StevenUnderwood Posted June 4, 2008 Share Posted June 4, 2008 Okay, fair enough. Just it would be nice if someone could help me resolve the issue. But there is nobody HERE with any power to resolve the issue. SpamCop is completely unrelated to SORBS. Link to comment Share on other sites More sharing options...
JohnMT Posted June 4, 2008 Share Posted June 4, 2008 Thank you - I will investigate this. Customers found abusing my network are terminated. That's good to hear. I'm still concerned though about the amount of email that's coming into my servers to addresses that haven't existed there for years, from IPs throughout your two subnets. I dug a little deeper and it looks like there is at least one other subnet (64.191.122.0/24) sending the same messages (from multiple IPs through out the subnet) and about 90% of them from that 2nd subnet are to addresses that no longer exist also. The only difference I can see is the unsubscribe URL and Confirm Subscription URL is either youcandoitto.info/(some identifier) or plrbooks.com/(some identifier), and the URLs for 'more info' are usually one of those two domains too which redirect to various other "make money quick" sites, most of which (the one's that aren't hosted on your own server) are hosted on the IP 64.202.189.170 (a godaddy IP it seems). Do you have one particular customer that has been assigned to send mail out of most of both of your /24s? It seems a little strange that out of both of your /24s very similar "confirm" messages with "More information" links that redirect to make money quick sites hosted at the same place are being sent. This is odd considering (how I understood it anyway) you have many customers, and each IP (with the host being customername.static.mail.stressfreetechnologies.com) was a separate customer, yet they all are sending the same type of message, advertising the same type of product, hosted on the same server at godaddy it appears. These "confirm your subscription" messages are a little concerning as well. While on the surface it may look like you are trying to do a double opt-in mailing list, they are being sent to people who couldn't have possibly opted in since their accounts haven't existed for years... so what 'subscribed' them? Are they subscribed from a purchased list, and the "confirm" email is trying to clean up the list a bit? There also seems to be some issue with how your mail servers are set up. They are not always following the MX server order specified for the domain you are delivering to (sometimes bypassing the first few listed, and going directly to the last it seems). Your mail servers are also occasionally not waiting for the greeting message from the receiving server before dumping data, which is generally considered bad behavior by a mail server. Anyway, those are a few concerns I had. Link to comment Share on other sites More sharing options...
Telarin Posted June 4, 2008 Share Posted June 4, 2008 If you read his first post, only the 216.224.234.0/24 block is his, the others are simply nearby blocks belonging to his ISP that are having a similar problem with an incorrect DUHL listing. Link to comment Share on other sites More sharing options...
JohnMT Posted June 4, 2008 Share Posted June 4, 2008 If you read his first post, only the 216.224.234.0/24 block is his, the others are simply nearby blocks belonging to his ISP that are having a similar problem with an incorrect DUHL listing. The 2nd subnet I was referring to is the 64.191.122.0/24 (not the two 216.224.233.0/24 & 216.224.235.0/24 subnets which don't belong to him) So the two that are sending mail for "stressfreetechnologies.com" and "stressfreecontact.com" are 64.191.122.0/24 and 216.224.234.0/24 Both are registered to Stress-Free Technologies, LLC (as is a smaller /29 that I haven't looked into yet). Sorry if there was any confusion caused by my previous post. Link to comment Share on other sites More sharing options...
Merlyn Posted June 4, 2008 Share Posted June 4, 2008 http://groups.google.com/group/news.admin....ba7dd056f347b2b Interesting Link to comment Share on other sites More sharing options...
tarabyte Posted June 4, 2008 Author Share Posted June 4, 2008 If you read his first post, only the 216.224.234.0/24 block is his, the others are simply nearby blocks belonging to his ISP that are having a similar problem with an incorrect DUHL listing. I'm female. Link to comment Share on other sites More sharing options...
tarabyte Posted June 4, 2008 Author Share Posted June 4, 2008 The 2nd subnet I was referring to is the 64.191.122.0/24 (not the two 216.224.233.0/24 & 216.224.235.0/24 subnets which don't belong to him) So the two that are sending mail for "stressfreetechnologies.com" and "stressfreecontact.com" are 64.191.122.0/24 and 216.224.234.0/24 Both are registered to Stress-Free Technologies, LLC (as is a smaller /29 that I haven't looked into yet). Sorry if there was any confusion caused by my previous post. John, Thank you very much for clarifying for everyone. Best, Tara Link to comment Share on other sites More sharing options...
tarabyte Posted June 4, 2008 Author Share Posted June 4, 2008 That's good to hear. I'm still concerned though about the amount of email that's coming into my servers to addresses that haven't existed there for years, from IPs throughout your two subnets. Okay. Do you have one particular customer that has been assigned to send mail out of most of both of your /24s? It seems a little strange that out of both of your /24s very similar "confirm" messages with "More information" links that redirect to make money quick sites hosted at the same place are being sent. This is odd considering (how I understood it anyway) you have many customers, and each IP (with the host being customername.static.mail.stressfreetechnologies.com) was a separate customer, yet they all are sending the same type of message, advertising the same type of product, hosted on the same server at godaddy it appears. Out of the 200+ active customers we have, a fair percentage of them are members of the same "bizopp" group. Some of those customers buy accounts for their downline. So many of them send out the same promotions to their lists. These "confirm your subscription" messages are a little concerning as well. While on the surface it may look like you are trying to do a double opt-in mailing list, they are being sent to people who couldn't have possibly opted in since their accounts haven't existed for years... so what 'subscribed' them? Are they subscribed from a purchased list, and the "confirm" email is trying to clean up the list a bit? When customers import their list, the confirm message is added to their campaign. When they send out to that list of subscribers, the subscriber has to confirm to keep receiving information. This way, the list gets re-confirmed, and anyone who doesn't really want the messages gets purged. By doing this, we are following Spamhaus' good practice policies of "confirmed opt-in". There also seems to be some issue with how your mail servers are set up. They are not always following the MX server order specified for the domain you are delivering to (sometimes bypassing the first few listed, and going directly to the last it seems). Your mail servers are also occasionally not waiting for the greeting message from the receiving server before dumping data, which is generally considered bad behavior by a mail server. We're using postfix. So I'm not sure why it wouldn't be waiting for the greeting. If you know of a specific configuration option we can add to postfix which will fix the issue, let me know. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 5, 2008 Share Posted June 5, 2008 When customers import their list, the confirm message is added to their campaign. When they send out to that list of subscribers, the subscriber has to confirm to keep receiving information. This way, the list gets re-confirmed, and anyone who doesn't really want the messages gets purged. By doing this, we are following Spamhaus' good practice policies of "confirmed opt-in".I don't quite agree with your interpretation of SpamHaus' recommendation. For the user subscribing to a list, COI is as simple as replying to an automated confirmation e-mail or clicking a link in an automated confirmation e-mail. The confirmation should come as a direct result of making the request, ie user clicks a link, user receives "automated confirmation e-mail", user confirms acceptance and that the address is theirs to use, you add address to list to receive message. Your statement "confirm message is added to their campaign" makes it sound like the ad is attached to the confirmation message you are trying to send. Remove the ad from the first message in order to confirm the list and you would be better off in many (not all) eyes. Until you have that recorded confirmation, the address is NOT COI, especially if it is being imported by your customer. Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 I don't quite agree with your interpretation of SpamHaus' recommendation. Okay, well then we can agree to disagree. The confirmation should come as a direct result of making the request, ie user clicks a link, user receives "automated confirmation e-mail", user confirms acceptance and that the address is theirs to use, you add address to list to receive message. Your statement "confirm message is added to their campaign" makes it sound like the ad is attached to the confirmation message you are trying to send. Remove the ad from the first message in order to confirm the list and you would be better off in many (not all) eyes. Until you have that recorded confirmation, the address is NOT COI, especially if it is being imported by your customer. We've been operating for the better part of a year without any major problems. And this is with sending very high volumes of email (about 3.5 million per day at this time). The only issue we've had with blacklisting thus far is buying this new IP block that was already listed on SORBS DUHL. Getting removed from the SORBS DUHL has proven to be far more frustrating than it should be. Whether or not you agree with our business model, and whether or not you think our customers are spamming, the fact remains that the IPs in question are static, and the list in question is only meant for listing dynamic IPs. I know that I got off on the wrong foot with Mat by virtue of having my staff submit so many tickets, but now that he understand the situation he should just drop the listings and call it a day. Incidentally, if you or anyone else here ever believe that a customer of ours is spamming, you can certainly report it to SpamCop or simply send an email to our abuse department at abuse[at]stressfreetechnologies.com. Either way the issue will be dealt with promptly. Regards, - Tara Link to comment Share on other sites More sharing options...
caryh Posted June 5, 2008 Share Posted June 5, 2008 When customers import their list, the confirm message is added to their campaign. When they send out to that list of subscribers, the subscriber has to confirm to keep receiving information. This way, the list gets re-confirmed, and anyone who doesn't really want the messages gets purged. By doing this, we are following Spamhaus' good practice policies of "confirmed opt-in". Adding your confirmation messages to the advertising is NOT following Spamhaus's good practice list. In fact it is called list washing and spamming at the same time. Hit a Spamhaus trap and I'm very sure you're going to end up listed in Spamhaus until that practice changes. Quote from Spamhaus What is "confirmed opt-in"? Confirmed opt-in (COI) is a process by which a bulk email marketer automatically verifies that an opt-in request did in fact come from the email address owner and was therefore not spoofed, mistakenly or fraudulently subscribed. COI is the only legitimate way of operating a mailing list. end quote In your process, you've already delivered the payload. Spamming has occurred every time you send these advertisements, regardless if you're using them to confirm an address is legit. The confirmation must be done before your customer's payload is sent or you ARE sending spam through your server. There are even some who will argue running confirmations without the payload on an imported list is spam. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 5, 2008 Share Posted June 5, 2008 Incidentally, if you or anyone else here ever believe that a customer of ours is spamming, you can certainly report it to SpamCop or simply send an email to our abuse department at abuse[at]stressfreetechnologies.com. Either way the issue will be dealt with promptly. Then please turn back on reporting for your IP ranges. 64.191.122.0/24 will send no reports, 216.224.234.0/24 will send only to liquidcomputer.com due to your settings. You may be better off contacting the deputies here to address that issue. Reports routes for 64.191.122.10: routeid:40287471 64.191.122.0 - 64.191.122.255 to:abuse[at]stressfreetechnologies.com Administrator found from whois records Reports disabled for abuse[at]stressfreetechnologies.com Using abuse#stressfreetechnologies.com[at]devnull.spamcop.net for statistical tracking. Reports routes for 216.224.234.10: routeid:39692012 216.224.234.0 - 216.224.234.255 to:abuse[at]stressfreetechnologies.com Administrator found from whois records routeid:39692013 216.224.234.0 - 216.224.234.255 to:abuse[at]liquidcomputer.com Administrator found from whois records Using best contacts abuse[at]liquidcomputer.com abuse[at]stressfreetechnologies.com Reports disabled for abuse[at]stressfreetechnologies.com Using abuse#stressfreetechnologies.com[at]devnull.spamcop.net for statistical tracking. Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 Then please turn back on reporting for your IP ranges. 64.191.122.0/24 will send no reports, 216.224.234.0/24 will send only to liquidcomputer.com due to your settings. You may be better off contacting the deputies here to address that issue. I didn't turn off reporting, so if reporting has been turned off it is only because someone here is reacting strongly to this particular thread and is apparently in the position to drop me from the reporting tool. Using best contacts abuse[at]liquidcomputer.com abuse[at]stressfreetechnologies.com Reports disabled for abuse[at]stressfreetechnologies.com Using abuse#stressfreetechnologies.com[at]devnull.spamcop.net for statistical tracking. I'd appreciate it if whomever blocked my address from receiving reports would kindly unblock it. It makes it much easier to deal with any spam problems that may arise. Any reports generated result in immediate, permanent removal of the subscribers' address from all servers on our network, and it also serve as evidence for us to terminate any user's accounts who are found abusing the system. I can't resolve issues caused by my customers if I don't know about them, and the only thing my ISP can do about it is forward the reports to me. It seems rather malicious of whomever did this to have removed me from the reporting loop. In your process, you've already delivered the payload. Spamming has occurred every time you send these advertisements, regardless if you're using them to confirm an address is legit. The confirmation must be done before your customer's payload is sent or you ARE sending spam through your server. There are even some who will argue running confirmations without the payload on an imported list is spam. Payload is a term referring to computer viruses and adware. I have nothing whatsoever to do with that. If the way confirmation works on my system ever becomes an issue, I will change my software accordingly. - Tara Moderator edit: excessive vertical whitespace removed. Excessive and un-needed quoted material edited out/away. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 5, 2008 Share Posted June 5, 2008 I didn't turn off reporting, so if reporting has been turned off it is only because someone here is reacting strongly to this particular thread and is apparently in the position to drop me from the reporting tool. I'd appreciate it if whomever blocked my address from receiving reports would kindly unblock it. It makes it much easier to deal with any spam problems that may arise. Any reports generated result in immediate, permanent removal of the subscribers' address from all servers on our network, and it also serve as evidence for us to terminate any user's accounts who are found abusing the system. I can't resolve issues caused by my customers if I don't know about them, and the only thing my ISP can do about it is forward the reports to me. So it is rather malicious of whomever did this to have removed me from the reporting loop, and I question their motives. Tara: The only people who could have turned off your account are someone hwo setup an ISP account from your domain (http://www.spamcop.net/fom-serve/cache/266.html), or the deputies, who do not read this part of the forum. They will only turn off reporting if the messages going out to the address are bouncing (information I provided would have stated that) or they have evidence to show the reports are being used for listwashing. I suggest you contact deputies[at]spamcop.net to address this issue. Nobody you have been in contact with here has that level of access. You are now the one jumping to conclusions. Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 Nobody you have been in contact with here has that level of access. Are you sure about that? You are now the one jumping to conclusions. I find it a bit too coincidental that yesterday the routes were working, and today I've been blocked by the system. So it would seem extremely likely that by virtue of me making this post, the reporting has been disabled. Which is why I am asking here that whomever did this please undo it. - Tara Link to comment Share on other sites More sharing options...
Farelf Posted June 5, 2008 Share Posted June 5, 2008 ...I find it a bit too coincidental that yesterday the routes were working, and today I've been blocked by the system....We're talking SC reporting routes - unless you received a SC report yesterday or checked the routing yesterday you wouldn't know. So, can you confirm you DID know? Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 We're talking SC reporting routes - unless you received a SC report yesterday or checked the routing yesterday you wouldn't know. So, can you confirm you DID know? We received a single report yesterday. On average, we get 1-2 reports per week, which is pretty reasonable given that our network sends out about 3 million emails per day. So yes, I know for a fact that yesterday it was working. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 5, 2008 Share Posted June 5, 2008 Are you sure about that? The only person who has even posted in this entire board in more than 6 months who would have that access is SpamCopAdmin and he has claimed he does not read the Lounge forum at all. SpamCop routes are not an open part of the system. Also, the actual route (http://www.spamcop.net/sc?action=showroute;ip=216.224.234.10;typecodes=17) does not have a date or note indicating manual intervention. This usually indicates a setting from the "ISP account" side. I find it a bit too coincidental that yesterday the routes were working, and today I've been blocked by the system. Did you receive full SpamCop reports yesterday (not the summary reports)? I can find no evidence of any spam reports being made yesterday. Without a report from yesterday, how do you know the routes worked yesterday? In fact, I believe when you turn on summary reports, it turns off full reports automatically. Again, you need to contact deputies[at]spamcop.net and lighten up on the attitude. OK, I see another person posted the same. When you received that report, did you indicate that spam would stop and to send no more emails on that issue. I believe that happened to me during a test at my previous employer and it turned off my reporting for a short period of time. But that also usually is indicated in the reports. Again, only deputies[at]spamcop.net can answer your question about how the reports were turned off. Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 The only person who has even posted in this entire board in more than 6 months who would have that access is SpamCopAdmin and he has claimed he does not read the Lounge forum at all. SpamCop routes are not an open part of the system. Also, the actual route (http://www.spamcop.net/sc?action=showroute;ip=216.224.234.10;typecodes=17) does not have a date or note indicating manual intervention. This usually indicates a setting from the "ISP account" side. Okay, then perhaps someone reading this forum emailed the deputies and asked them to block us. Did you receive full SpamCop reports yesterday (not the summary reports)? I can find no evidence of any spam reports being made yesterday. Without a report from yesterday, how do you know the routes worked yesterday? In fact, I believe when you turn on summary reports, it turns off full reports automatically. Again, you need to contact deputies[at]spamcop.net and lighten up on the attitude. We received a full report; the url given was: <removed by Moderator> I am not trying to make accusations, but in all honesty it makes very little sense that yesterday it was working and today it is not. I cannot help but feel betrayed - I came to SpamCop to request help about a wholly different issue and now am being blocked from the reporting. It sure feels like a slap in the face As a paying customer of SpamCop, I am really disappointed by this action. - Tara Moderator Edit: offered URL was removed because it was a link to the Abuse Report Response Center, which contains actions to be taken by the ISP/Host involved with the SpamCop.net Report. I will also note that only one URL was offered, but the actual Report seen at http://www.spamcop.net/sc?id=z1955620052ze...7c85466b83faa9z shows two reports going out on the reported spam ... one to the IP Address owner involved for the source of the spam, the other to the spamvertised site folks, which in this case turns out to be the same people. Link to comment Share on other sites More sharing options...
tarabyte Posted June 5, 2008 Author Share Posted June 5, 2008 I've decided to walk away from this thread. I was not planning on the collateral damage of being banned from SpamCop reporting for simply posting a thread here. Thank you to those who have given solid advice. My sincere apologies to everyone here that I've clashed with. I am truly very sorry for anything I've ever said to offend anyone here. If whomever blocked me can find it within themselves to retract the block I would be deeply appreciative. Best regards, Tara Link to comment Share on other sites More sharing options...
Farelf Posted June 5, 2008 Share Posted June 5, 2008 ...I am not trying to make accusations, but in all honesty it makes very little sense that yesterday it was working and today it is not. I cannot help but feel betrayed - I came to SpamCop to request help about a wholly different issue and now am being blocked from the reporting. It sure feels like a slap in the face As a paying customer of SpamCop, I am really disappointed by this action. As far as "we" know, only other users come here and of course none of us has the ability to change your reports. I'm thinking there's some other explanation. The advice (StevenUnderwood's) to email the deputies is sound. You surely have nothing to lose. Link to comment Share on other sites More sharing options...
agsteele Posted June 5, 2008 Share Posted June 5, 2008 When customers import their list, the confirm message is added to their campaign. When they send out to that list of subscribers, the subscriber has to confirm to keep receiving information. This way, the list gets re-confirmed, and anyone who doesn't really want the messages gets purged. By doing this, we are following Spamhaus' good practice policies of "confirmed opt-in". OK, I see that you've said you don't propose to return and read this thread any longer but just in case... As far as I can see this approach would count you in as a source UCE/UBE for our system. I guess the only reason I might not hve been reporting is that I'm not on one of your customers' lists. I'm truly surprised that you've avoided being listed on BLs for so long. I imagine you'll find your problems increasing if you continue this approach to opt-in. Andrew Link to comment Share on other sites More sharing options...
StevenUnderwood Posted June 5, 2008 Share Posted June 5, 2008 As a paying customer of SpamCop, I am really disappointed by this action.I know you may not see this, but you have just opened up more questions. AFAIK, there is no paying option for ISP's. There is a paying option for reporting (fuel) and a paying option for the email service. Link to comment Share on other sites More sharing options...
Miss Betsy Posted June 5, 2008 Share Posted June 5, 2008 I am sorry I was too busy yesterday to keep up with this thread. Why do people seem to think that personal offense is intended when there is a difference of opinion? I couldn't see that the OP 'clashed' with anyone except that she interprets 'best practices' differently than anyone else and refuses to accept that, as far as technology goes, the internet is a polite place - the only rules being that one does unto others as one would be done unto and some 'rules of the road' and not a place where one can get one's way by being legalistic (as in her insistence that her IP block should not be listed because it was static). She wanted support against Matthew, but no one was interested in getting into someone else's dispute. People thought that she would be interested in how to avoid being blacklisted in general. Although there is nothing that anyone here can do about any public blacklist including the scbl, several posters are server admins and explained that there were other things wrong with her operation that would get her blacklisted by them. Again, she wanted to be legalistic about the interpretation of 'best practices' demanding that she was right and should not be blacklisted. Unfortunately, that's not how it works. Receivers can use any rules they want to ignore email from sources they don't want to hear from. If the sender wants to send email then the sender has to use the interpretation of the rules that the receiver is using. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted June 5, 2008 Share Posted June 5, 2008 I was not planning on the collateral damage of being banned from SpamCop reporting for simply posting a thread here. Semantics apparently .. I see no sign of your "being banned from Reporting" anywhere in this Discussion. If whomever blocked me can find it within themselves to retract the block I would be deeply appreciative. As pointed out numerous times already, none of the volunteers here has access to the database used by the Parsing & Reporting System. As noted a couple of times, there is a question about who actually 'handled' the Abuse Report Response Center actions for both the spam-source and the spamvertised-URL reports ... and just how they were actioned. The data available to the public (data dump below) contains no notes of any manual intervention by the Deputies in the reporting-target selections. However, it wouldn't be to hard to take a guess that there may be some 'automatic' stuff in the codebase that would 'see' that both the source and the spamvertised-URL were under the control of the same people, so reports sent 'there' would obviously be going to the spammers themselves. However, this is basically just a guess. Here's a repeat .. you'll need to contact the Deputies to get anything close to a 'real' answer on this. http://mailsc.spamcop.net/sc?track=youcandoitto.info Parsing input: youcandoitto.info No recent reports, no history available Routing details for 64.191.122.168 [refresh/show] Cached whois for 64.191.122.168 : abuse[at]stressfreetechnologies.com Using abuse net on abuse[at]stressfreetechnologies.com abuse net stressfreetechnologies.com = abuse[at]stressfreetechnologies.com Using best contacts abuse[at]stressfreetechnologies.com Reports disabled for abuse[at]stressfreetechnologies.com Using abuse#stressfreetechnologies.com[at]devnull.spamcop.net for statistical tracking. http://mailsc.spamcop.net/sc?action=rcache;ip=64.191.122.168 Tracking details Display data: "whois 64.191.122.168[at]whois.arin.net" (Getting contact from whois.arin.net ) checking NET-64-191-122-0-1 Display data: "whois NET-64-191-122-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]stressfreetechnologies.com 64.191.122.0 - 64.191.122.255:abuse[at]stressfreetechnologies.com checking NET-64-191-0-0-1 Display data: "whois NET-64-191-0-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Using postmaster[at]hostnoc.net instead of nic[at]hostnoc.net 64.191.0.0 - 64.191.127.255:postmaster[at]hostnoc.net whois.arin.net contact: postmaster[at]hostnoc.net Routing details for 64.191.122.168 Using abuse net on postmaster[at]hostnoc.net abuse net hostnoc.net = abuse[at]burst.net, abuse[at]level3.net, abuse[at]level3.com Using best contacts abuse[at]burst.net abuse[at]level3.net abuse[at]level3.com abuse[at]level3.net redirects to abuse[at]level3.com http://mailsc.spamcop.net/sc?track=64.191.122.149 Parsing input: 64.191.122.149 [report history] Routing details for 64.191.122.149 [refresh/show] Cached whois for 64.191.122.149 : abuse[at]stressfreetechnologies.com Using abuse net on abuse[at]stressfreetechnologies.com abuse net stressfreetechnologies.com = abuse[at]stressfreetechnologies.com Using best contacts abuse[at]stressfreetechnologies.com Reports disabled for abuse[at]stressfreetechnologies.com Using abuse#stressfreetechnologies.com[at]devnull.spamcop.net for statistical tracking. Reports routes for 64.191.122.149: routeid:40313836 64.191.122.0 - 64.191.122.255 to:abuse[at]stressfreetechnologies.com Administrator found from whois records http://mailsc.spamcop.net/sc?action=rcache;ip=64.191.122.149 Tracking details Display data: "whois 64.191.122.149[at]whois.arin.net" (Getting contact from whois.arin.net ) checking NET-64-191-122-0-1 Display data: "whois NET-64-191-122-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Found AbuseEmail in whois abuse[at]stressfreetechnologies.com 64.191.122.0 - 64.191.122.255:abuse[at]stressfreetechnologies.com checking NET-64-191-0-0-1 Display data: "whois NET-64-191-0-0-1[at]whois.arin.net" (Getting contact from whois.arin.net ) Using postmaster[at]hostnoc.net instead of nic[at]hostnoc.net 64.191.0.0 - 64.191.127.255:postmaster[at]hostnoc.net whois.arin.net contact: postmaster[at]hostnoc.net Routing details for 64.191.122.149 Using abuse net on postmaster[at]hostnoc.net abuse net hostnoc.net = abuse[at]burst.net, abuse[at]level3.net, abuse[at]level3.com Using best contacts abuse[at]burst.net abuse[at]level3.net abuse[at]level3.com abuse[at]level3.net redirects to abuse[at]level3.com http://mailsc.spamcop.net/mcgi?action=show...mp;query_type=4 (90-day history) Submitted: Tuesday, June 03, 2008 6:46:32 PM -0500: Hi x! 3164868828 ( 64.191.122.149 ) To: [concealed user-defined recipient] 3164868827 ( http://youcandoitto.info/Rx ) To: abuse[at]stressfreetechnologies.com 3164868826 ( 64.191.122.149 ) To: abuse[at]stressfreetechnologies.com Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.