Jump to content


  • Posts

  • Joined

  • Last visited

Recent Profile Visitors

754 profile views

lpsears63's Achievements


Member (2/6)



  1. UPDATE: I decided to give a report to IC3 Division of the FBI, so we'll see what happens from there. Pretty sure that they are email addresses minus the messaging provider, then when a list is purchased a key is provided to unlock the full address. Each site is separated into "blogs", there are anywhere from 5 to 10 "blogs" per page, then at least thirty pages or more per site. The page that contained the "blog" that I found my address in was on page fifty-nine. That site, according to MY IP gets 6500 hits a day. And the three sites combined do not contain thousands of addresses as I said earlier, but millions. One list that I made a full page screen capture PDF of, took 35 minutes to create, and is a one-hundred and seventy megabyte file. Never really thought of fighting spam from this angle, but if the FBI can shut down this list provider it's almost like a major drug bust. Take away the product and the addicts have nothing to use:-)
  2. I was doing a Google search of my user name today and most of what came up were my posts here in the Spamcop lounge from a couple of years ago. One other that caught my eye though, I thought, what is my name doing on this site? A site for tuning supercars? When I opened the page, it seemed to be a typical "Meet Russian Brides" phishing scam site, but when I scrolled down it turned into a really, really long list of either user names or possibly email addresses. Now, I did send an abuse report to the site's hosting provider, but we all know how that goes. Also, in the search for the hosting company, I found that there are two more sites using that IP address. Those sites each use a slightly different format, but the end is still the same. Thousands of user names (or partial email addresses (easier to figure out the other half than to make up names). Sorry, I can't post any links on here, and at this point I'm even a little reluctant write out the sites names (even broken up) as I had intended to post this anonymously, but don't think that I am. Anyway, more to the point, if the sites are not removed in the next 24 hours (time frame the host said was given to the domain owners to respond), any suggestions as to the most effective way to proceed. And really, who knows how many others like these are out there, just hiding in plain site. It seems that I have a bit of a knack for finding out things that I (no one else for that matter) am not suppose to know. Thing is, now that it's been seen, I can't just unsee it, so I won't be able to let it go. Any suggestions are welcome (except stupid ones of course).
  3. *==========* I just double checked some of the domains from my most recent list, after reading your post. I use mostly Whois powered by Name [dot] com and Myip [dot] ms. At Whois right below the registrars name it says clientDeleteProhibited client hold and clientHold, clientUpdateProhibited. And on Myip no information at all shows up, when there was info before. Client Hold means suspension. Remember though that suspension is not termination. It does, however, keep the domain inactive so that it can be investigated. It also may take a day or to for the update to be seen, depending on what lookup tools you use. One reason I use Myip is that it is updated something like every 5 minutes. Downside is if you look at about 10 pages or lookup an IPv6 address you need to register. And for that they only take bitcoin (I had real trouble trying to use that). But, they do give you a ton of information. Anyway, I don't know how long after you received the notice, that you checked on the domain status. You might try again, maybe even try a different tool. *==========*
  4. *==========* Apparently the abuse team at Alpnames has a new notification system in place now. You should also get a second response that say's that your issue has been resolved, but then doesn't tell you what that resolution was. There should be though, a place at the bottom of the response to rate the new system. Make sure you rate either just ok, or not at all. That will open a new page where you can tell them what you think. I didn't give the new system a good rating at all. But, I have gotten good support from the abuse team, so I did rate them much better. *==========*
  5. *==========* This is getting old! The address abuse [at] chinacom [dot] com [dot] has also started to deny my attempts to connect. So, the only ones that don't come back are the ones to zhouxm [at] chinaunicom [dot] cn and he probably just deletes them. Probably any attempts to report abuse to them thru their abuse[at] addresses are useless. *==========*
  6. *==========* Finally getting the hang of that quote thing . *==========*
  7. *==========* I have been getting the same emails, but from different registrants. Get the list of suspensions as well (see topic - [dot]date Domains Suspended). You can never be 100% sure that the domains have been suspended, or that it will lead to termination. But, the emails from those domains have stopped. Of course, they could have just washed the address from their list. At this time I do err on the side of Alpnames having actually having suspended those domains. *==========* *==========* At this time there doesn't appear to be any limit on how many domain names can be registered at any one time. Many responsible corporations apply for multiple names at once. Sometimes just to keep someone else from using that name. I agree that there should be some limitations on that policy. Though, I'm sure the spammers would find a way around that also. At least you are getting a positive response from Alpnames. Many other registrars turn their backs on what their registrants are doing. From them, if you get any response at all, it's just an automated message. Usually basically saying it's not their problem. I've even had some (and other organizations, even some CERT abuse addresses) start filtering my address, so that after a few reports, they start bouncing back MY reports as spam! Not quite sure how to go about it, would take a little research, but you could try to make that suggestion to ICANN. I believe you would go thru At-Large Advisory Committee (ALAC), which is ICANN's voice for individual computer users. They are split up into five regions, your region (UK) would be EURALO. Though to actually join that you would need to be a member of something like an advocacy group. However, they may be able to help you find the appropriate way to make policy suggestions. I would probably start by making an inquiry using this email address - staff [at] atlarge [dot] icann [dot] org. If you are successful, you could post what you find out here, as others may like to follow suit in their own regions as well. I know I would. *==========*
  8. *==========* Hi, Hope nobody minds the tags. I've just been waiting all day to share with someone. After my ordeal in Nov. - Dec. 2015 with NGTC my spam count dropped to next to nothing all thru Jan. I thought maybe they washed me from the list. No such luck. At the beginning of Feb. it started up again. Nowhere near the volume I was getting, but it was picking up speed. Never had stopped the reporting though. Now, about half have been coming thru India and the others thru China (just not NGTC ). But, most all of the domains have been registered by Alpnames. Last Friday they sent me an email concerning seven domains they had suspended after my reports. Well, my reports continued thru the weekend without hearing anything else from them. This morning I opened my email to find this: (I hope no one minds I copy and paste here, there are no links) *==========* Thank you for reporting spam activity on: intojamesr.date moneyjacquelinenow.date workalbertbecause.date autumnlarryt.date thanjohnfall.date autumncoffeecaptrainy.date hellsteventhere.date xsomec.date egivep.date takelouissome.date therevincentwork.date intoborutn.date likefrankout.date onlypatriciar.date onlyjohnautumn.date monkeylindacolour.date thenvincentkey.date monkeylindacolour.date workvincentthere.date wellsteveno.date bodyharoldbecause.date takedanielh.date keypatriciamoney.date therestepheninto.date otherbobbyout.date moneyfrankmost.date comechristopherz.date applethomascold.date otherjohnlike.date likefrankthere.date hellborutwork.date moneyjessicacold.date othermichaelcould.date therevincentlike.date bodylindabecause.date thenbobbyfall.date jcolourz.date nmoneyf.date rainyjacquelinetake.date likejuanthen.date aboutdenisehot.date monkeyfrankapple.date afterpatriciaafter.date lookstevenlike.date autumnjackn.date hellvincentother.date nowlarryo.date thenchristianfall.date keystephenmost.date autumnharryother.date nowdenisemoney.date Following the report the domains have been suspended. Regards, Abuse Mitigation Alpnames Limited *==========* YES!!! That is a list of 51 domains, you can count them if you like. It took me most of December to get that many domains off the market. I know, in the grand scheme of things, it still hardly puts a dent in all of spammers out there. It really made my day though. If you've taken the time to read this, I wish you the same pleasure I had when first reading it *==========*
  9. *==========* Spoke too soon, it just took Gmail four hours to tell me that abuse[at]cnc-noc[dot]net still wasn't accepting my requests to connect. The other two addresses aren't bouncing though. Just remember to change abuse[at]chinaunicom to [dot]com[dot]cn instead of [dot]cn.
  10. *==========* The address abuse[at]cnc-noc[dot]net started taking my reports again. Also I tried changing abuse[at]chinaunicom from [dot]cn to [dot]com[dot]cn that seems to have worked. At least it hasn't come back yet (sometimes takes awhile). I also tried the zhouxm address that went thru as well. Although, it probably doesn't make a lot of difference as the Chinese don't seem to care about what leaves their country. Only what comes in. *==========*
  11. *===========* Well, maybe. The address abuse[at]chinaunicom[dot]cn did come back recipient not found. Now though, the address abuse[at]cnc-noc[dot]net seems to have blocked my emails to them. Several have gotten thru, so, they must have gotten sick of me. It's been awhile since I've tried the zhouxm address. I guess I'll have to try that one next time.
  12. *==========* I've noticed that the abuse address that Spamcop is using for China Unicom Beijing Province Network is abuse[at]chinaunicom[dot]cn. However if you would like to at least not have reports bounce, try abuse[at]cnc-noc[dot]net or zhouxm[at]chinaunicom[dot]cn. *==========*
  13. *==========* lisati, Thanks for showing me where to find that tool. It was very helpful. *==========* *==========* It is just the PBL, and it is the address range not just my IP, so I've opened a support ticket with my ISP asking for better security. Letting them know that it is affecting my ability to send abuse reports. Don't know if it will do any good or not though. In the meantime I've been trying to configure the SMPT AUTH on my Gmail account. I can get it to work for a telnet test, then it resets itself. The only information I can find at this time on the subject is like ten years old. It's based on Vista! Can't double check, or reconfigure, my Outlook address either (that info is also ten years old). Not without closing the account and then reopening it. But I believe it's alright though. I'll just have to get in the habit of sending from there via my Gmail alias. Thanks for your help. *==========*
  14. *==========* Hi, Since the middle of middle of November 2015, the 14th to be exact, I started sending out complaints/reports. First to UCE (FTC), then to CERT, when that didn't seem to be effective I added hosts, servers, then registrars. As I became more familiar with headers, I added others, like companies with trademarked names (ie: Amazon, Walgreens, ClickBank), some hacked government email providers as well as some very large universities. People and organizations that might have an interest in knowing they might have a security issue. Changing my tactics a little along the way. And of course in December submitting to Spamcop. My biggest change with sending reports was instead of sending multiple complaints to a single recipient, I switched to sending single complaints to multiple recipients. I had to streamline. From Nov. to today I've send around 1200 reports, gotten 50-60 domains suspended or terminated as well as quite a few Microsoft accounts. Most all of my emails were sent to abuse[at] addresses, which of course included unaltered headers, but they were all sent to people who would know how to read and handle them. If I had any doubt at all about malicious links (which was most of the time) all reports contained a warning to not click on any links. Thru all that, only a few were returned for containing suspicious links. Those were all refused from one particular registrar and it's domain protection service. Actually, after the first "munged" report got thru to the protection service, they started forwarding any of my emails directly to the registrar. Also, any attempts to contact the domains with the encoded addresses provided were not successful. Anyway, today it came to my attention (using a lookup tool provided by and owned by said registrar) that MY IP was on two blacklists. Both Spamhaus (which I was not on) and Protected Sky (which it claimed I was on). The lookup tool was MX Toolbox, and I'm unsure of the relation between them and Protected Sky. But when I went to the support contact page for PSky I found myself back at MX Toolbox. That was interesting. So, does any one think that a registrar, the only one who really doesn't seem to like my reports, would stoop to putting me on a blacklist? All other registrars have been very cooperative, within their abilities. This one though, seems to go out of their way to be as uncooperative as possible. Even in light of things like, the domain in question being blacklisted or their Whois information being incorrect or invalid. It just makes me wonder. Maybe I'm reading too much into their lack of response. And maybe I ended up on a blacklist in some other way. I guess I'm just venting, but it would also be nice to get some feedback, as I'm not sure of the best way to handle the situation. I have no intentions of stopping my complaints/reports. Thank you in advance to anyone taking the time to read this. *==========*
  15. *==========* UPDATE: *==========* Today I was informed by Namecheap that they have suspended four of the seven Ideal Target domains that I had received phishing emails from *==========*
  • Create New...