Jump to content

Adult Spam consistently from same Network Admin


kdcinfo

Recommended Posts

The only spam I report is adult-related spam because we have a 13-year old whom we don't want reading some of the explicit subject lines (using server-side text-only readers at least keeps the spam to subject-line reading only).

Recently, within the last week or two, it seems over 90% of the adult-related spam we receive show the network administrator to be the same:

Re: http://bp2-rx.com/enter.php (Administrator of network hosting website referenced in spam) - frank1976[at]126.com

Re: http://bp2-rx.com/rr.php (Administrator of network hosting website referenced in spam) - frank1976[at]126.com

I was thinking of e-mailing this address and politely requesting to be removed, but that's a really old no-no because it means you'll just get more.

Also, initially, the checkboxes were checked for notifying this "administrator", but getting the feeling they might just be the one's spamming (having their own network), I began unchecking these notifications a few days ago. Unfortunately, if that is the case, I'm probably already on their hit list.

Has anyone else observed this particular network administrator? Does anyone have any suggestions for getting off this particular administrators list? If they're not the originator, perhaps I could request that e-mails to my address from their server be blocked??

Thanks.

Keith

Link to comment
Share on other sites

Most providers will give you more than one email address. The only way to eliminate the porn email is to change your address for your personal email (and use an alphanumeric address that is not easily guessed by the dictionary spammers like k31th). You can use the old one for entering into web sites to order or whatever and if that website is not reliable then, that address already gets spam.

Then threaten to withdraw computer privileges from your 13 year old if he enters the 'clean' address anywhere on the web! Also ask your correspondents to use the old address if they want to send you ecards or email you pages from websites,etc.

Most email readers will let you have more than one address and again, impress on your 13 year old that he is only to read and use the 'clean' address. If you are not getting so much spam that it is only the porn that bothers you for the 13 yr old's sake, then you can use the old address for your email and the new address for the children.

That's my $.02 USD

Miss Betsy

Link to comment
Share on other sites

It will probably do no good to contact anyone regarding bp2-rx.com as it belongs to Michael Lindsay / iMedia Networks a very wll known ROKSO listed spammer, check out http://www.spamhaus.org/rokso/listing.lass...edia%20Networks

canonical name bp2-rx.com.

addresses 211.158.35.246

Running his "Bullet Proof" hosting out of China

211.158.35.246 is listed in the SBL, in the following records:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19859

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL10264

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21421

All he will do is spam you more when he finds out you don't want it.

Link to comment
Share on other sites

Most providers will give you more than one email address.

Thanks Miss Betsy ... I'm always forgetting to clarify something or other. She actually doesn't get her own e-mail (that's a typing speed goal achievement), but she's fairly interested in what we do and likes to read things onscreen behind our back. And although I keep my mail screen minimized (of which, only subject lines are shown), there's just always the chance that I'll be filtering/cleaning only to have her walk up behind me and, not wanting to interrupt, just see what I'm doing.

My host does provide my domain with 'anything[at]', and I do change up regularly, so the majority of e-mails get filtered quite easily. Out of 100 e-mails, only about 20 get left on screen. Some of these use the same "From" as the "To", so mailwasher thinks they're friendly. I have multiple filters setup to process automatically, in addition to processing the blacklists (eg, Spamcop) automatically.

And oh yes, having this domain since 1997, I probably get at least 300-500/day (or more). But some are caught by my host's filter, others by Mailwasher (filters and blacklists), with a remaining 50-75 or more per day still getting through. Of those, only about 10-20% are adult.

I know I can filter these more... but was mostly curious if anyone else had come across this "frank1976" administrator. Reporting these to that address obviously haven't done anything, and the IPs/e-mail hosts keep changing.

Link to comment
Share on other sites

It will probably do no good to contact anyone regarding bp2-rx.com as it belongs to Michael Lindsay / iMedia Networks a very wll known ROKSO listed spammer

That's what I was afraid of :(

At least I know that I was seeing it right.

I'll keep removing the checks/notifications, and make some adjustments in Mailwasher. Perhaps someone, somewhere will get tired of paying for his deliveries.

Thanks.

Keith

Link to comment
Share on other sites

It will probably do no good to contact anyone regarding bp2-rx.com as it belongs to Michael Lindsay / iMedia Networks a very wll known ROKSO listed spammer, check out http://www.spamhaus.org/rokso/listing.lass...edia%20Networks

canonical name bp2-rx.com.

addresses 211.158.35.246

Running his "Bullet Proof" hosting out of China

211.158.35.246 is listed in the SBL, in the following records:

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL19859

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL10264

http://www.spamhaus.org/sbl/sbl.lasso?query=SBL21421

All he will do is spam you more when he finds out you don't want it.

22843[/snapback]

Yes iMedia/Michael Lindsay runs that particular site. But even worse, 126.com is Alan Ralsky's personal domain. spam reports to them is one of the very few I uncheck (I don't even have problem with CYVEILLANCE', despite my posting of their 'whois' issue). Don't know about iMedia, but Ralsky will definitely spam you more (his spam almost always contains hidden identifiers, so munged or not, you will be visible in the report).

Link to comment
Share on other sites

The only spam I report is adult-related spam because we have a 13-year old whom we don't want reading some of the explicit subject lines (using server-side text-only readers at least keeps the spam to subject-line reading only).

22836[/snapback]

I wonder if anyone has ever tried to go after a spammer for sending such adult materials to children. There's probably some legal hooha about "explicit" vs. "pornographic" and they could certainly claim that they didn't know the recipient was a minor, but I don't know how much legal weight that would hold.

The various authorities seem to have trouble going after spammers on technical grounds, probably for a number of reasons. I wonder if the situation would be different if they were going after spammers for "contributing to the deliquency of a minor" or something similar.

Link to comment
Share on other sites

Don't know about iMedia, but Ralsky will definitely spam you more (his spam almost always contains hidden identifiers, so munged or not, you will be visible in the report).

Ouch. Guess I'm on the radar :ph34r: Nothing like watering a fish. Or, selling bacon to a pig. (100% waste of everyone's time)

Perhaps after them not seeing any of my reports anymore I'll drop back off the radar.

I'm about ready to support the eStamp. :(

Link to comment
Share on other sites

I wonder if anyone has ever tried to go after a spammer for sending such adult materials to children.  There's probably some legal hooha about "explicit" vs. "pornographic" and they could certainly claim that they didn't know the recipient was a minor, but I don't know how much legal weight that would hold.

The various authorities seem to have trouble going after spammers on technical grounds, probably for a number of reasons.  I wonder if the situation would be different if they were going after spammers for "contributing to the deliquency of a minor" or something similar.

22856[/snapback]

In this particular case, the minor would have to have her own account for that argument to carry any weight. My 10-year-old nephew has his own email account on the family mailserver (we set it up for him when he was born), but he doesn't have the password and his mom manually filters it before showing it to him. She is naturally overprotective of her only child.

On a related note, while preparing for a 6-year-old coming to visit, I ventured into locking down the Time Warner Cable box he might be using. A bunch of shows I would have thought would have G or TV-Y ratings had no ratings at all, so I had to let non-rated non-adult shows through. That was a nice little adventure. :)

Link to comment
Share on other sites

I wonder if anyone has ever tried to go after a spammer for sending such adult materials to children.

There is now, they're supposed to contain (or begin) with the word Explicit, or something to that affect. But does this stretch across international borders? I'm very surprised China isn't more critical (or harsh) when it comes to spam. But if they begin with that, and then follow with their message, to me that just makes it stand out more (like, READ ME! - or, "Don't look down").

But the problem in my case is the e-mail is not my daughters. It just happens that she has the potential for reading the subject lines. I just have to do more to ensure she doesn't. TVs have the vchip, mail has filters. One just requires a ton more knowledge.

But the answer is clear that this Frank1976/126.com/bp2-rx address is one to stay away from if you're just a pawn like me. And I've learned to only check the boxes at the very top.

Link to comment
Share on other sites

There is now, they're supposed to contain (or begin) with the word Explicit, or something to that affect. But does this stretch across international borders?

22861[/snapback]

No, the (I) CANSPAM act is only a US law. (IANAL)

Like I said above the site is hosted in China, do you know what the sending IP was? If it was a hijacked machine in the US or even a IP they were using in the US then it should have been compliant. Not that it would matter anyhow :D

Link to comment
Share on other sites

To Keith

I didn't realize that it was your domain which is a whole different ballgame.

Actually my attitude toward inevitable child encounters with what you don't want them to know about is to openly tell them why this is not good. For younger children, it is easier to control what they see or don't see. (For instance, only downloading email when they are in bed or not allowing them to walk up behind you.)

For someone who is 13, though, you have done all you can to teach hir what is right and wrong and now you need to be teaching hir how to discern. If she doesn't see it on your computer, she will sooner or later on someone else's.

IMHO, a 13 year old is old enough to be able to dismiss the porn just as an adult does. And it would be better for hir to learn from you and how you handle seeing those subject lines than on her own.

Miss Betsy

Link to comment
Share on other sites

...

But the answer is clear that this Frank1976/126.com/bp2-rx address is one to stay away from if you're just a pawn like me. And I've learned to only check the boxes at the very top.

22861[/snapback]

I believe that "frankXXX[at]126.com" is a 'bot for harvesting valid email addresses. I have been shown other information that makes it appear that "AlexanderLinder[at]163.com" is personally Alan Ralsky. For people like Merlyn, who lists his interests as "Researching Spammers.", it can be informative to look up sequential domain registrations on ChinaNet (seemingly created by a scri_pt or `bot - sometimes over a hundred can be created in a ten minute period) by the handle instead of the domain name (so you can see the actual sequence) and count the percent using a [at]163.com account against those using "antispam[at]xxx.xxx.cn".

Just for anyone still interested:

$ whois bp2-rx.com

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered

with many different competing registrars. Go to http://www.internic.net

for detailed information.

Domain Name: BP2-RX.COM

Registrar: GANDI

Whois Server: whois.gandi.net

Referral URL: http://www.gandi.net

Name Server: NS1.NS-1.BIZ

Name Server: NS2.NS-1.BIZ

Status: ACTIVE

Updated Date: 06-jan-2005

Creation Date: 21-dec-2004

Expiration Date: 21-dec-2005

>>> Last update of whois database: Mon, 10 Jan 2005 07:38:51 EST <<<

NOTICE: The expiration date displayed in this record is the date the

registrar's sponsorship of the domain name registration in the registry is

currently set to expire. This date does not necessarily reflect the expiration

date of the domain name registrant's agreement with the sponsoring

registrar. Users may consult the sponsoring registrar's Whois database to

view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois

database through the use of electronic processes that are high-volume and

automated except as reasonably necessary to register domain names or

modify existing registrations; the Data in VeriSign Global Registry

Services' ("VeriSign") Whois database is provided by VeriSign for

information purposes only, and to assist persons in obtaining information

about or related to a domain name registration record. VeriSign does not

guarantee its accuracy. By submitting a Whois query, you agree to abide

by the following terms of use: You agree that you may use this Data only

for lawful purposes and that under no circumstances will you use this Data

to: (1) allow, enable, or otherwise support the transmission of mass

unsolicited, commercial advertising or solicitations via e-mail, telephone,

or facsimile; or (2) enable high volume, automated, electronic processes

that apply to VeriSign (or its computer systems). The compilation,

repackaging, dissemination or other use of this Data is expressly

prohibited without the prior written consent of VeriSign. You agree not to

use electronic processes that are automated and high-volume to access or

query the Whois database except as reasonably necessary to register

domain names or modify existing registrations. VeriSign reserves the right

to restrict your access to the Whois database in its sole discretion to ensure

operational stability. VeriSign may restrict or terminate your access to the

Whois database for failure to abide by these terms of use. VeriSign

reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and

Registrars.

% GANDI Registrar whois database for .COM, .NET, .ORG., .INFO, .BIZ, .NAME

%

% Access and use restricted pursuant to French law on personal data.

% Copy of whole or part of the data without permission from GANDI

% is strictly forbidden.

% The sole owner of a domain is the entity described in the relevant

% 'domain:' record.

% Domain ownership disputes should be settled using ICANN's Uniform Dispute

% Resolution Policy: http://www.icann.org/udrp/udrp.htm

%

% Acces et utilisation soumis a la legislation francaise sur

% les donnees personnelles.

% Copie de tout ou partie de la base interdite sans autorisation de GANDI.

% Le possesseur d'un domaine est l'entite decrite dans

% l'enregistrement 'domain:' correspondant.

% Un desaccord sur la possession d'un nom de domaine peut etre resolu

% en suivant la Uniform Dispute Resolution Policy de l'ICANN:

% http://www.icann.org/udrp/udrp.htm

%

% Date: ..................

domain: BP2-RX.COM

owner-address: Ralsky Rocks Inc

owner-address: 8976 Dien Bien Phu,

owner-address: HN10000

owner-address: Ba Dinh,Hanoi

owner-address: Vietnam

owner-phone: +84.913236677

owner-e-mail: ihatespam1[at]PunkAss.com

admin-c: HR266-GANDI

tech-c: AR41-GANDI

bill-c: HR266-GANDI

nserver: ns1.ns-1.biz

nserver: ns2.ns-1.biz

reg_created: 2004-12-21 21:50:46

expires: 2005-12-21 21:50:46

created: 2004-12-22 03:50:47

changed: 2005-01-06 10:10:19

person: Hermish Ralskey

nic-hdl: HR266-GANDI

address: 8976 Dien Bien Phu,

address: HN10000

address: Ba Dinh,Hanoi

address: Vietnam

phone: +84.913236677

e-mail: ihatespam1[at]PunkAss.com

lastupdated: 2005-01-03 16:58:30

person: GANDI Auto Register 4.1

nic-hdl: AR41-GANDI

address: GANDI

address: 38 rue Notre-Dame de Nazareth

address: F-75003

address: Paris

address: France

phone: N/A

e-mail: support[at]gandi.net

Link to comment
Share on other sites

IMHO, a 13 year old is old enough to be able to dismiss the porn just as an adult does. And it would be better for hir to learn from you and how you handle seeing those subject lines  than on her own.

Typically and normally I would agree with this philosophy. However, some of these subject lines make me uneasy/uncomfortable to look at; and I'm in my late 30s.

But this brings up the point that spam should definitely be taken care of before it ever hits the end user. I might personally be able to keep my daughter from seeing these things on my computer, but if she's visiting a friend... their parents may not be as e-mail/server savvy. I can't imagine all the folks simply downloading to Outlook with the Preview Pane open. Imagine their kids walking up behind them ... at 8 or 9 years old.

Nonetheless, I know now to expect much more of these (3 in the last 20 minutes) now that my address is on their hit-list.

Link to comment
Share on other sites

I believe that "frankXXX[at]126.com" is a 'bot for harvesting valid email addresses.

I never figured the mailer to be a bot - 'cause it seemed as though they took breathers (slept). But I guess that makes sense.

Link to comment
Share on other sites

Get-even, you also do some excellent investigative work and no I didn't spend much time on this only a minute to do the lookup. Normally I only spend a lot of time with the spammers that make it through our lists and filters.

I really doubt he would place a name in a registration like Ralsky Rocks Inc along with Hermish Ralskey (but I wouldn't put it past him!) and PunkAss.com is one of the email domains you can use for an email account at hotpop.com.

It might or might not be Ralsky, I go on what Spamhaus says it is. I do believe that if Spamhaus says it's Michael Lindsay / iMedia Networks then it most probably is. That is not to say they all (spammers) share/sell info and resources to each other. ;)

Link to comment
Share on other sites

Typically and normally I would agree with this philosophy. However, some of these subject lines make me uneasy/uncomfortable to look at; and I'm in my late 30s.

But this brings up the point that spam should definitely be taken care of before it ever hits the end user. I might personally be able to keep my daughter from seeing these things on my computer, but if she's visiting a friend... their parents may not be as e-mail/server savvy. I can't imagine all the folks simply downloading to Outlook with the Preview Pane open. Imagine their kids walking up behind them ... at 8 or 9 years old.

Nonetheless, I know now to expect much more of these (3 in the last 20 minutes) now that my address is on their hit-list.

22869[/snapback]

Plenty of spam makes me sick to my stomach, and I never see anything except the subject lines. I'm sure someone has sent "13 year old girls being abused!!" spam, and I know how I would have reacted when I was 13.

Pornography is a tricky issue as it is based on "community standards." People tried to prosecute people for mailing copies of "Deep Throat" (which was fairly mainstream) into their community, didn't work. I think you'd have to prosecute these guys in China/Korea, where ever they spam from. It's even worse if a comprimised machine is involved. Presumably they host the stuff in a country where porn is legal, and anyone who actually goes to the site should know better.

As for China's alledged anti-porn stance...well, China is a pretty corrupt and dishonest place right now, unfortunately.

Link to comment
Share on other sites

I have kids from 5 yrs old to 26 yrs old. I have to check my 10 year olds email account before he gets into it. It has never been used except to a few of his friends from school and some of the spam that has slipped through has been porn.

As far as I am concerned porn email marketing should only be allowed to someone who has requested and confirmed it and proved to be of legal age.

Just my 2 cents.

Link to comment
Share on other sites

I totally agree about porn not being sent to anyone who has not requested it. I would like to sue them for sexually harassment (as an adult).

However, since it is not possible, unless somebody makes a law that every ISP filter out porn unless it is whitelisted - which is not very probable, then if kids are going to use email, they are going to have to be prepared.

I agree that most of it makes me queasy which is why I changed my email address at home to an alphanumeric one and I have not (fingers crossed) received any since (about two years).

But 13 year olds need to be prepared on how to deal with those things that you can't protect them from (unless you lock them in). IMHO, it is much better for them to see a subject line about '13 yr old xxxxxx' when you are right there and they know you are disgusted, and it also gives some of your warnings more creditability when you explain why some people are interested. They also see how you deal with it so that they have a model. If you hide it from them, and then they do see it, they won't ask you about it because they will be afraid of what you will say (or perhaps do - like 'you can't go to Johnny's any more!')

Miss Betsy

Link to comment
Share on other sites

I totally agree about porn not being sent to anyone who has not requested it.

I'd like to see that about email marketing in general.

I would like to sue them for sexually harassment (as an adult).

To an adult, I figure it's the equivalent of some guy hitting on you in a bar. Sleazy, rude, yes, but not illegal. Pity there's no email equivalent of throwing a drink in someone's face.

Willfully (or negligently) doing the same to children is an entirely different matter.

Link to comment
Share on other sites

In looking at some stats, I'm hoping I'm reading them wrong, but I don't see bp2 or 211.158 (much less bp2-rx or 211.158.35) anywhere in the stats I'm looking at (in the Statistics tab).

So I'm wondering, which is worse? Spammer #1, 2, and 3 sending 50 e-mails for ink toner discounts or Spammer #4 sending 10 e-mails for 13-year old XXX? I think people would have a different answer than computers.

According to the numbers, those who spam more get noticed more, while those with worse spams, if they're savvy enough not to send as many bulks, won't get noticed as much.

Link to comment
Share on other sites

To an adult, I figure it's the equivalent of some guy hitting on you in a bar.  Sleazy, rude, yes, but not illegal.  Pity there's no email equivalent of throwing a drink in someone's face.

22899[/snapback]

I figure that it is more analogous to having someone expose themselves to you in public, which IS against the law in most places.

Link to comment
Share on other sites

I figure that it is more analogous to having someone expose themselves to you in public, which IS against the law in most places.

22901[/snapback]

If the spam itself is explicit, I'd agree. (I like your analogy better, anyway.) On the other hand, I really didn't need the mental image of Ralsky exposing himself to me. Excuse me while I go wash my brain out with soap.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...