elind Posted February 3, 2007 Share Posted February 3, 2007 One of my email addresses gets several ads from "Intelliwerks" daily. The ads are for services and products that sound legitimate, and may be, but the sender has no email contact information, no phone, just a PO box in Washington and, most importantly, ignores all requests to REMOVE. Date: Wed, 31 Jan 2007 10:51:43 -0600 From: MerchantAccounts <MerchantAccounts[at]intwmailwwlm.com> Subject: Accept electronic payments. Open a merchant account. To: Errors-to: errors[at]intwmailwwlm.com Reply-to: return215390429[at]intwmailwwlm.com snip You received this message because you are subscribed to Intelliwerks. To remove yourself from this service and stop receiving email messages from Intelliwerks, go to http://www.intwmailwwlm.com/us or go <a href="http://www.intwmailwwlm.com/us">here</a>. To read our privacy policy, go to http://www.intwmailwwlm.com/pp or go <a href="http://www.intwmailwwlm.com/pp">here</a>. Please mail comments about this message to Intelliwerks, 244 Madison Avenue #266, New York, NY 10016. I think it's a spammer pretending to be legit, while selling legit ad space to legit, if somewhat borderline, businesses. I've reported them to UCE.GOV and via spamcop many times, but to no avail. Spamcop traces the sender to pccwglobal.com. Chinese of course, but it's always the same and they obviously have no fear of being identified. How about copying everyone in Washington who voted for Can-spam? Can anyone dig deeper and figure out who this really is? Link to comment Share on other sites More sharing options...
Wazoo Posted February 4, 2007 Share Posted February 4, 2007 Nothing of value offered as to the source of the spam. Hint: Tracking URL Google has crap galore on the 'business name' invoked. Busy folks, for sure. The "unsubscribe" crap ... amazing ... focus on just the 'us' site; 02/04/07 02:29:34 Slow traceroute www.intwmailwwlm.com Trace www.intwmailwwlm.com (209.9.177.248) ... 208.174.224.6 RTT: 21ms TTL: 48 (beyond-the-network.ChicagoEquinix.savvis.net ok) 63.218.90.49 RTT: 86ms TTL: 48 (pos4-0.cr01.lax03.pccwbtn.net bogus rDNS: host not found [authoritative]) 63.218.91.122 RTT: 72ms TTL: 48 (sphereinteractive.ge1-1.12.cr01.lax03.pccwbtn.net bogus rDNS: host not found [authoritative]) 209.9.177.248 RTT: 75ms TTL:240 (www.intwmailwwlm.com ok) 02/04/07 02:30:48 IP block 209.9.177.248 Trying 209.9.177.248 at ARIN Trying 209.9.177 at ARIN OrgName: Beyond The Network America, Inc. OrgID: BNA-42 Address: 520 Herndon Parkway Address: Suite E City: Herndon StateProv: VA PostalCode: 20170 Country: US OrgNOCHandle: NOC1582-ARIN OrgNOCName: NOC OrgNOCPhone: +1-703-621-1637 OrgNOCEmail: supportamerica[at]btnaccess.com OrgTechHandle: JKI101-ARIN OrgTechName: Kim, Joon OrgTechPhone: +1-703-621-3974 OrgTechEmail: jkim[at]pccwglobal.com 02/04/07 02:18:12 Browsing http://www.intwmailwwlm.com/us/ Fetching http://www.intwmailwwlm.com/us/ ... GET /us/ HTTP/1.1 Host: www.intwmailwwlm.com HTTP/1.1 302 Found Date: Sun, 04 Feb 2007 08:18:15 GMT Server: Apache Location: http://216.83.155.135/listmanager/unsubscribe.html?lid=277 02/04/07 02:19:22 Browsing http://216.83.155.135/listmanager/unsubscribe.html Fetching http://216.83.155.135/listmanager/unsubscribe.html ... GET /listmanager/unsubscribe.html HTTP/1.1 Host: 216.83.155.135 HTTP/1.1 200 OK Date: Sun, 04 Feb 2007 08:25:49 GMT Server: Apache/2.2.3 (Debian) mod_jk/1.2.18 <form id="unsubscribeForm" name="null" method="post" action="unsubscribe.html"> 02/04/07 02:20:48 Browsing http://216.83.155.135/listmanager/ Fetching http://216.83.155.135/listmanager/ ... GET /listmanager/ HTTP/1.1 Host: 216.83.155.135 HTTP/1.1 302 Moved Temporarily Date: Sun, 04 Feb 2007 08:27:15 GMT Server: Apache/2.2.3 (Debian) mod_jk/1.2.18 Last-Modified: Sun, 04 Feb 2007 08:27:15 GMT Location: http://216.83.155.135/listmanager/start.ht...F9B48F12D9E6F22 02/04/07 02:21:25 Browsing http://216.83.155.135/ Fetching http://216.83.155.135/ ... GET / HTTP/1.1 Host: 216.83.155.135 HTTP/1.1 200 OK Date: Sun, 04 Feb 2007 08:27:52 GMT Server: Apache/2.2.3 (Debian) mod_jk/1.2.18 <p id="congrats">If you're seeing this page via a web browser, it means you've setup Tomcat successfully. Congratulations!</p> If you're seeing this page, and you don't think you should be, then either you're either a user who has arrived at new installation of Tomcat, or you're an administrator who hasn't got his/her setup quite right. 02/04/07 02:23:14 Slow traceroute 216.83.155.135 Trace 216.83.155.135 ... 12.127.106.106 RTT: 47ms TTL: 48 (No rDNS) 216.83.133.31 RTT: 46ms TTL: 48 (0-0-0.bdr2.fbp.ore.fiber.net ok) * * * failed * * * failed * * * failed 02/04/07 02:24:07 IP block 216.83.155.135 Trying 216.83.155.135 at ARIN Trying 216.83.155 at ARIN OrgName: Fibernet Corporation OrgID: FIBE Address: 1455 S State Suite G City: Orem StateProv: UT PostalCode: 84097 Country: US NetRange: 216.83.128.0 - 216.83.159.255 CIDR: 216.83.128.0/19 NetName: FIBERNET-216-83-BLK-1 NetHandle: NET-216-83-128-0-1 Parent: NET-216-0-0-0-0 NetType: Direct Allocation NameServer: NS1.FIBER.NET NameServer: NS2.FIBER.NET NameServer: NS3.FIBER.NET RAbuseHandle: FIBER2-ARIN RAbuseName: Fibernet Abuse RAbusePhone: +1-866-223-9576 RAbuseEmail: abuse[at]fiber.net Link to comment Share on other sites More sharing options...
elind Posted February 5, 2007 Author Share Posted February 5, 2007 Nothing of value offered as to the source of the spam. Hint: Tracking URL Google has crap galore on the 'business name' invoked. Busy folks, for sure. The "unsubscribe" crap ... amazing ... focus on just the 'us' site; Thanks. I found most of that, but maybe after snail mail to their Washington address and their last 20 emails to uce.gov, and leaving a pointed voice mail message at their LA address (as in whois) and copying jkim[at]pccwglobal on all of them, and advising some of their advertisers of the issue, someone may have gotten the message. No more the last two days. Watch this space. Now to tell my Congressman what a farce Canspam was. Link to comment Share on other sites More sharing options...
Miss Betsy Posted February 5, 2007 Share Posted February 5, 2007 Good for you! There is nothing like being thorough! I hope they really got the message and are rethinking their business strategy rather than listwashing you. Miss Betsy Link to comment Share on other sites More sharing options...
remay Posted May 6, 2007 Share Posted May 6, 2007 Nothing of value offered as to the source of the spam. Hint: Tracking URL Google has crap galore on the 'business name' invoked. Busy folks, for sure. The "unsubscribe" crap ... amazing ... focus on just the 'us' site; I was wondering if you could share some thoughts on the best/most effective way to report this spammer's intwm40.com and intwmailsc.com domains to get them shut down. I have reported well over 100 of their emails via spamcop and maybe 70-80 by direct email 1-3 times daily over the last several months In addtion to jkim[at]pccwglobal.com via spamcop, emails have been sent to: abuse[at]pccwglobal.com, abuse[at]pccwbtn.net postmaster[at]pccwglobal.com, supportamerica[at]btnaccess.com I have also reported the advertiser URL(s) that are eventually re-directed to from the spammers website, with no apparent effect. Here is a recent report: spamcop.net/sc?id=z1295332933za51cd62710a839f93fc63cef2d2726c1z Moderator edit to fix quoting Link to comment Share on other sites More sharing options...
Miss Betsy Posted May 6, 2007 Share Posted May 6, 2007 elind says two posts back: "I found most of that, but maybe after snail mail to their Washington address and their last 20 emails to uce.gov, and leaving a pointed voice mail message at their LA address (as in whois) and copying jkim[at]pccwglobal on all of them, and advising some of their advertisers of the issue, someone may have gotten the message. No more the last two days. Watch this space." Perhaps the snail mail address is farther back than that. There was a lot of information in one post. Miss Betsy Link to comment Share on other sites More sharing options...
rconner Posted May 7, 2007 Share Posted May 7, 2007 I was wondering if you could share some thoughts on the best/most effective way to report this spammer's intwm40.com and intwmailsc.com domains to get them shut down. I have reported well over 100 of their emails via spamcop and maybe 70-80 by direct email 1-3 times daily over the last several months This looks like yet another revival of "mainsleaze" spam, which was greatly curtailed (as far as I could see) by CAN spam, but which occasionally pops up for a short stay. Beyond reporting to the hosting providers for these websites (as you seem to have done), there's one more step you can take: reporting to the domain registrar. The registrar can, if he wlll, nuke the domain completely and for good by removing it from DNS. However, getting registrars to do this can be very difficult, since most of them stay out of the spam wars and simply disclaim any responsibility for the activities of their registrants. Some (like my own registrar gkg.net) have extraordinarily white hats, while others (like the infamous Joker) do not give a rat's patoot, and still others (like the ubiquitous Beijing Innovative) seem to actively solicit the business of spammers. Normally I don't consider reporting to the domain registrar to be very worthwhile for the typical spam domain, which has a mean lifetime far shorter than a slice of real spam left out in the sun. Probably by the time anyone got around to acting on your report, the spammers would have abandoned the domain anyway, and so would not be hurt. However, since these characters seem to have been using these domains for quite awhile, they are good candidates for domain registrar reporting. Anyway, here's the domain-whois info for intwmailsc.com (and intwm40.com, which returns the same info as far as I can see): Domain Name: INTWMAILSC.COM Registrar: DOMAIN CONTENDER, LLC Whois Server: whois.domaincontender.com Referral URL: http://www.domaincontender.com Name Server: NS1.INTWM1.COM Name Server: NS2.INTWM1.COM Status: clientTransferProhibited Status: clientUpdateProhibited Updated Date: 11-oct-2006 Creation Date: 21-sep-2006 Expiration Date: 21-sep-2007 >>> Last update of whois database: Mon, 07 May 2007 01:27:01 UTC <<< ...snip legal boilerplate... Registrant: Intelliwerks, Inc. 404 S Figeuroa St Suite 604 Los Angeles, CA 90047 US (915) 200-4359 Domain Name: INTWMAILSC.COM Administrative Contact: Administrator, Intelliwerks noc[at]intwmailjj.com 404 S Figeuroa St Suite 604 Los Angeles, CA 90047 US (915) 200-4359 Technical Contact: Administrator, Intelliwerks noc[at]intwmailjj.com 404 S Figeuroa St Suite 604 Los Angeles, CA 90047 US (915) 200-4359 Record expires on 09-21-2007 Record created on 09-21-2006 Domain servers in listed order: NS1.INTWM1.COM 209.150.79.19 NS2.INTWM1.COM 209.150.79.20 Suggest you check at the registrar's website http://www.domaincontender.com/ to see whether they have policies regarding promotion via unsolicited mail of domains registered by them, and what their procedure may be for reporting such abuse (e.g., web form, "abuse[at]" address, etc.). Then, follow this procedure and report the abuse of the domain under their TOS, providing samples the spam as you would for a hosting complaint. Do not get your hopes up, however. By the way, I would not bother contacting the registrant contacts (administrative or technical) since they seem to be the spammers in this case. -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.