albunix Posted June 28, 2006 Share Posted June 28, 2006 Hello, I'm from 216.14.208.0/20 netblock. We've getting reports such as --------------------------------- IPs reported in past hour: 216.14.208.23 216.14.208.21 216.14.208.15 -------------------------------- Yet, we have gotten not even one single complaint against our netblock. We stay very much in top of abuse tickets, and even have an established feedback loop with AOL which so far has not shown any issues for our mail server. What's my options in here. We use SpamCop blocking lists ourselves, and have found it to be very useful, yet at this point, seems we're cornered without any options to proceed. http://public.albunix.org/spamcop.JPG supposedly shows we have 99 complaints, yet we have not received any actual one. Thanks for your help in advance. Link to comment Share on other sites More sharing options...
turetzsr Posted June 28, 2006 Share Posted June 28, 2006 Hi, albunix, ...Have you checked out the SpamCop CheckBlock page, http://www.spamcop.net/w3m?action=checkblock? It shows nothing for either of the first two IP addresses you list (although the SenderBase statistics sure look suspicious) and shows the following for the third IP address: 216.14.208.15 listed in bl.spamcop.net (127.0.0.2) If there are no reports of ongoing objectionable email from this system it will be delisted automatically in approximately 20 hours. Causes of listing SpamCop users have reported system as a source of spam less than 10 times in the past week <snip> ...Following the "Trace IP" link, the following is displayed: Parsing input: 216.14.208.15 host 216.14.208.15 = mail01.secureserverdot.com (cached) host 216.14.208.15 = mail01.secureserverdot.com (cached) ISP does not wish to receive report regarding 216.14.208.15 SP does not wish to receive reports regarding http://216.14.208.15/ - no date available <snip> Using abuse net on abuse[at]successfulhosting.com abuse net successfulhosting.com = abuse[at]successfulhosting.com Using best contacts abuse[at]successfulhosting.com So reports should have gone to abuse[at]successfulhosting.com. Link to comment Share on other sites More sharing options...
albunix Posted June 28, 2006 Author Share Posted June 28, 2006 Hello, thanks for looking into it so far. Correct, abuse at successfulhosting.com is where we receive complaints. There has been no complaints that we've received. There has been only Alerts that we've generally received on the 20th minute of every hour more or less making us aware of IP's being reported. Yet, no further information, was ever received from us. In the past we've received actual reports that start as follows [ SpamCop V1.582 ] This message is brief for your comfort. Please use links below for details. ... ... ... and we'd get full headers showing where/what domain is being abusive. Any ideas on what to follow through at this point? bless you for all your help Link to comment Share on other sites More sharing options...
Wazoo Posted June 28, 2006 Share Posted June 28, 2006 http://www.senderbase.org/?searchBy=ipaddr...g=216.14.208.23 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ......... 3.8 .. 21595% Last 30 days ... 2.0 ..... 231% Average ......... 1.4 http://www.senderbase.org/search?searchString=216.14.208.21 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 3.9 .. 7947% Last 30 days .. 2.5 .... 237% Average ........ 2.0 http://www.senderbase.org/search?searchString=216.14.208.15 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ......... 3.6 .. -83% Last 30 days ... 3.8 .. -69% Average ......... 4.3 Looking up albunix.org at whois.abuse.net. postmaster[at]albunix.org (default, no info) Suggest you register an abuse address at abuse.net ..... Parsing input: postmaster[at]albunix.org 64.81.196.17 is an mx ( 10 ) for albunix.org host 64.81.196.17 (getting name) = moon.albunix.org. chopping username "postmaster[at]" from URL: http://albunix.org/ Host albunix.org (checking ip) = 64.81.196.17 host 64.81.196.17 = moon.albunix.org (cached) Routing details for 64.81.196.17 Cached whois for 64.81.196.17 : abuse[at]speakeasy.net Using abuse net on abuse[at]speakeasy.net abuse net speakeasy.net = abuse[at]speakeasy.net Using best contacts abuse[at]speakeasy.net Parsing input: 216.14.208.15 host 216.14.208.15 = mail01.secureserverdot.com (cached) host 216.14.208.15 = mail01.secureserverdot.com (cached) ISP does not wish to receive report regarding 216.14.208.15 ISP does not wish to receive reports regarding http://216.14.208.15/ - no date available Routing details for 216.14.208.15 Cached whois for 216.14.208.15 : abuse[at]successfulhosting.com Using abuse net on abuse[at]successfulhosting.com abuse net successfulhosting.com = abuse[at]successfulhosting.com Using best contacts abuse[at]successfulhosting.com Actual reports sent out appear to depend on just how the IP/URL turns up in the submitted spam for parsing. Based on the numbers showing at SenderBase, one could make an assumption that it would be based on the IP address of the spew sourcing, which then leads to the ISP does not wish to receive reports problem .... so the actual reports don't go anywhere but feeding the SpamCopDNSBL .... You are at the mercy of an ISP that appears to have lost some control over some of their e-mail servers and yet, doesn't want to hear about it. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 28, 2006 Share Posted June 28, 2006 All the reports showing are mole reporters, which is why you are only getting the summary. It might also be because of the ISP does not wish to receive reports issue. Report History: -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 2:38:22 PM -0400: Check up: Make other men envy you and girls worship you Most efficient produc... 1817011913 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 2:38:02 PM -0400: Re: to kiyys 1817013479 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 11:56:19 AM -0400: lowest prices possible 1816826635 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:32 AM -0400: RE: yOur pi11z r3quest 1816655940 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:30 AM -0400: Try 0ur pills. Interesting offers 1816656244 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:29 AM -0400: Y0ur medicine is ready and waiting f0r y0u 1816656348 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 4:34:33 PM -0400: Your health, night-riding 1813708078 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 3:21:47 PM -0400: 1813626304 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 2:14:50 PM -0400: Red Hot Stock Watch 1813546602 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 1:06:41 PM -0400: antonym 1813474797 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net Link to comment Share on other sites More sharing options...
albunix Posted June 28, 2006 Author Share Posted June 28, 2006 Hello, please ignore albunix.org domainname, that's not the one I'm requesting help. I understand the part that we're getting summaries only since these are mole reporters. Could you please explain the part that the ISP does not wish to receive reports. What do we at the 216.14.208.0/20 netblock owners have to do to rectify this? Also, how can we at least get the Report History as you've listed it? Thanks guys, this is helping out a lot. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 28, 2006 Share Posted June 28, 2006 I understand the part that we're getting summaries only since these are mole reporters. Could you please explain the part that the ISP does not wish to receive reports. The information SpamCop uses to determine who should receive reports: http://www.spamcop.net/sc?action=rcache;ip=216.14.208.15 Tracking details Display data: "whois 216.14.208.15[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]successfulhosting.com 216.14.208.0 - 216.14.223.255:abuse[at]successfulhosting.com Routing details for 216.14.208.15 Using abuse net on abuse[at]successfulhosting.com abuse net successfulhosting.com = abuse[at]successfulhosting.com Using best contacts abuse[at]successfulhosting.com However, somewhere in history, someone set the ISP account to "ISP does not wish to receive reports regarding http://216.14.208.15/". You would have to log into your ISP account to clear that record and begin getting reports again. Or you can contact deputies[at]spamcop.net and ask them about it. What do we at the 216.14.208.0/20 netblock owners have to do to rectify this? In a quick test, it may only be that 1 IP address not receiveng reports. Of course, if that is your primary mail server, that is bad for example: Parsing input: 216.14.208.1 host 216.14.208.1 (getting name) = router.secureserverdot.com. host 216.14.208.1 = router.secureserverdot.com (cached) No recent reports, no history available Routing details for 216.14.208.1 [refresh/show] Cached whois for 216.14.208.1 : abuse[at]successfulhosting.com Using abuse net on abuse[at]successfulhosting.com abuse net successfulhosting.com = abuse[at]successfulhosting.com Using best contacts abuse[at]successfulhosting.com Statistics: 216.14.208.1 not listed in bl.spamcop.net More Information.. 216.14.208.1 not listed in dnsbl.njabl.org 216.14.208.1 not listed in dnsbl.njabl.org 216.14.208.1 not listed in cbl.abuseat.org 216.14.208.1 not listed in dnsbl.sorbs.net 216.14.208.1 not listed in relays.ordb.org. Reporting addresses: abuse[at]successfulhosting.com Also, how can we at least get the Report History as you've listed it? If oyu are a paid reporter, you get access to the report summary I pasted. You can also post an IP here and someone will usually get it for you. I don't know if you get the same info through an ISP account or not. Will check later (time to go home, sorry). Link to comment Share on other sites More sharing options...
albunix Posted June 28, 2006 Author Share Posted June 28, 2006 Guys, thanks for all your help so far. We are going to follow through with your suggestions. Link to comment Share on other sites More sharing options...
Wazoo Posted June 28, 2006 Share Posted June 28, 2006 please ignore albunix.org domainname, that's not the one I'm requesting help. Only going with where the data you provided leads me .... I understand the part that we're getting summaries only since these are mole reporters. Could you please explain the part that the ISP does not wish to receive reports. What do we at the 216.14.208.0/20 netblock owners have to do to rectify this? Are you the responsible agent/tech/whatever for this block? You never atually stated this, if this is true. If so, follow the links to your ISP Control Center and modify some settings .... ???? If so, can you explain the SenderBase numbers? Also, how can we at least get the Report History as you've listed it? Thanks guys, this is helping out a lot. As stated, this is a 'perk' of a paid reporting (or a SpamCop.net e-mail) account, something I don't even have. Link to comment Share on other sites More sharing options...
Telarin Posted June 28, 2006 Share Posted June 28, 2006 Just wanted to drop a note and say thanks to albunix. Finding ISPs that actually want to fix spam problems on their networks seems to be getting rarer and rarer (I guess as the cost of bandwidth goes down). It is very nice to actually see an admin trying to fix a problem on their network. 216.14.208.15 resolves to mail01.secureserverdot.com, so I'm guessing this (and the other two IPs you listed which resolve to similar names) are your actual SMTP servers and not the IPs of end users. This is going to make tracking down the sources a bit more difficult than "direct-to-MX" spam. To have much success, you are probably going to have to get a couple of complete headers to examine so you can match times and Message IDs to your server logs. Unfortunately for that, noone here can help you. You will have to contact deputies[at]admin.spamcop.net as they are the only people with access to that information from mole reports. Once you get some usable data from them it should be pretty easy for you to track down the source from your logs, but if we can be of any help with anything, I'm sure most of us will be happy to do what we can. Unfortunately, many spamcop users choose to use mole reporting, which while it does let an admin know they have some kind of problem, provides just enough data to make it almost impossible to nail down when you're talking about the volume of email that moves through a production mailserver. Hopefully the deputies can provide you with the information you need to track this back to the offending user and pummel them... or at least get them to fix their compromised PC. Link to comment Share on other sites More sharing options...
albunix Posted June 28, 2006 Author Share Posted June 28, 2006 Only going with where the data you provided leads me .... Are you the responsible agent/tech/whatever for this block? You never atually stated this, if this is true. If so, follow the links to your ISP Control Center and modify some settings .... ???? If so, can you explain the SenderBase numbers? As stated, this is a 'perk' of a paid reporting (or a SpamCop.net e-mail) account, something I don't even have. Wazoo, correct. I'm assisting with finding out why 216.14.208.15 is getting blacklisted and how to prevent it in the future. We are currently looking to see if there is anything wrong with our ISP Control Center that I'm personally not familiar with. We are a hosting company. I'm not sure what needs explaining from the SenderBase numbers. The only thing that I can state is this There is a legit Vol Change vs. Average showing from SenderBase.org site for these two IPs 216.14.208.21 + 216.14.208.23 Why you would ask? Well the moment we started getting blacklisted, we have to route email out. This is done via 'outgoingip' feature of Qmail, which allows relaying out email via a secondary/third IP bound to the mail server. We almost never use these two IP's for our legit mail server mail01.secureserverdot.com It is only during blacklisting period that we implement such. Being that there is almost never any traffic originating from such IPs during the time that our mail server is not blacklisted, you'd see how one can explain the increase in Vol Change vs. Average The reason we're blacklisted could very well be our end user's autoresponders, yet without any form of header checking it is next to impossible to determine. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 28, 2006 Share Posted June 28, 2006 correct. I'm assisting with finding out why 216.14.208.15 is getting blacklisted and how to prevent it in the future. We are currently looking to see if there is anything wrong with our ISP Control Center that I'm personally not familiar with. Login to ISP account...Preferences tab, Report Type selection If you are bothered by reports which reference your network without authorization, you may disable some report types while ensureing that relevant reports still reach you. source (Administrator of network where email originates) Refuse Accept www (Administrator of network hosting website referenced in spam) Refuse Accept email (Administrator of network hosting email address referenced in spam) Refuse Accept relay (Administrator of network with open relays) Refuse Accept notify (User defined recipient) Refuse Accept ns (Name server for spamvertised domain) Refuse Accept intermediary (Administrator interested in intermediary handling of spam) Refuse Accept To possibly find out more information (possibly the type list you were looking for, but maybe not)... Control Center tab, Enter the IP address and Action: Find reports I get the following back for your IP, but it is not my IP range so there may be a differnce: 216.14.208.15 Listed in bl.spamcop.net Most recent spam reported about 5 hours ago Hope this helps some. Link to comment Share on other sites More sharing options...
albunix Posted June 29, 2006 Author Share Posted June 29, 2006 StevenUnderwood + Wazoo + the rest of the crew, thanks for all your kind advice on this issue. We've checked our ISP control panel and there was nothing wrong with it. At this point we've decided to ask deputies at spamcop.net for further assistance. again bless all of you Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 29, 2006 Share Posted June 29, 2006 At this point we've decided to ask deputies at spamcop.net for further assistance. Seems the best choice at this time... please come back and let us know if there was anything more we missed. One note, the deputies had been very busy for a while so providing as much relevant info in the original email will help them understand the problem quickly and get you a quicker answer. Also, if you don't get an answer in a day or 2, try again. Good luck. Link to comment Share on other sites More sharing options...
albunix Posted July 2, 2006 Author Share Posted July 2, 2006 Seems the best choice at this time... please come back and let us know if there was anything more we missed. One note, the deputies had been very busy for a while so providing as much relevant info in the original email will help them understand the problem quickly and get you a quicker answer. Also, if you don't get an answer in a day or 2, try again. Good luck. StevenUnderwood, there was nothing you guys missed for sure We have not gotten any answers from deputies at admin.spamcop.net though we've repeatedly tried to get in touch with them. Also, we left a VM at SpamCop's answering machine In any event, we're storing message subjects, every 15 mins, for our outgoing queue. In the event we would ever get bl'ed again, we would try and match such subjects to the ones that you posted in this thread before. Hopefully we'd get a hit and we would find out the cause. I want to give SpamCop a big heads up. AOL implements what's called a "feedback loop". Basically any complaints within the IP range you register, gets forwarded to the abuse address that one registered at the time of feebackloop creation. Very, very useful They scrub the AOL recipients as to make them into what spamcop refers to "moles" We have had great success with their feedback loop, since we were able to find out and elminiate any spammers, or anyone that was using our servers as a passthrough forward, and who was reporting any email forwarded to such forwards as spam SpamCop must wake up and smell the coffee. Mole reports are good and all, but what about the case where users are simply forwarding their emails and one's servers are used only as passthrough value? The hosting company is definetely not to blame, yet SpamCop makes no effort to either 1)provide the hosting company a way to check if anyone is forwarding emails than reporting them as spam once they receive them on their ISP's account 2)no effort into providing some headers etc, so that our abuse technicians can identify what's happening Hope someone will act upon my suggestions and change the tables around. Link to comment Share on other sites More sharing options...
petzl Posted July 3, 2006 Share Posted July 3, 2006 SpamCop must wake up and smell the coffee. Mole reports are good and all, but what about the case where users are simply forwarding their emails and one's servers are used only as passthrough value? The hosting company is definetely not to blame, yet SpamCop makes no effort to either 1)provide the hosting company a way to check if anyone is forwarding emails than reporting them as spam once they receive them on their ISP's account 2)no effort into providing some headers etc, so that our abuse technicians can identify what's happening Hope someone will act upon my suggestions and change the tables around. 216.14.208.15 is an email server which is improperly configured as it is not stamping the IP source? SpamCop will only list a computer sending spam if that computers IP is not hidden (blocking spam as it is sent not after releasing that IP when spam stops) For an email server to get listed means a lot of spam is being sent from that IP from what I see (I'm only a SC user) Mole reporting only provides statistics and does not count towards blocking, That is unless spam is also hitting SpamCop email traps (which are unguessable they have around 18 alphanumeric tags which is better than bank security of 128bit) No reports are sent when email hits spam traps untill it is listed (your IP has a not to be contacted flag) 216.14.208.15 has ISP does not wish to be contacted this may be a legacy issue which will be corrected if you wish and when SpamCop deputies reply. Monday to Friday is when more deputies are at the wheel and will be able to respond quicker and you should be able to release this if you choose Link to comment Share on other sites More sharing options...
Wazoo Posted July 3, 2006 Share Posted July 3, 2006 I want to give SpamCop a big heads up. AOL implements what's called a "feedback loop". Basically any complaints within the IP range you register, gets forwarded to the abuse address that one registered at the time of feebackloop creation. Very, very useful Once upon a time, all 'evidence' was in fact available, which made it easy for "us" to research things. However, this also made it easy for spammers to game the system, and based on that perspective, more and more data started disappearing from 'public' view .... back to the small handfull (call it three) Depuities trying to handle the characterized 800-1200 e-mails a day ..... SpamCop must wake up and smell the coffee. Mole reports are good and all, but what about the case where users are simply forwarding their emails and one's servers are used only as passthrough value? That would fall under the "bad reporting" parts of the Rules and agreements ... suspensions, fines, and outright bans involved .... see the SpamCop FAQ The hosting company is definetely not to blame, yet SpamCop makes no effort to either 1)provide the hosting company a way to check if anyone is forwarding emails than reporting them as spam once they receive them on their ISP's account see above .... 2)no effort into providing some headers etc, so that our abuse technicians can identify what's happening also see above, see the SpamCop FAQ .... Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 3, 2006 Share Posted July 3, 2006 We have not gotten any answers from deputies at admin.spamcop.net though we've repeatedly tried to get in touch with them. Also, we left a VM at SpamCop's answering machine In any event, we're storing message subjects, every 15 mins, for our outgoing queue. In the event we would ever get bl'ed again, we would try and match such subjects to the ones that you posted in this thread before. Hopefully we'd get a hit and we would find out the cause. I am not a server admin, but it seems as though you could use an existing spam filter to filter your outgoing mail right now. SpamCop must wake up and smell the coffee. Mole reports are good and all, but what about the case where users are simply forwarding their emails and one's servers are used only as passthrough value? The hosting company is definetely not to blame, yet SpamCop makes no effort to either 1)provide the hosting company a way to check if anyone is forwarding emails than reporting them as spam once they receive them on their ISP's account 2)no effort into providing some headers etc, so that our abuse technicians can identify what's happening Hope someone will act upon my suggestions and change the tables around. Again, I am not sure of the terminology, but I think that spamcop already does not allow 1) so if someone were doing that it would be quickly fixed, but you would be getting reports that you could reply to if it were not a mole and was causing the bl listing. For 2) spamcop has to guard against spammers using the info. Unfortunately, since spam traps do not send email, if spam is hitting spam traps only, you won't get reports. Again, if you are suspicious of auto responders, can't you look at the outgoing mail and see who is sending them? Even if you don't have evidence that those emails are causing the bl listing, you can certainly contact the person and explain that they could in the future. Miss Betsy Link to comment Share on other sites More sharing options...
albunix Posted July 18, 2006 Author Share Posted July 18, 2006 StevenUnderwood, Hello again. Is there a way to post in here some of the mole reports that are shown against 216.14.208.15 the last say week or so? We've had one of our mail server temp blacklisted again :-/ and I'd like to try and match up the email headers I've been saving since the last incident against the mole reports. Thanks a bunch. Link to comment Share on other sites More sharing options...
Merlyn Posted July 18, 2006 Share Posted July 18, 2006 Lots of spam! (Remove your spammers!!!!!!!!!!!!!!) These are mole reports (but no listwashing allowed) Submitted: Wednesday, June 28, 2006 2:38:22 PM -0400: Check up: Make other men envy you and girls worship you Most efficient produc... -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 2:38:02 PM -0400: Re: to kiyys -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 11:56:19 AM -0400: lowest prices possible -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:32 AM -0400: RE: yOur pi11z r3quest -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:30 AM -0400: Try 0ur pills. Interesting offers -------------------------------------------------------------------------------- Submitted: Wednesday, June 28, 2006 9:56:29 AM -0400: Y0ur medicine is ready and waiting f0r y0u -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 4:34:33 PM -0400: Your health, night-riding -------------------------------------------------------------------------------- Submitted: Monday, June 26, 2006 3:21:47 PM -0400: <blank subject> Link to comment Share on other sites More sharing options...
Miss Betsy Posted July 18, 2006 Share Posted July 18, 2006 Is there a way to post in here some of the mole reports that are shown against 216.14.208.15 the last say week or so? We've had one of our mail server temp blacklisted again :-/ and I'd like to try and match up the email headers I've been saving since the last incident against the mole reports. There is no way to post mole reports - that's why they are mole reports because nobody can see them. I am not a server admin, but there must be a better way to find a spammer than to wait to be blacklisted. Since 80% of spam nowadays is sent by zombies, perhaps it would be a good idea to look for infected machines. There is another topic I'm at my wits end - keep getting listed where someone else is trying to find the hole in his system. Have you tried all the things he has tried? Miss Betsy Link to comment Share on other sites More sharing options...
albunix Posted July 18, 2006 Author Share Posted July 18, 2006 Merlyn, thanks. I still doubt they are spammers on our system, rather than forwards say joe[at]domainname.com --> forwards to joeblow[at]att.net or smth else In any event, I've started saving the headers from June 30th onward, so anything you posted is not included on those lists. Do you have any headers say from July 2nd onward? Thanks again. Link to comment Share on other sites More sharing options...
Telarin Posted July 18, 2006 Share Posted July 18, 2006 The only way to get actual headers of reported emails is to contact deputies[at]admin.spamcop.net Link to comment Share on other sites More sharing options...
albunix Posted July 18, 2006 Author Share Posted July 18, 2006 Telarin, i meant the mole report "headers" of the following form. Submitted: Monday, June 26, 2006 2:14:50 PM -0400: Red Hot Stock Watch 1813546602 ( 216.14.208.15 ) To: mole[at]devnull.spamcop.net I just need them to be from July 2nd onward date Link to comment Share on other sites More sharing options...
Wazoo Posted July 18, 2006 Share Posted July 18, 2006 Went looking for other possible sources, quit when I hit http://www.dnsstuff.com/tools/ip4r.ch?ip=216.14.208.15 .... blocked by a Chinese anti-spam list .. Wow!! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.