Jump to content


  • Content Count

  • Joined

  • Last visited

Everything posted by vindicator

  1. vindicator

    Broken Spamcop Link

    In https://www.spamcop.net/denied.shtml, "Check the Help forum first ..." points to "http://forum.spamcop.net/forums/index.php?" which comes up with "Sorry, there is a problem The page you requested does not exist Error code: 1S160/2" For some reason, I can't log in. Maybe I'm trying the wrong username, but I tried 3 variations, but even resetting the password for each variation results in "No user found for input:..."
  2. I didn't use the SC parser since I looked at the mail source/headers. It's beyond abundantly clear (spf, dkim, dmarc, nslookup of domain/links) that it was from the business. I did chat with the FTC, but it was a most odd "conversation". I even asked if "it" was a bot because of the responses. *I WILL wait for the next spam arriving after their investigative deadline on May 5th, but want to make sure it would be acceptable to submit the spam (and previous ones) to SC if it persists. If you would rather I didn't submit it here, I shall not. However, I will still submit to the FTC and flag the emails as spam. The thing that I'm aware of is if the domain DOES get blacklisted, then their billing won't be coming through either. Though I expect their email administrators would be on it for any bounce-backs or if they monitor the blacklists (which I expect they would based on what they do). Boy-oh-boy, if the likelihood of compromise equates to incompetence, nearly every business I deal with is screwed (unless you're referring to backend incompetence as opposed to frontend support personnel, which is what I am going to assume). What you deem to be belligerence, and they consider rude, I consider to be incontrovertible point of fact of the specific instance ("liar" vs "ignorant" wording is questionable). It's like people simply don't want to be told they're wrong in which case nothing changes. You don't reward/pat-on-the-back failures. You acknowledge and correct. I'm most aware of my mistakes/failures because I strive for perfection. And I expect/hope that if I'm unaware I'm wrong, that I will be told. I'm under the belief that if I keep pressing them, hammering on the obvious failure, explain the consequence, that they will actually put in the effort to correct the problem. If I said nothing to their "guarantee" response, they would be deluded in the idea they are correct and nothing is wrong with their system, thus no fix to the problem.
  3. 3 spams from a major, well-known business of which I AM a customer. I opted out of all communications through the online account access. First spam: I click "unsubscribe" in their valid (in that it was from them) email spam. Their system does not seem to like the VALID special character in the email address. Go figure that my account uses that same address and they will send to the address, but just won't unsubscribe with it (stupid programmers). I chat (and transcript) with them online about it, and after pulling teeth, they end up saying "I will unsubscribe your email address from marketing and spam emails." ... "It should be within 24 hours effect". Second spam(3 days later): I chat with them again and am told "I will ensure to get this added for you on the list of emails that won't be receiving any kind of spam" and ... "I have verified that partial changes were made on the account but not completely turning off the spam notification for the email on the account" and ... "I do saw that the notification over the mail was discontinued and I made the corrections so that you won't be getting anymore spam email on your email" Third spam (6 days later): Got some bite back from this person when I called them out when they said "I can guarantee you that we did not send any email or texts." and I called them a liar. They were so offended and I asked what would be more applicable and suggested ignorant. Their claim was based solely on flags in a database field that clearly weren't followed based on the proof that I had. No way can they make that "guarantee". In the end they say "This was not investigated before as the previous case created is to put your account on to the do not solicit list-- no mention of you still receiving messages after the request was granted" (curious given the request was made with the first spam, was it not....?). I had mentioned that if spams would continue that I would report it to spamcop and the FTC. I may chat with the FTC about it when they open later this morning, but the business investigation is said to reach a conclusion on the 5th, so I MAY hold off until then (or the next spam). Incompetence must not be rewarded and I've been saving the spam to report them all later. Report them into a blacklist-oblivion/fined. Now, am I missing something here? Surely my expectation of not receiving marketing from them is reasonable, particularly when I'm given the option to unsubscribe. As well as making them accountable when they do not resolve the issue.
  4. vindicator

    ARIN Spams?

    Again, I'm pretty new to reporting, but was shocked to find the sender to be an ARIN-owned IP, which may be why SC gives "No reporting addresses found". But the POC IS found if searched (maybe this message should be in the sublisting): https://whois.arin.net/rest/net/NET-23-0-0-0-0/pft?s= https://whois.arin.net/rest/poc/ARIN-HOSTMASTER.html I REALLY find the timing of this email to be suspect considering I contacted them earlier today (though their reply came from a 199.43* address): (man, I like how this forum works, much like github)
  5. vindicator

    ARIN Spams?

    I had forgotten about that whole pharmacy deal. Feels like it was even longer ago than that to me. I did get a reply from ARIN regarding the unattached IP spam: But I have not yet heard back about the inaccuracy report. I had just gotten another spam from that range It's disheartening to find that they still have the ability to continue using the IPs. There needs to be another cut-off method that involves whatever pipe they use. I should probably look more into how these addresses get used and piped out. It's like now that I know that range is (unattached?), that I could start broadcasting ownership of them. Or for that matter, any range. I'd have to see how the routing all plays into it. I tried tracing it from 2 locations and ended up in the void.
  6. vindicator

    ARIN Spams?

    Based on my new thread in the subtopic regarding an APNIC address, I tried running whois in linux for the IP address I mention in my OP. Interestingly, it came back that no match was found which is bizarre enough in it's own right. I don't even know what to think of that. When I used the -B and -a flags, I got more information, but still nothing usable: $ whois -B -a % This is the RIPE Database query service. % The objects are in RPSL format. % % The RIPE Database is subject to Terms and Conditions. % See http://www.ripe.net/db/support/db-terms-conditions.pdf % Information related to ' -' % No abuse contact registered for - inetnum: - netname: NON-RIPE-NCC-MANAGED-ADDRESS-BLOCK descr: IPv4 address block not managed by the RIPE NCC remarks: ------------------------------------------------------ remarks: remarks: You can find the whois server to query, or the remarks: IANA registry to query on this web page: remarks: http://www.iana.org/assignments/ipv4-address-space remarks: remarks: You can access databases of other RIRs at: remarks: remarks: AFRINIC (Africa) remarks: http://www.afrinic.net/ whois.afrinic.net remarks: remarks: APNIC (Asia Pacific) remarks: http://www.apnic.net/ whois.apnic.nett remarks: remarks: ARIN (Northern America) remarks: http://www.arin.net/ whois.arin.net remarks: remarks: LACNIC (Latin America and the Carribean) remarks: http://www.lacnic.net/ whois.lacnic.net remarks: remarks: IANA IPV4 Recovered Address Space remarks: http://www.iana.org/assignments/ipv4-recovered-address-space/ipv4-recovered-address-space.xhtml remarks: remarks: ------------------------------------------------------ country: EU # Country is really world wide admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED mnt-by: RIPE-NCC-HM-MNT mnt-lower: RIPE-NCC-HM-MNT mnt-routes: RIPE-NCC-RPSL-MNT created: 2016-04-14T14:35:56Z last-modified: 2016-04-14T14:35:56Z source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. e-mail: bitbucket@ripe.net admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT created: 1970-01-01T00:00:00Z last-modified: 2001-09-22T09:31:27Z source: RIPE % Information related to '' route: origin: AS24091 mnt-by: MAINT-MGR-RIPE created: 2017-03-08T14:30:56Z last-modified: 2017-03-08T14:30:56Z source: RIPE % This query was served by the RIPE Database Query Service version 1.88 (WAGYU)
  7. Abuse contact for ' -' is hostmaster [at] nic.or.kr I hope I get this right. I'll need to take another look at my other thread that behaved similarly... @Lking if I did it wrong again, do let me know. I believe I followed the structure that seemed to have been set in place (while adding a bit more). I was about to contact the apnic folks. Their whois info is the same that spamcop pulls, but apparently it gets nested, though you wouldn't know it based on the information provided. https://www.apnic.net/manage-ip/using-whois/abuse-and-spamming/reporting-abuse-and-spam/ says to look at the "netname" and correlate to the NIR. Except that didn't help since the netname contained "ERX" which didn't match with any of the NIR. A search for ERX and NIR mentioned Japan... HOWEVER, a thought occurred to me to just run whois from linux and it pulled the information from the Korean NIR. I'm going to see if that also happens with the other thread I posted that I think related to ARIN instead. The whole system seems to be one big unkept cluster-*.
  8. vindicator

    ARIN Spams?

    https://www.spamcop.net/sc?id=z6365977357z8a69e9ff1345099192b9ce1d3523e8b9z EDIT (Sanitizing): You'll note that I sanitize anything that looks like it may link to me. I know of one way I don't sanitize that MAY still be used to identify me, but I won't mention it (no one knows who may be lurking).
  9. Sender IP: The domain points to an unusable (fake) registrar site. Another address I won't be reporting to. On a side note, considering I'm just starting with reporting, are these fakes common? Somebod(y/ies) at the *NICs are asleep at the keyboard, with their nose pressing the 'Y' key, letting all these mooks in. I'm DEFINITELY glad I'm not blindly reporting via the SC-supplied email dump address. EDIT (More?): = pravamconsulting.in isysmagic.in is the registrar for some of these, but their site only shows the folder listing of cgi-bin. How are people registering their sites? I don't know how long I'm going to keep submitting if the *NICs and registrars aren't going to keep the field clean (or aren't working altogether). On a few occasions in the past, I've read of raids against spammers and seen a dropoff of spam as a result. I wonder what it takes for any given gov/nic/registrar to take action they are capable of taking... (is that enough use of the word "take"?)
  10. Sender IP: Part of AFRINIC and the (maintainer's?) listed address is inno_rr {at} yahoo That sends up a red flag for me. Maybe needs a devnull? If you google that username (assuming it's the same person), it's not someone who separates business from "pleasure". You can probably guess how (he?) became "rich, #$@*!" I don't intend on sending any reports to that address.
  11. I don't quite know how it all works, but can ARIN/APNIC/(whoever) revoke addresses if the provider cannot be reached? A spam IP of shows the abuse contact of p01243 [at] psilink.com, but it's being devnull'd because of bounces. The domain itself is up for sale. ARIN info comes up with fake information: https://whois.arin.net/rest/org/AACS-1/pocs "There is no known POC for this organization..." for 7 years. The phone number listed goes to a fax/modem. Would it be fruit(ful/less) for me to notify ARIN and see about having the entire mask pulled? Maybe they can just sell the range to someone else.
  12. vindicator

    Reporting Risks

    Got it. The term "munging" is just what I needed. I think I'll just pay more attention to the spam itself and sanitize anything that looks to be a direct identifier of me when I paste. God, I hope that link of corollaries is meant to be humorous, but really it seems to align with words that actually come out of peoples' mouths. The preferences look good, but I think I may want to make use of "Public standard report recipients". Would this be a good place to stick the spam';k,;lo [at] g9k/'0uce.gov (how's that for munging ) address, or do they seek the plain/clean/untouched header/email only? EDIT (SC Forum Safelist): I also meant to ask what domain whitelist I should use for SC forum replies. The one you sent went to junk and the domain associated wasn't "spamcop.net".
  13. vindicator

    Reporting Risks

    Through manual reporting, I've come to the conclusion that I should never report via forwarding to the SC-supplied email address. I felt sketchy about reporting (not yet) this one spam when I previewed the report. I noticed that even though it contained the SC alias I set, the headers were still peppered with parts of my email, like in "Return-Path", "Errors-To", and "Received-SPF". I think this is EXACTLY what a spammer would hope would happen in a report sent to them. It would be just as bad as replying to the email. The SC-parsed/resolved reporting email addresses seemed sketchy as well. The ip network abuse domain is romanian and whois provides hardly anything, while the admin email for the linked site also seemed strange with the registrar's own site redirecting to another. I have no desire to submit a report to either address if there's any chance they are (unwittingly?) in cahoots.