Jump to content
Sign in to follow this  
Keithj

RANT - Spammers who get past Spamcop

Recommended Posts

I submitted to the inevitable, and I now have two Spamcop accounts. One is for those e-mail addresses that are flooded with spam. I don't even look at the held mail - just delete the lot. Like, hundreds a day.

The other is for "personal" stuff where I do check the heldmail.

So far, so good. That works well, on the whole, for someone who deals with mail to a long list of addresses.

However, more and more spam is getting through. Every one of those gets reported, of course.

I notice that it's the same half dozen or so ISPs that are the source of the majority of this "untrapped" spam. Here's an example: http://www.spamcop.net/sc?id=z1192626936zd...2a73fd69a0f3d7z

Is there a reason why some ISPs don't get Spamcop-blacklisted? Particularly, for example:

t-ipnet.de

comcast.net

ttnet.net.tr

kornet.net

Those must send me 100 spams each, most days, and yet they often "leak" through.

There, I feel better already.

Share this post


Link to post
Share on other sites

Is there a reason why some ISPs don't get Spamcop-blacklisted? Particularly, for example:

t-ipnet.de

comcast.net

ttnet.net.tr

kornet.net

Those must send me 100 spams each, most days, and yet they often "leak" through.

There, I feel better already.

First, I don't get many past the SpamCop filters, but it seems my situation is not that same as other users.

Now, when you report, pay attention to the DNS name for the IP address you are reporting. I'm will int to bet that mast of them are not the mail servers for their domains, but the IP addresses assigned to the customers of those ISP's. I'm sure that is what you will find with the comcast reports.

What is happening is that end user machines are infected with viruses or spyware that make them available to the spammers to send their junk. There are so many of these machines that though you report every one, it is likely you have never received a message from the same address twice. Only multiple reports against the same IP address will get an address listed, not against the ISP.

Share this post


Link to post
Share on other sites

I'm will int to bet that mast of them are not the mail servers for their domains, but the IP addresses assigned to the customers of those ISP's.

Does anyone know of any way to find the mail servers for those ISP's and the ranges for their customers' use? Or any other ISP's? For me, wanadoo.fr is a particular annoyance.

I would like to blacklist the customers' addresses, but not their mail servers. Right now I'm sorting the spamming addresses and looking for patterns in ranges. I know I could use nmap and scan huge blocks, but I'd rather not be contributing to the problems out there.

It would be most helpful if the various ISP's listed this information on their website.

Share this post


Link to post
Share on other sites

I moderate a Forum that uses phpBB, and we have a very long list of IP addresses (and a shorter list of ISPs) that we block. It's a never-ending task, because although the problems come from a very few countries/ISPs, they seem able to "acquire" another block of IP addresses every so often. I probably block three or four IP ranges (not individual addresses) a day.

And still we get the marital aids postings, cheap watches, and all the rest.

Share this post


Link to post
Share on other sites

I moderate a Forum that uses phpBB, and we have a very long list of IP addresses (and a shorter list of ISPs) that we block. It's a never-ending task, because although the problems come from a very few countries/ISPs, they seem able to "acquire" another block of IP addresses every so often. I probably block three or four IP ranges (not individual addresses) a day.

Forum spam is best deal with by other means - SpamHuntress has a good list of links on this.

Getting back OT though, it appears that pre-emptive blocking of IP addresses not registered as legitimate mail servers may become necessary and this is the approach being taken by Spamhaus' PBL list.

Share this post


Link to post
Share on other sites

Getting back OT though, it appears that pre-emptive blocking of IP addresses not registered as legitimate mail servers may become necessary and this is the approach being taken by Spamhaus' PBL list.

Thanks! I'll give the pbl.spamhaus.org list a shot today and see how it does.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×