CaLy Posted December 6, 2008 Share Posted December 6, 2008 Hello, i am Carlos Octavio, from Rosario / Argentina. I recently purged my primary email from my isp (it is [at]arnet.com.ar) where i had +15000 messages, and i cleaned it all with PopCorn. Now, it is clean/empty and i started to use it with pop3 program again (The Bat, if it matters). Well, i started to report again messages received in that account and since November 26, i reported like 20 mails total. The fact is: some of the mails are not directly to me, for example: From: Carla<can78[at]fullzero.com.ar> Reply-To:packjuegos[at]yahoo.com.ar To: calvinhorobotti[at]arnet.com.ar That mail calvin... is not mine, but it comes to me. I can make a rule in The Bat telling if the mail dont have my address in "To" will be deleted instantly, right? And another "question". A lot (or all) of the spams reported to Spamcop have the same abuse contact: abuse[at]iplan.com.ar So, if the abuse or abuse-contact is that, it appears like iplan.com.ar have their port 25 opened to anyone to send mails through there, right ? And i also checked in : http://www.spamhaus.org/security/cookies.l...sp=arnet.com.ar (MY ISP) and it says: SBL56730 200.45.0.139/32 arnet.com.ar 18-Jul-2007 08:26 GMT Malware hosting http://www.spamhaus.org/sbl/sbl.lasso?query=SBL56730 Do i need to do something about that? I mean, it is the isp i am using :S O well, and about iplan.com.ar it says: Found 18 SBL listings for IPs under the responsibility of iplan.com.ar Tell me please, if i need to do something, or just stay like i am. Thanks in advance. Carlos Octavio Link to comment Share on other sites More sharing options...
rconner Posted December 6, 2008 Share Posted December 6, 2008 I can make a rule in The Bat telling if the mail dont have my address in "To" will be deleted instantly, right? Yes, you can do this. However, you will probably also want to check the Cc: field as well as the To: field. If you are part of a group of recipients, your address may appear in the Cc: field. If it doesn't appear in either, however, then you are correct that it is probably spam. So, if the abuse or abuse-contact is that, it appears like iplan.com.ar have their port 25 opened to anyone to send mails through there, right ?What this means is that the IP address from which the mail came is controlled by iplan.com.ar. The address could belong to a "open relay" (as you say), but it might also just be someone's home computer being used as a zombie or an open proxy. ...and about iplan.com.ar it says: Found 18 SBL listings for IPs under the responsibility of iplan.com.ar Tell me please, if i need to do something, or just stay like i am. If these are addresses of mail hosts for iplan.com.ar, then you could be affected. Otherwise, if they are just addresses used by fellow customers for their (zombie) home computers, you may not see any personal impact. If these addresses do belong to your mail hosts, then if they wind up on a blocking list (like Spamhaus'), your mail to others could be blocked by users of the blocking list. -- rick Link to comment Share on other sites More sharing options...
CaLy Posted December 6, 2008 Author Share Posted December 6, 2008 Thanks for the advises Rick ! Quickly and eficient ... Cheers, and have a nice weekend! Link to comment Share on other sites More sharing options...
dbiel Posted December 6, 2008 Share Posted December 6, 2008 I can make a rule in The Bat telling if the mail dont have my address in "To" will be deleted instantly, right?Yes, you can do this. However, you will probably also want to check the Cc: field as well as the To: field. If you are part of a group of recipients, your address may appear in the Cc: field. If it doesn't appear in either, however, then you are correct that it is probably spam.Not necessarily so. You may need to do some white listing if you follow this practice. as it is not uncommon for lists or individuals to make use of the BCC to keep from exposing your address to others also receiving the same message. Link to comment Share on other sites More sharing options...
Miss Betsy Posted December 6, 2008 Share Posted December 6, 2008 If you see your ISP as a choice in the reports, it may be because you are not reporting properly. However, since you looked them up and both are listed on blocklists, you may be reporting properly and the reports should go to them. Generally, it is not a good idea to report your ISP via spamcop. Since you are customers of both, then you are in the best position to contact them directly and state that, as a customer, you are unhappy with their reputation. I am not very apt at technical questions. However, if arnet.com.ar is listed as Malware Hosting, that may mean that they do not restrict port 25 so that infected computers send spam through their email servers. iplan.com.ar may be hosting spammers. In other words, both of them may not do anything about infected computers and websites under their control or they both may not care that they host spammers. Others on this forum can give you the correct technical information to use to convince these ISPs that they are acting irresponsibly. You need to provide a Tracking URL of a recent spam for their analysis. That is at the top of your spamcop report. Just copy and paste into your post. However, spammers routinely forge names into the FROM, using different names in rotation, so using a rule to block them is useless. The reason the spam is TO someone else is that your email address is in the BCC (blind copy). You also need to be more careful with your email address so that you do not put it anywhere on the internet. Software programs called 'spiders' crawl the internet looking for addresses for the spammers. If you want to use an email address, use a 'throwaway' address like a free yahoo or hotmail or gmail address. Then if it starts to get spam, you can abandon it. Also, make your email address with numbers as well as letters (Car10s) and the dictionary spammers won't pick it up as easily. If you use a simple name, then the spammers will probably already have it. The spammers add the names they have to different domain names to make their lists bigger. carlos at hotmail, carlos at arnet.com.ar, carlos at iplan.com.ar I hope you have an alternate ISP to choose if these ISPs won't change. Just be sure to check them out /before/ you sign up! Thanks for your interest in controlling spam! Good Luck! Miss Betsy Link to comment Share on other sites More sharing options...
rconner Posted December 6, 2008 Share Posted December 6, 2008 Yes, you can do this. However, you will probably also want to check the Cc: field as well as the To: field. If you are part of a group of recipients, your address may appear in the Cc: field. If it doesn't appear in either, however, then you are correct that it is probably spam.Not necessarily so. You may need to do some white listing if you follow this practice. as it is not uncommon for lists or individuals to make use of the BCC to keep from exposing your address to others also receiving the same message. Thanks to dbiel for towing me out of the ditch (clearly I should not post things on the internet before 7AM). It is possible that legitimate (non-spam) mail may not have your address in the To: or Cc: field, if the sender used the Bcc: field (which you as the recipient cannot see). So, it is not a good idea to automatically dispose of all messages that don't have your address in them. -- rick Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.