feel lucky" button as being part of the URL:


btnI=bQm4

 

Thats good to know. The site where link goes, have again the same russian owner.

Share this post


Link to post
Share on other sites
On 8/20/2019 at 1:00 AM, Appleseed said:

is it legit or not?

I have had much thought on this, and I no longer trust much of the addresses that are called abuse or postmaster anymore.  I figure that as long as my address is munged in the report and I give out the minimal headers in the report (meaning the spam gets pulled from my border server and reported), they I am not sure it matters as they already have that information from when they connected to my email server.  I myself have not seen any repeat spam to be reported to vvsg180@gmail.com, so it very well could be legit.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×