Hanco

Do we feedback somewhere on issues where SpamCop’s Whois came back wrong? 63.34.8.135 belongs to Amazon not Verizon.Source RegistryARINNet Range63.32.0.0 - 63.35.255.255CIDR63.32.0.0/14NameAMAZON-DUBHandleNET-63-32-0-0-2ParentNET-63-32-0-0-1Net TypeALLOCATIONOrigin ASAS16509RegistrationWed, 25 Apr 2018 18:02:37 GMT (Wed Apr 25 2018 local time)Last ChangedWed, 25 Apr 2018 18:02:37 GMT (Wed Apr 25 2018 local time)Selfhttps://rdap.arin.net/registry/ip/63.32.0.0Alternatehttps://whois.arin.net/rest/net/NET-63-32-0-0-2Uphttps://rdap.arin.net/registry/ip/63.32.0.0/14Port 43 Whoiswhois.arin.netRelated Entities 1 EntitySource RegistryARINKindOrgFull NameAmazon Data Services Ireland Limited

Middle of the night and they are spamming for a new Namecheap domain again... camill.icu Hosted via (not necessarily “at” 51.77.39.82 : abuse@ovh.net, noc@ovh.net Camill.icu Namecheap registrar domain is only 4 days old Spammer also using free redirect services for links and including large unnecessary text blocks in <style> tags, and sending from Amazon network AWS IPs (again) and using Imgur image storage service (who delete anything I report to them pretty fast)

Amazon again just now... from Amazon IP 52.36.85.88

Good one!

I report spam directly on the SpamCop site (pasting plain text into the form) and for Amazon reports: 1) SpamCop almost always says “Using abuse#amazonaws.com@devnull.spamcop.net for statistical tracking” 2) Rarely, but occasionally, I find SpamCop decides to send a report to ipmanagement@amazon.com 3) Now, if the source IP in the spam email headers is at Amazon, I send the report to three addresses. I always include the time the email was received (and time zone). Just occasionally they mess up the conversion to UTC and ask about the time again. ipmanagement@amazon.com because it seems to respond sometimes ec2-abuse@amazon.com because sometimes it is those guys responsible for the sending IP apparently abuse@amazonaws.com because that’s what SpamCop was going to send to I also report any spam image content links I find in the emails. Pinterest is a pain to deal with, but Imgur and others have been very responsive. So much so that the spammer now puts “if the images are not shown below click here” - LOL!! If only they stopped sending me their crap, they would have more success with their intended victims.

Prior was different. Don’t seem to be very rigid standard responses. Thank you for bringing this issue to our attention. The customer responsible was removed from our platform.If you have any questions, please feel free to reach out. Have a great rest of your day. and... Thank you for bringing this to our attention. We take the integrity of our platform very seriously and are currently working with the customer to resolve this issue.If you have any questions or concerns in the meantime, please don’t hesitate to ask.

My last Linode reply to a direct email was positive: Thank you for bringing this to our attention. We have removed this user from our platform as their actions have violated our terms of service.Please let us know if you have any questions.

Every so often I get one suspended. But yes, they just move to another. When I first started reporting these guys it spurned a total onslaught of spam. 10 to 15 spams for the same junk every day for a few days. All sent from AWS IP addresses and, more often than not, pushing traffic to Namecheap domains, which are only setup to do redirects. The target sites never have an actual website at them. I think it is known as spamvertising.

Namecheap are not impressive. I am regularly reporting spam where the benefiting/target domain in the spam was created “today” (same date spam received), 1 day old (one of those this week) and just today there is a 1 and a 3 day old domain. Namecheap’s response: We are not host so we cannot check server logs... contact the host. Is it me? Are domains used in obvious spam emails, less than 24 hours, 1 or 3 days old, likely to be genuine customers of their business??? I report every one of the spams through SpamCop, I include the sender host of the email when possible (so many are AWS IPs now, and I report those directly to Amazon). I also report the hosted images. The spammer used to use Imgur exclusively, but they (and several others) handle my image ad reports very quickly now. It seems VERY hard to get the sender of this junk onto SURBL or other Namecheap recognized list. Only when they are does Namecheap do anything concrete at all. One day old spam promoted site example from today: highmarket.club A few others hiotoau.info was created via Namecheap the same day as the spam email was sent: 20 September arstoe.info was created via Namecheap the same day as the spam email was sent: 15 August iornfao.info was created via Namecheap the same day as the spam email was sent: 27 July