Jump to content
Sign in to follow this  
efa

user damaging spammer provider

Recommended Posts

Hi,

I receive most spam from the same Internet Service Provider.

They are chinanet, cablecom.ch, ip-tel.de, end few other.

For every spam mail, I report to their abuse[at]email.tld, but ofter I got a lot more email immediately after the complaint.

How can a "single user" damage those providers?

Can Spamcop add some new functions to help this pourpose?

Edited by efa

Share this post


Link to post
Share on other sites
Hi,

I receive most spam from the same Internet Service Provider.

They are chinanet, cablecom.ch, ip-tel.de, end few other.

For every spam mail, I report to their abuse[at]email.tld, but ofter I got a lot more email immediately after the complaint.

How can a "single user" damage those providers?

...Simple answer: nothing, unless you have lots of time and money to spare tracking them down and affecting appropriate legal harassment.
Can Spamcop add some new functions to help this pourpose?
...Any suggestions? Bearing in mind that SpamCop's principal purposes are:
  • Identify the source of the spam
  • Populate the SpamCop blacklist based on certain rules involving the frequency of spam from the source (IP address) vs total e-mail seen from that source

Share this post


Link to post
Share on other sites

in particular I receive spam most from that domains:

cablecom.ch (magicsun.net)

tpnet.pl

t-ipnet.de

chello.pl

cnc-noc.net

comcast.net

bluewin.ch

telecomitalia.it

wanadoo.fr

auna.es

rr.com

cert.br

gaoland.net

btbroadband.com

ttnet.net.tr

telefonica.es

Edited by efa

Share this post


Link to post
Share on other sites

You need to use more than SpamCop to put a dent into their business.. Why not try http://www.knujon.com/

I looked for what "knujon" can do for me, but this website is near empy.

They say to send junk mail to them, but what they do then?

Edited by efa

Share this post


Link to post
Share on other sites

There is information provided by posters in this topic post about knujon. Somewhere else said that they go after the businesses - whatever that means.

Responsible ISPs do not allow spammers. Irresponsible ISPs do allow spammers or do not do anything about infected computers. Therefore, the end user/consumer of email services needs to be aware of how content filters and blocklists work so that they can choose the combination that works best for them. IMHO, it is a waste of time to try to 'damage' spammers.

Miss Betsy

Share this post


Link to post
Share on other sites
They say to send junk mail to them, but what they do then?

They shut down >17,000 spamadvertized domains since starting a few month ago. I have 12 reported domains pending shutdown. SpamCop is particularly deficient at affecting those domains and now days simple IP of origin reporting can just be of innocent hijacked computers in a wide network of botnets with several potential replacements. The bottom line is that fighting spammers has to go on all fronts and most of us do not have the time and resources to do it, so we basically need services like these two anti-spam players.

Share this post


Link to post
Share on other sites
They shut down >17,000 spamadvertized domains since starting a few month ago. I have 12 reported domains pending shutdown. SpamCop is particularly deficient at affecting those domains and now days simple IP of origin reporting can just be of innocent hijacked computers in a wide network of botnets with several potential replacements. The bottom line is that fighting spammers has to go on all fronts and most of us do not have the time and resources to do it, so we basically need services like these two anti-spam players.

Their website says that they started since March 2005. Their statistics are indeed very impressive.

May I ask, How many junk mail sites did you manage to shutdown through knujon dra007? Also could you (dra007) please tell when you started reporting email to knujon?

thanks

raju

Share this post


Link to post
Share on other sites

/snp

May I ask, How many junk mail sites did you manage to shutdown through knujon dra007? Also could you (dra007) please tell when you started reporting email to knujon?

thanks

raju

Welcome, I started less than 3 weeks ago, I am showing 12 Pending suspensions, but they only update every 2 weeks or so, so that information may not be current. What is good is that they take the time to report to all kind of law enforcement agencies and forensically determine who is behind the spam. That type of research I am not prepared to spend time and do it on my own.

Dr A.

Edited by dra007

Share this post


Link to post
Share on other sites

I cannot understand what they do receiving spam mail forwarded to 'coldrain'.

How they can shut down the spammer provider?

Share this post


Link to post
Share on other sites

you misunderstood, they shut down the website advertising spam...when the provider is responsive, of course. But they give them a type of evidence that is persuasive, and I suspect they have other means to pressure them.

Edited by dra007

Share this post


Link to post
Share on other sites

you misunderstood, they shut down the webside advertising spam...

so they get shutdown the web site that are spamvertized by the spam coming from every email server?

Share this post


Link to post
Share on other sites

Unless images, most spam e-mail contain a web-site link which advertises and sells a product, say viagra. For the most part such products are either fake, or illegally sold (since they would require a real pharmacy and a prescription), other times the entire web-site is a sham designed to take your money and give you nothing in return. Some type of crime is involved in practically every spam e-mail. That is why spammers take such much trouble to hide their activities and are difficult to track down. They also count on the fact that for every million spams they send there will be an idiot to fall for it and click on their link. When caught spammers are prosecuted, that is why a job like knujon's is necessary, they take the time and invest resources to track spammers down and report their activities to law enforcement agencies, which most of us do for the occasional spam when parsing with SpamCop manually anyhow. Knujon does it for me with every single spam e-mail and thus saves me a lot of time..

Edited by dra007

Share this post


Link to post
Share on other sites

ok, now I understand why they do not need the complete header of the spam.

"Knujon" is not interested where come from the spam, but only to what the spam speak about.

On the other side "Spamcop" is interested mainly from where the spam come from.

The two services work well toghether.

But my problem, as reported on the thread title and in my first post, is that I receive a lot of different spam, and 99% of that come from the same (about) 10 domain.

For every spam I'm asking to the abuse[at]provider to shut down the spammer, but they do not do that.

In other word, the provider "is" the spammer.

I want to damage the provider/domain itself as they spam me.

Is there some thing that an end user like me can do to damage a limited number (10) of domain?

Edited by efa

Share this post


Link to post
Share on other sites

The reasons providers don't respond is 1) they don't care about being listed, they like to make a profit from hosting spammers; 2) your complaints trace to <<innocent>> users on their network whose computer was hijacked by spammers and is used to send spam without their owner's knowledge. There are so many hijacked PCs, a large provider simply cannot clean their entire network of a million users (e.g. comcast). Providers can only discontinue users if they break policies, not for being used unknowingly. If you do a search here you'll find a lot of discussion on black hat ISPs.

Edited by dra007

Share this post


Link to post
Share on other sites

But my problem, as reported on the thread title and in my first post, is that I receive a lot of different spam, and 99% of that come from the same (about) 10 domain.

For every spam I'm asking to the abuse[at]provider to shut down the spammer, but they do not do that.

In other word, the provider "is" the spammer.

All of the outfits on your list are large retail ISPs from around the world. The reason you get spam from these domains is that they have customers who have allowed their computers to be turned into spam-mailing machines, probably through some sort of malware. These customers do not know this is happening. We would all like for these companies to take steps (some of them very simple ones) to stop these 'botnet' computers, but (1) the problem is unimaginably large, and (2) the companies seem to have other priorities besides securing their customers' machines against being used as spam relays.

I want to damage the provider/domain itself as they spam me.

Is there some thing that an end user like me can do to damage a limited number (10) of domain?

Well, 'damage' is a pretty all-embracing term. What kind of damage do you want to do? If you are talking about some kind of network-based attack, I'd advise against it. Even if you could mount an effective attack against such large companies, it would probably be easily traced to you and you would get in big trouble for it. In the process, you might be harming innocent customers of these firms. In any case, I suspect that this forum isn't the place for you to get much advice of this nature.

If you are talking about legal action, then that's OK, but you'd better hire some good lawyers and be prepared to wait for a long time for any good to come of it.

-- rick

Share this post


Link to post
Share on other sites

that cracker ...

they like to crack customer PC of that 10 provider only, just to spam.

And all other 4 Gig provider? How they can keep out the cracker?

Unbelivable, sorry!

I think that those 10 provider, are the only that do very few to keep out the cracker/spammer.

Edited by efa

Share this post


Link to post
Share on other sites

more: a user that let his computer be hijacked by spammers IS punishible as I do not respect the rules of the provider (forbid spamming)

At least a provider must close immediately the "innocent" customer account to stop the illegal action.

Then the customer clear his PC

Then learn how to keep out the cracker (Window Ipdate, Firewall, Antivirus, pass to Mozilla, use Linux, and so on).

Then reopern an account on a provider.

Share this post


Link to post
Share on other sites

You are correct that users who allow their computer to be hijacked are not 'innocent' They may not know that the computer is hijacked, but that makes them ignorant, not innocent.

The reason that internet service providers don't make them clean up their computers is economic. It costs money to get a customer to understand. They also lose money if they shut them down.

And, for server admins who can block those IP addresses, the problem is solved. No one has a problem. The customer doesn't get his computer turned off. The internet service doesn't spend any money. Since only spam comes from those computers, no one's email is blocked. The server admin who does the blocking never sees the spam (and neither do his customers).

The only way to 'damage' the service provider is to block the email servers so that his customers do not get email and complain. The 'sending' end is the only place to stop spam. Unfortunately, too many server admins work for those who think that blocking 'innocent' people is wrong especially if they want the real email. They make the server admin use some other kind of filter to protect them from spam.

Miss Betsy

Share this post


Link to post
Share on other sites

Some good news for those incredulous about knujon reporting...

of some 300 sites I have reported so far 27 are pending suspention and 5 were suspended. I typically get a few hundreds (1-300) spam e-mails a day so some of these sites have been reported >30 times to both SpamCop and Knujon, I rearly mis reporting any spam I get... so despite combining 2 separate reportings, it is still frustratingly slow to close down these imbecils...that term applies to the ISPs that are irresponsible hosting the spammers and uresponsive to our constant requests to stop....

Site Instances First Time Last Time Status

49mag.com 1 3/10/2007 3/10/2007 Suspension Pending

8t1logica.com 1 3/11/2007 3/11/2007 Suspended

aeacqwhinese.com 1 2/23/2007 2/23/2007 Suspension Pending

apowerdrill.com 1 3/4/2007 3/4/2007 Suspension Pending

avoidlesssos.com 4 2/24/2007 2/27/2007 Suspension Pending

bluehornet.com 1 3/4/2007 3/4/2007 Suspended

bobbecklaw.com 1 3/10/2007 3/10/2007 Suspension Pending

buenaspect.com 1 3/12/2007 3/12/2007 Suspended

canbfuntodate.com 13 2/20/2007 2/22/2007 Suspension Pending

ceasarrare.com 11 2/27/2007 3/7/2007 Suspension Pending

chekdutyall.com 2 2/24/2007 2/25/2007 Suspension Pending

domainsymbol.com 1 3/10/2007 3/10/2007 Suspension Pending

dustsalvable.com 1 2/21/2007 2/21/2007 Suspension Pending

fermeryhe.com 1 2/21/2007 2/21/2007 Suspension Pending

fgesy.com 1 2/20/2007 2/20/2007 Suspension Pending

fowostensibly.com 1 2/22/2007 2/22/2007 Suspension Pending

greattablet.com 1 3/5/2007 3/5/2007 Suspension Pending

hooknupforfun.com 65 2/22/2007 3/7/2007 Suspension Pending

hukld.com 3 2/24/2007 2/26/2007 Suspension Pending

isodromegi.com 1 2/21/2007 2/21/2007 Suspension Pending

leovilla.com 1 3/11/2007 3/11/2007 Suspension Pending

moperotes.com 4 2/21/2007 2/22/2007 Suspension Pending

murksomesya.com 2 2/25/2007 2/25/2007 Suspension Pending

nicabnttiinng.com 1 2/23/2007 2/23/2007 Suspension Pending

ordrbnypeepz.com 2 2/26/2007 2/26/2007 Suspension Pending

pebrinegn.com 1 2/23/2007 2/23/2007 Suspension Pending

potwalloppersos.com 7 2/26/2007 2/27/2007 Suspension Pending

pragamondo.com 1 3/12/2007 3/12/2007 Suspended

pretensionssya.com 4 2/27/2007 3/10/2007 Suspension Pending

radoterrure.com 6 2/24/2007 2/27/2007 Suspension Pending

seearborical.com 5 2/25/2007 2/27/2007 Suspension Pending

serabstractedness.com 1 2/21/2007 2/21/2007 Suspension Pending

taolaaa.com 2 2/24/2007 2/24/2007 Suspension Pending

thebatrack.com 1 3/11/2007 3/11/2007 Suspended

tolnewz.com 1 2/22/2007 2/22/2007 Suspension Pending

topilljudged.com 3 2/21/2007 2/21/2007 Suspension Pending

werpainting.com 2 2/28/2007 2/28/2007 Suspension Pending

It is interesting that some sites were shut down after a single report..

Edited by dra007

Share this post


Link to post
Share on other sites

It is interesting that some sites were shut down after a single report..

It's likely that there were reports of these sites from other users. The KnuJon reports only shows the number reported by you.

Share this post


Link to post
Share on other sites

The reasons providers don't respond is 1) they don't care about being listed, they like to make a profit from hosting spammers; 2) your complaints trace to <<innocent>> users on their network whose computer was hijacked by spammers and is used to send spam without their owner's knowledge. There are so many hijacked PCs, a large provider simply cannot clean their entire network of a million users (e.g. comcast). Providers can only discontinue users if they break policies, not for being used unknowingly. If you do a search here you'll find a lot of discussion on black hat ISPs.

Just one note of some interest. I once made a mistake and reported a spam wrongly. Basically a copy of a spam that identified my PC as the source.

I use Road Runner (rr.com). I received a message from them saying that my PC was possibly infected and sending spam. After checking everything and finding nothing, I suspected what had happened and asked them to copy me on the spam, which which they did, confirming what had happened.

The point is, while I don't normally receive much spam tracing to rr.com, the one time I did report, wrongly, such spam they did followup, which I know because I was the source and the reporter at the same time.

Perhaps though, they do no more than send out such notices. I could repeat the process and see how many reports it would take to get taken off their service, but I don't think I will.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×