Jump to content
Sign in to follow this  
Lking

Spam reports bouncing (550)

Recommended Posts

Reporting of a "Alert Regarding Your Paypal Account" phishing trip worked just fine. But of course the host doesn't care and has a false or closed complaint email so the 550 bounced back through SC to me.

The original message was received at Mon, 5 Mar 2007 04:06:20 +0800

from [172.26.16.23]

----- The following addresses had permanent fatal errors -----

<antispam[at]antispam.chtd.com.tw>

(reason: 550 Host unknown)

----- Transcript of session follows -----

550 5.1.2 <antispam[at]antispam.chtd.com.tw>... Host unknown (Name server: antispam.chtd.com.tw: host not found)

Tracking URL

So does SC need/want help updating their list of reporting addresses?

If so how?

Lou

Edited by Lking

Share this post


Link to post
Share on other sites
So does SC need/want help updating their list of reporting addresses?

If so how?

One source of data is at SpamCop Newsgroups ..... specifically the 'routing' newsgroup .. though noting that the complaints are that it desn't really seem like the Deputies have much time allowed to get in there and respond, though some issues do get handled ....

On the other hand, looking at your Tracking URL, it isn't clear where this address came from at present .... it's not listed in the parse results showing now ....

Reports regarding this spam have already been sent:

Re: 125.224.197.162 (Administrator of network where email originates)

Reportid: 2180372751 To: spam[at]ms1.hinet.net

If reported today, reports would be sent to:

Re: 125.224.197.162 (Administrator of network where email originates)

spam[at]ms1.hinet.net

Re: http://203.101.90.140/www.paypal.com/webscr_cmd... (Administrator of network hosting website referenced in spam)

techsupport[at]bhartibroadband.com

postmaster[at]bhartibroadband.com

even after a refresh ....

Removing old cache entries.

Tracking details

Routing details for 125.224.197.162

[refresh/show] Cached whois for 125.224.197.162 : network-adm[at]hinet.net network-center[at]hinet.net

Using abuse net on network-adm[at]hinet.net

abuse net hinet.net = spam[at]ms1.hinet.net

Using best contacts spam[at]ms1.hinet.net

Removing old cache entries.

Tracking details

Routing details for 203.101.90.140

[refresh/show] Cached whois for 203.101.90.140 : techsupport[at]bharti.com

Using abuse net on techsupport[at]bharti.com

abuse net bharti.com = postmaster[at]bharti.com, helpdesk.network[at]bharti.com

Using best contacts postmaster[at]bharti.com helpdesk.network[at]bharti.com

03/04/07 15:38:38 Slow traceroute antispam.chtd.com.tw

Trace antispam.chtd.com.tw failed, no such host

03/04/07 15:38:10 Slow traceroute chtd.com.tw

Trace chtd.com.tw failed, no such host

Share this post


Link to post
Share on other sites
On the other hand, looking at your Tracking URL, it isn't clear where this address came from at present .... it's not listed in the parse results showing now ....

Yes Waz, I noticed that also when I was posting. However, when dubble checking that is the correct tracking URL.

Header from the tracking URL

Message-ID: <6Vg7________L-lb[at]cpanel.error>

From: "paypal_notify[at]12901.com" <paypal_notify[at]12901.com>

To: <x>

Subject: Alert Regarding Your Paypal Account

Date: Sun, 04 Mar 2007 04:48:46 -0800

MIME-Version: 1.0

Content-Type: multipart/alternative; boundary="--WUVITZ13743"

and from the 550 message

Message-ID: 6Vg75I-tCYBqL-lb[at]cpanel.error

From: `paypal_notify[at]12901.com` paypal_notify[at]12901.com

To: <xx>

Subject: Alert Regarding Your Paypal Account

Date: Sun, 04 Mar 2007 04:48:46 -0800

MIME-Version: 1.0

Content-Type: multipart/alter

What can I say?

Lou

Share this post


Link to post
Share on other sites

Wazoo,

Thanks for the reference. We will see if anyone follows up on this.

Now we are noticing some dropped quick/submit reports. they don't show up in the "past reports" but in one case I know it got out and past my ISP.

Quick scenario, sent a "quick" report on some SW spam with a CC: to Microsoft and also sent a "Submit" on some Pump&dump spam that I wanted to send a copy to Pinksheet (see other threads).

I was waiting for the "Submit" to show up ---- then I got the canned response for MS in response to the CC:, but nothing in the past reports. Then a later quick report showed up in the past reports list.

I think the stock spam got blocked by my ISP but I know the SW spam report got out to MS but seems to have gotten lost on the way to or by SC.

This is the first time I've seen this happen with a trail.

Lou

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×