michael_m Posted February 12, 2006 Share Posted February 12, 2006 I've been spammed repeatedly every hour on the hour for the last 5 days by Spin Palace Casino and Ruby Fortune Casino. These 2 spammers are hiding behind a company called "Domains by Proxy" an ISP that is based in Arizona USA. Spin Palace Casino and Ruby Fortune Casino are based in South Africa and their unsolicited spam emails bypass my spam filter every time. How can anyone stop Companies like these from spamming? When they are hiding behind a third party and are in 2 different countries. All my Spamcop reporting of these 100+ emails has not slowed them a bit. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 12, 2006 Share Posted February 12, 2006 I've been spammed repeatedly every hour on the hour for the last 5 days by Spin Palace Casino and Ruby Fortune Casino. These 2 spammers are hiding behind a company called "Domains by Proxy" an ISP that is based in Arizona USA. Spin Palace Casino and Ruby Fortune Casino are based in South Africa and their unsolicited spam emails bypass my spam filter every time. How can anyone stop Companies like these from spamming? When they are hiding behind a third party and are in 2 different countries. All my Spamcop reporting of these 100+ emails has not slowed them a bit. 40350[/snapback] A tracking URL of one of their mesages would help us answer your questions. Some questions I have right away: Are all of the messages coming from the same IP address or different ones? Do all the reports go to "Domains by Proxy"? What are you using for spam filiters? Are you using spamcop's email service? Are you using spamcop's blocking list? Also, this thread should be moved since this is posted in the "How to use the spamcop forum" thread, which is not appropriate. Very few people may see your question here. We may need more information, however, to tell where this actually belongs (Email service forum, reporting problems forum, or perhaps the lounge). Link to comment Share on other sites More sharing options...
Wazoo Posted February 12, 2006 Share Posted February 12, 2006 Agreed .. Moved from the How to Use ... SpamCop Forum to the Lounge area .. it doesn't even read as a Reporting Help type question. Link to comment Share on other sites More sharing options...
michael_m Posted February 12, 2006 Author Share Posted February 12, 2006 I've been spammed repeatedly every hour on the hour for the last 5 days by Spin Palace Casino and Ruby Fortune Casino. Spin Palace Casino is based in South Africa. Ruby Fortune Casino is based in Belize. These 2 spammers are hiding behind a company called "Domains by Proxy" an ISP that is based in Arizona USA and boasts of a secure private domain hosting service. Domains by Proxy has affiliates called: www,godaddy.com www.wildwestdomains www.bluerazor.com Using Apple Network Utility to "Lookup" and "Whois" www.spincitycasino.com www.spcmt.com www.rubyfortunecasino.com www.rfcmt.com I found the registered owners of these domain names. I have JPG files listing the companies/directors names addresses phone numbers etc. My Spamcop reports of these 100+ emails has not slowed them a bit. How can anyone stop Companies like these from spamming? When they are hiding behind a third party and are in 2-3 different countries. Link to comment Share on other sites More sharing options...
michael_m Posted February 12, 2006 Author Share Posted February 12, 2006 Agreed .. Moved from the How to Use ... SpamCop Forum to the Lounge area .. it doesn't even read as a Reporting Help type question. 40355[/snapback] Sorry... I wasn't looking at the dicussion area when I posted! I've re-posted a more detailed note in the lounge. Moderator Edit: actually, I merged that 'new' post/Topic into this one. Due to the time-stamps and ordering, this will appear a bit out of sync. Link to comment Share on other sites More sharing options...
Merlyn Posted February 12, 2006 Share Posted February 12, 2006 Online Casinos/Gambling is illegal in the US. If they are hosted by a US ISP then you should report them to the proper authorities and contact the ISP to see why they allow it. Link to comment Share on other sites More sharing options...
michael_m Posted February 12, 2006 Author Share Posted February 12, 2006 A tracking URL of one of their mesages would help us answer your questions. Some questions I have right away: Are all of the messages coming from the same IP address or different ones? Do all the reports go to "Domains by Proxy"? What are you using for spam filiters? Are you using spamcop's email service? Are you using spamcop's blocking list? I'm using Macintosh Mail on OSX 10.4.4 with its Junk Mail filter enabled. Every spam Email I've received is from a different IP address Spamcop Reports go mainly to <network-abuse[at]cc.yahoo-inc.com> which is actually the "Unsubscribe" link on the spam <http://p6.hostingprod.com/[at]safewebsurfing.net/unsubscribe.html> Most of the spam details are irrelevant anyway... nothing useful in them... I'm trying to trace the company who instigated the spam through their Website... not their spam! All the spam has a link to their websites. The owner of the Website may claim no knowledge or responsibility of their spam. Is that acceptable? Spin Palace Casino use a company like Domains by Proxy with their many affiliates to hide behind. Each affiliate/ISP has offered to investigate my problem ( 4 ISP's so far ) promising nothing because they have no control over the other ISP's policies. Convenient! I have decided to forward all 81 spam Emails to the Director of Spin Palace Casinos and Ruby Fortune Casinos for proof reading and correction... to remove my email address. I've just been contacted by Telus Communications Inc. ( one of the vague affiliates ) requesting more information. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 12, 2006 Share Posted February 12, 2006 A previous reply deleted becuase you posted while I was writing it. I'm using Macintosh Mail on OSX 10.4.4 with its Junk Mail filter enabled. 40362[/snapback] Unless that Junk Mail filter uses spamcop, then your spamcop reports are not helping you stop the flow. I do not know how that filter works. Every spam Email I've received is from a different IP address Spamcop Reports go mainly to <network-abuse[at]cc.yahoo-inc.com> which is actually the "Unsubscribe" link on the spam <http://p6.hostingprod.com/[at]safewebsurfing.net/unsubscribe.html> 40362[/snapback] Then the source of the spam is likely virus infected machines all over the world and you will not be able to trace back to the real source. Those reports to yahoo are for the spamvertized link. Most of the spam details are irrelevant anyway... nothing useful in them... I'm trying to trace the company who instigated the spam through their Website... not their spam! All the spam has a link to their websites. 40362[/snapback] But you said that the spamvertized reports go to yahoo for the unsubscribe link. This is where the source of the spam become relevant, even if you do not think so. We can't help much without that information and you are wasting all of our time. The owner of the Website may claim no knowledge or responsibility of their spam. Is that acceptable? 40362[/snapback] The spam MAY not be directed by them but by a competitor trying to knock them off the internet (Joe Job). Link to comment Share on other sites More sharing options...
Jeff G. Posted February 12, 2006 Share Posted February 12, 2006 Please post a Tracking URL for each spamvertized casino. Thanks! Link to comment Share on other sites More sharing options...
michael_m Posted February 12, 2006 Author Share Posted February 12, 2006 I've looked into who Domains by Proxy is. Here's what I've found: Domain Name: DOMAINSBYPROXY.COM Registrar: GO DADDY SOFTWARE, INC. Whois Server: whois.godaddy.com Referral URL: http://registrar.godaddy.com The Go Daddy Group of companies also includes Wild West Domains, Inc., a reseller of domains and domain-related products and services; Domains by Proxy®, a private registration service; Starfield Technologies, a research and development affiliate; and Blue Razor Domains, a membership-based discount registrar. 14455 N. Hayden Rd. Suite 219 Scottsdale, AZ 85260 Looks like Go Daddy Software based in the USA are hosting an online Casino or two! ---------------------------------------------------------------------------------------------------------------------- Mac Mail Junk filter excludes ( JUNKS ) all mail that does not match entries in my address book. ( Incoming must match Email Addresses listed in my Address Book ) I have family, friends and business info in my address book... but not my own details. These spam emails are not detected as Junk... ???? ---------------------------------------------------------------------------------------------------------------------- This is where the source of the spam become relevant, even if you do not think so. Why is this important? The URL for UNSUBSCRIBE link is: http://p6.hostingprod.com/[at]safewebsurfing....nsubscribe.html Lookup Default Info on this URL is: ; <<>> DiG 9.2.2 <<>> http://p6.hostingprod.com/[at]safewebsurfing....nsubscribe.html ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 64803 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;http://p6.hostingprod.com/\[at]safewebsurfing.net/unsubscribe.html. IN A ;; AUTHORITY SECTION: . 9256 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2006021101 1800 900 604800 86400 ---------------------------------------------------------------------------------------------------------------------- No "Whois" info available ---------------------------------------------------------------------------------------------------------------------- Link to comment Share on other sites More sharing options...
michael_m Posted February 12, 2006 Author Share Posted February 12, 2006 Please post a Tracking URL for each spamvertized casino. Thanks! 40367[/snapback] Here's a header from Spin Palace Casino spamvertised email: Return-Path: <casino[at]email.com> Received: from compuserve.com ([85.138.106.239]) by imta03ps.mx.bigpond.com with SMTP id <20060211190934.VIOP8553.imta03ps.mx.bigpond.com[at]compuserve.com> for <michael[at]madden.net.au>; Sat, 11 Feb 2006 19:09:34 +0000 Date: Sat, 11 Feb 2006 19:15:05 +0000 From: Casino <casino[at]email.com> Subject: GET $300 FREE BONUS!!!!!!!!!!!!!!!! To: Michael <michael[at]madden.net.au> References: <EJHDIJDLEHCDBG41[at]madden.net.au> In-Reply-To: <EJHDIJDLEHCDBG41[at]madden.net.au> Message-ID: <0376E73JC4CFB371[at]email.com> Reply-To: Casino <casino[at]email.com> Sender: Casino <casino[at]email.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit ------------------------------------------------------------------------------------------------------------------- I couldn't do much with the info contained here. ------------------------------------------------------------------------------------------------------------------- Here's a header from Ruby Fortune Casino spamvertised email: Return-Path: <casino[at]email.com> Received: from compuserve.com ([221.217.115.216]) by imta06ps.mx.bigpond.com with SMTP id <20060212143100.LPBM17801.imta06ps.mx.bigpond.com[at]compuserve.com> for <michael[at]madden.net.au>; Sun, 12 Feb 2006 14:31:00 +0000 Date: Sun, 12 Feb 2006 15:08:37 +0000 From: Casino <casino[at]email.com> Subject: GET $100 FREE CASINO BONUS! To: Michael <michael[at]madden.net.au> References: <5415L8BBA78ECLFF[at]madden.net.au> In-Reply-To: <5415L8BBA78ECLFF[at]madden.net.au> Message-ID: <0EIGBCHLE64J05K5[at]email.com> Reply-To: Casino <casino[at]email.com> Sender: Casino <casino[at]email.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit ------------------------------------------------------------------------------------------------------------------- Here's a header from Golden Palace Casino the first spamvertised email: Return-Path: <casino[at]email.com> Received: from compuserve.com ([211.162.148.149]) by imta06sl.mx.bigpond.com with SMTP id <20060204170252.EKVN112.imta06sl.mx.bigpond.com[at]compuserve.com> for <michael[at]madden.net.au>; Sat, 4 Feb 2006 17:02:52 +0000 Date: Sat, 04 Feb 2006 17:07:02 +0000 From: Casino <casino[at]email.com> Subject: GET $300 CASINO SIGN-UP BONUS! To: Michael <michael[at]madden.net.au> References: <LD9499HFBCCFFDIK[at]madden.net.au> In-Reply-To: <LD9499HFBCCFFDIK[at]madden.net.au> Message-ID: <C1CE9HEKJCC3LLDJ[at]email.com> Reply-To: Casino <casino[at]email.com> Sender: Casino <casino[at]email.com> MIME-Version: 1.0 Content-Type: text/html Content-Transfer-Encoding: 8bit Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 12, 2006 Share Posted February 12, 2006 Here's a header from Spin Palace Casino spamvertised email: 40372[/snapback] You are wasting our time trying to help you until you provide the Tracking URL including the BODY of the spam message. Link to comment Share on other sites More sharing options...
michael_m Posted February 13, 2006 Author Share Posted February 13, 2006 You are wasting our time trying to help you until you provide the Tracking URL including the BODY of the spam message. 40376[/snapback] Here's the details from my latest Spamcop spam Report Is this all the Info you're looking for? Tracking message source: 69.57.158.82: Routing details for 69.57.158.82 [refresh/show] Cached whois for 69.57.158.82 : abuse[at]ev1.net Using abuse net on abuse[at]ev1.net abuse net ev1.net = abuse[at]ev1.net Using best contacts abuse[at]ev1.net Yum, this spam is fresh! Message is 0 hours old 69.57.158.82 not listed in dnsbl.njabl.org 69.57.158.82 not listed in dnsbl.njabl.org 69.57.158.82 listed in cbl.abuseat.org ( 127.0.0.2 ) 69.57.158.82 is an open proxy 69.57.158.82 not listed in accredit.habeas.com 69.57.158.82 not listed in plus.bondedsender.org 69.57.158.82 not listed in iadb.isipp.com Finding links in message body Parsing HTML part Resolving link obfuscation http://p6.hostingprod.com/[at]safewebsurfing.net/spin2.html Host p6.hostingprod.com (checking ip) = 68.142.234.59 host 68.142.234.59 = p6w10.geo.re2.yahoo.com (cached) http://p6.hostingprod.com/[at]safewebsurfing....nsubscribe.html Host p6.hostingprod.com (checking ip) = 68.142.234.59 host 68.142.234.59 = p6w10.geo.re2.yahoo.com (cached) Tracking link: http://p6.hostingprod.com/[at]safewebsurfing.net/spin2.html No recent reports, no history available Resolves to 68.142.234.59 Routing details for 68.142.234.59 [refresh/show] Cached whois for 68.142.234.59 : network-abuse[at]cc.yahoo-inc.com Using abuse net on network-abuse[at]cc.yahoo-inc.com abuse net cc.yahoo-inc.com = abuse[at]yahoo.com Using best contacts abuse[at]yahoo.com abuse[at]yahoo.com redirects to network-abuse[at]cc.yahoo-inc.com Tracking link: http://p6.hostingprod.com/[at]safewebsurfing....nsubscribe.html [report history] Resolves to 68.142.234.59 Routing details for 68.142.234.59 [refresh/show] Cached whois for 68.142.234.59 : network-abuse[at]cc.yahoo-inc.com Using abuse net on network-abuse[at]cc.yahoo-inc.com abuse net cc.yahoo-inc.com = abuse[at]yahoo.com Using best contacts abuse[at]yahoo.com abuse[at]yahoo.com redirects to network-abuse[at]cc.yahoo-inc.com Please make sure this email IS spam: From: Casino <casino[at]email.com> (GET $300 FREE CASINO BONUS!) FONT-SIZE: 11px; COLOR: #ffffff; LINE-HEIGHT: 16px; FONT-FAMILY: Verdana, Arial , Helvetica, sans-serif View full message Report spam to: Re: 69.57.158.82 (Administrator of network where email originates) To: abuse[at]ev1.net (Notes) Re: 69.57.158.82 (Third party interested in email source) To: Cyveillance spam collection (Notes) Re: http://p6.hostingprod.com/[at]safewebsurfing.net/s... (Administrator of network hosting website referenced in spam) To: network-abuse[at]cc.yahoo-inc.com (Notes) Re: http://p6.hostingprod.com/[at]safewebsurfing.net/u... (Administrator of network hosting website referenced in spam) To: network-abuse[at]cc.yahoo-inc.com (Notes) Link to comment Share on other sites More sharing options...
michael_m Posted February 13, 2006 Author Share Posted February 13, 2006 Why is it that most spam I receive is from the same few companies? Viagra spam Enlarge your XXXX spam Cheap Software spam Sports Betting spam and Casinos spam I'm in the advertising industry... in my experience, the rules of the game are as follows: Rule 1: When selling any product or service... shout it loud and make it annoying - to create brand awareness ( people remember annoying ads ). Rule 2: Get maximum exposure to the marketplace ( flood the airwaves, blanket coverage on any medium ) brainwash your customers, hammer them constantly in the most intrusive way possible. Its tacky but the beancounters say it works! Why would any of these companies object to the massive exposure they're getting? Why are most of these companies hard to trace on the internet. Usually foreign, based in a 3rd world hell hole or an Asian protectorate? Who ultimately owns the business? I don't believe the spam I receive is from a malicous hacker with nothing better to do. That's why I try to target the company. I think every Spamcop user should forward all the spam ( from any of these companies ) back to the contact details on the spammers website. Or post contact details on Spamcop for "Spammer of the Week" and let the users sort them out. Link to comment Share on other sites More sharing options...
Wazoo Posted February 13, 2006 Share Posted February 13, 2006 Here's the details from my latest Spamcop spam Report Is this all the Info you're looking for? 40381[/snapback] No .... one more try, then I'm going to close this Topic ... maybe even flip a coin as to even going with a deletion. And that's a pretty rough statement considering that this is in the Lounge area. Tracking URL Getting a Tracking URL from a Report ID Link to comment Share on other sites More sharing options...
michael_m Posted February 13, 2006 Author Share Posted February 13, 2006 No .... one more try, then I'm going to close this Topic ... maybe even flip a coin as to even going with a deletion. And that's a pretty rough statement considering that this is in the Lounge area. Tracking URL Getting a Tracking URL from a Report ID 40385[/snapback] Is this it? http://www.spamcop.net/sc?id=z873719747z38...928f01e1955346z I'm a little more than angered by the constant spam I'm receiving. My comments may appear "pretty rough" but with good reason! Here's another Tracking URL from the latest Spin Palace Casino spam http://www.spamcop.net/sc?id=z873756715z70...ceac5874f67dfbz Link to comment Share on other sites More sharing options...
Jeff G. Posted February 13, 2006 Share Posted February 13, 2006 Here's the details from my latest Spamcop spam Report Is this all the Info you're looking for? 40381[/snapback] No. However, both http://p6.hostingprod.com/[at]safewebsurfing.net/spin2.html and http://safewebsurfing.net/spin2.html are hosted by our friends at Yahoo!, hostingprod.com registered to Yahoo! and safewebsurfing.net registered through MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE and their shill contact[at]myprivateregistration.com, which was not read by a human, but instead responded as follows (as if on a permanent vacation):Received: from ns2.domainnetwork.se (HELO mail04.melbourneit.com.au) ([203.31.199.162]) (envelope-sender <donotreply[at]melbourneit.com.au>) by mymx (qmail-ldap-1.03) with SMTP for <me>; 13 Feb 2006 00:22:36 -0000 Received: from localhost (localhost [127.0.0.1]) by mail04.melbourneit.com.au (Postfix) with ESMTP id 35F74464507 for <me>; Mon, 13 Feb 2006 11:22:32 +1100 (EST) Received: from mail04.melbourneit.com.au ([127.0.0.1]) by localhost (grumpy.mit [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 02833-12 for <me>; Mon, 13 Feb 2006 11:22:32 +1100 (EST) Received: by mail04.melbourneit.com.au (Postfix, from userid 1010) id 208DB4643EB; Mon, 13 Feb 2006 11:22:32 +1100 (EST) User-Agent: Vacation/1.2.6 http://vacation.sourceforge.net To: me Subject: Melbourne IT - My Private Registration Message-Id: <20060213002232.208DB4643EB[at]mail04.melbourneit.com.au> Date: Mon, 13 Feb 2006 11:22:32 +1100 (EST) From: donotreply[at]melbourneit.com.au (Melbourne_IT) X-Virus-Scanned: amavisd-new at melbourneit.com.au X-Nonspam: Whitelist Mime-Version: 1.0 Content-Type: text/plain THIS IS AN AUTOMATED MESSAGE - DO NOT REPLY You are attempting to contact a domain name that is protected by "My Private Registration" service. To ensure that your message is delivered to the administrative contact you will need to complete the form at the following web site. http://www.melbourneit.com.au/cc/emailmanagement/ You will need to submit the following information: * Your Name & email address * Your Message to the registrant Regards "My Private Registration" Team. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted February 13, 2006 Share Posted February 13, 2006 Here's another Tracking URL from the latest Spin Palace Casino spam http://www.spamcop.net/sc?id=z873756715z70...ceac5874f67dfbz Thank you for the tracking URL's so we can see the actual spam body. Your spammer is using Yahoo to redirect their site first, which is why all the reports are going to Yahoo. They do this to avoid being tracked down. The Yahoo redirect then points to the secureserver.net DNS servers. GoDaddy is simply the registrar for the site (like Network Solutions). Following the redirect on a safe machine (samspade did not work), brought me to: www.spcmt.com = [ 207.219.111.152 ] Whois lookup on that IP address: Server Used: [ rwhois.telus.net ] 207.219.111.152 = [ ] network: Class-Name: network network: ID: 833.207.219.0.0/16 network: Auth-Area: 207.219.0.0/16 network: Network-Name: TELUS network: IP-Network: 207.219.111.0/24 network: Org-Name: TELUS network: Street-Address: 3777 Kingsway network: City: Burnaby network: State-Province: BC network: Country-Code: CA network: Postal-Code: V5N-4N2 network: Updated: 2005-08-31 (20: 55: 48) network: Created: 2005-03-10 (21: 18: 51) network: Admin-Contact: hostmaster[at]telus.com network: Abuse-Contact: abuse[at]telus.com (1-604-444-5791) network: Tech-Contact: swip[at]swip.ca.telus.com You can try complaining to any/all of these places. Why they do it: When you are doing something illegal, it is best to keep out of the direct sunlight. Link to comment Share on other sites More sharing options...
michael_m Posted February 13, 2006 Author Share Posted February 13, 2006 Telus was the first Company I complained to. Telus sent over 1000 Automated Email responses to my Email Account which blocked out my inbox for 1 hour. I forwarded 5 or 6 of them to Spamcop I sent a complaint to my ISP and they haven't responded. The spam continues every hour! Link to comment Share on other sites More sharing options...
Farelf Posted February 13, 2006 Share Posted February 13, 2006 Telus was the first Company I complained to. Telus sent over 1000 Automated Email responses to my Email Account which blocked out my inbox for 1 hour. 40391[/snapback] You might get some assistance with a Canadian operation like Telus from the Canadian Cyberbullying organization - http://www.cyberbullying.ca/ I haven't used them but found their resources links useful once, trying to report a rogue Canadian outfit. HTH Link to comment Share on other sites More sharing options...
michael_m Posted February 13, 2006 Author Share Posted February 13, 2006 You might get some assistance with a Canadian operation like Telus from the Canadian Cyberbullying organization - http://www.cyberbullying.ca/ I haven't used them but found their resources links useful once, trying to report a rogue Canadian outfit. HTH 40392[/snapback] Canadian Cyberbullying eh! Sounds like the kind of business I need to make friends with. Thanks for all the help! I'll try anything to stop the spam - still ongoing / incoming. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.