Jump to content


  • Posts

  • Joined

  • Last visited

Everything posted by dzaidle

  1. Here is another: http://www.spamcop.net/sc?id=z5428972933z5...a2bf5261758ee3z
  2. http://www.spamcop.net/sc?id=z5428962489zd...836ef4401e334ez
  3. If I correctly understand what's happening, might it be helpful to install a CAPTCHA on the reporting pages?
  4. Could this be related to the "leap second error" that took down many prominent websites a few days ago?
  5. Actually, it is rather simple: In your firewall or router, block the offending ISP(s) and/or domain(s). I use this for my company's entire server (globally blocking all offshore--from the US--IP addresses and individually blocking domestic IP addresses and domains), thus reducing our spam load by 95 percent and more.
  6. The URL in a spam I received, h ttp://upeydxwhkft.blogspot.com (I suspect it is a malware infection site), will not parse despite multiple reloads on reporting. Tracking link: http://www.spamcop.net/sc?id=z1775887640zc...cddf55fae31233z [edit url link broken]
  7. Despite many reloads, the parser would not resolve the spammed URL, ht tp://gailroffcc.blogspot.com Tracking link: http://www.spamcop.net/sc?id=z1649053025z1...28403622e54fc0z [edit - live spam link broken, no sense in giving a spammer free airtime]
  8. Thanks Wazoo et al. I will do the Mailhosts configuration route and see how it goes. DZ
  9. For som time now, the parser has consistently interpreted spam to/through my server's relay as the source, rather than the actual source IP. While I realize that "X-Originating-Ip:" [] can be spoofed, in this cas it isn't but the parser ignores it. Any suggestions I can pass on to the server admin appreciated. A sample tracking link and the associate original header below: LINK http://www.spamcop.net/sc?id=z1405828583z7...49c079b7df6166z HEADER Return-Path: <xxx[at]axisbancorp.com> Received: from gate11.r4.iad.mlsrvr.com (gate11.r4.iad.mlsrvr.com []) by mail18b.r4.iad.mlsrvr.com (SMTP Server) with ESMTP id BFB283E3AD1 for <xxx[at]fishgame.com>; Thu, 23 Aug 2007 16:07:22 -0400 (EDT) Received: from gate20.gate.sat.mlsrvr.com (sat6.emailsrvr.com []) by gate11.r4.iad.mlsrvr.com (SMTP Server) with ESMTP id 9A4508A8104 for <xxx[at]fishgame.com>; Thu, 23 Aug 2007 16:07:22 -0400 (EDT) X-Virus-Scanned: OK X-spam-Flag: NO X-spam-Score: 1.002 X-spam-Level: * X-spam-Status: No, score=1.002 tagged_above=-100 required=6 tests=[html_MESSAGE=0, RCVD_IN_SORBS_DUL=0.001, URIBL_DNSBL_BLAGR3=1.001] X-Originating-Ip: [] Received: from i3ED6FBEC.versanet.de (i3ED6E858.versanet.de []) by gate20.gate.sat.mlsrvr.com (SMTP Server) with ESMTP id 5C9AC1B409C for <editor[at]fishgame.com>; Thu, 23 Aug 2007 16:07:20 -0400 (EDT) Received: by with SMTP id JSjFkIBQXXSQz; Thu, 23 Aug 2007 22:08:08 +0200 (GMT) Received: by with SMTP id WkXRLnRxjMXWvF.3871365883681; Thu, 23 Aug 2007 22:08:06 +0200 (GMT) Message-ID: <000301c7e5c1$4fe1dec0$ecfbd63e[at]Linda> From: "sebastian bustin" <sebastian-bustin[at]axisbancorp.com> To: <editor[at]fishgame.com> Subject: reckhard Date: Thu, 23 Aug 2007 22:08:03 +0200 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_000_0008_01C7E5D2.136AAEC0" X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2900.3028 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2900.3028 X-Antivirus: AVG for E-mail 7.5.484 [269.12.2/967]
  10. ISP abuse departments are either (1) staffed with the brain dead or (2) operating under corporate policies that are dumber than a bag of hair. The bigger the ISP (Comcast, RoadRunner, SBC GLobal, et al), the worse the problem. The dumbest thing that seemingly all mail server administrators do is bouce back to the address in the From line rather than authenticating then bouncing back to the sending server before the transfer ever takes place. That is just plain dumb.
  11. Received a PayPal phishing spam that parsed oddly, yielding the message, "619.197.189 is not a routeable IP address." Here's the link. http://www.spamcop.net/sc?id=z947255965zee...49daf061b1823fz
  12. "...made myself an all-Korean and all-Chinese blacklist." I do something similar for my personal email account, but I blackhole ALL messages from IP addresses registered in APNIC, LACNIC, and RIPE. Since I receive no legitimate communications from persons anywhere but the U.S., it cuts my spam voume by three-fourths and I get no fales positives on legitimate email.
  13. Isn't this spam hawking pricewatch?
  14. Well, actually, for the time being mail from comcast IPs without comcast.net in the FROM field go to a "holding area" rather than directly to the bit bucket. I'd get the email, but maybe delayed a few hours, depening on how often I check the server spam folder. DZ
  15. Rather than use published lists, I maintain my own. Here's how I do it: 1. Block all email fron non-North American IP addresses. 2. Allow through emails with comcast.net and rr.com in the FROM field. 3. Block all email from comcast.net and rr.com IP addresses that does NOT have comcast.net or rr.com in the FROM field. This reduces my spam volume by about 90 percent. Whatever gets through, I report. I long ago concluded that reporting to Comcast and RoadRunner is futile.
  16. Actually, that would be quite easy (at least the redirect part) since legitimate Comcast mail would have Comcast.net in the FROM field. spam sent through Comcast servers always has a forged FROM field.
  17. "I don't mind targetting the spammers. I hate spam. It just pisses me off when innocent people are harmed by overzealous people. I've seen it happen many times, and it has personally cost me thousands of dollars, punished for a crime I did not commit." Methinks WiseTex doth protest too much. Spammer? Lawyer? Spammer's lawyer?
  18. I do not block individual IP addresses, I block entire IP *ranges* for overseas servers. For example, I block the entire range (i.e. all IP addresses) -, which is registered under RIPE. SInce I receive no legitimate email from anyone on a server registered under RIPE (or APNIC or LACNIC), therefore all email from those IP ranges is spam. Typically, the ratio of spam I receive vs. those trapped by the preceding is around 30:70--for every 100 spam received, 30 are from domestic (North American) servers, 70 from overseas, so, I only see/report the 30. Of the thirty, sometimes up to 3/4 come from Comcast servers. I am toying with blocking all Comcast-sourced mail and auto-replying with a bounce message that tells legitimate senders the reason their mail will not be accepted. I know, bad idea, but I still like to think about it.
  19. You mean I invented blackholes? Quick, where's the patent office! I smell money!
  20. If the source(s) of the spam are, indeed, overseas (I am assuming you are in North America), you might consider trying a solution that works well for me: block all email that sources outside North America (based on IP address). I have been doing this for several years now, and it traps/eliminates 70-80 percent of spam. Obviously, this solution will not work for everyone. In my case, I do not have any legitimate communication with anyone overseas, therefore any email souced from an overseas server is spam. I therefore only receive/filter/report spam from North American servers (about 70 percent of it from Comcast). Since reporting spam to (most) overseas server operators is pointless (few will do anything about it), there is no net loss and such spam as I do report is more likely to be acted on. I actually block IP ranges rather than individual addresses. Basically, anything registered under APNIC, LACNIC, or RIPE goes into the bit bucket. Just a thought.
  21. Most of the stocks in these pump&dump schemes are "penny stocks" traded off the "pink sheets" under the auspices of NASDAQ, hence should also be reported to the latter at isfeedback AT nasdaq DOT com
  22. Where did you come up with the notion that libel is a criminal offense punishable by fine and/or imprisonment? Maybe it is in "foreign" countries, but not in the U.S. and (AFAIK) not in the UK. It is a civil tort, not a crime.
  23. On Friday 22 April SpamCop was down for several hours. Today, Saturday 23 April, reporting via email seem svery slow. Hours elapse between sending spam and receiving acknowledgement. Anyone know what is up--or down, as the case may be?
  24. This is called a "pump & dump" scheme. The spammer (or whoever he is working for, more likely) owns a large block of the "pumped" stock. As idiots respond to the spam and start buying the stock, the price goes up. Just as the price peaks, the spammer "dumps" his stock, and the price plummets. He makes a mint, the buyers lose their shorts.
  • Create New...