[FAQ Entry: The Link Analysis Process]

...*shrug* To what e-mail address would you suggest reporting spam from this IP address, given the following?...Seems to me that the SpamCop parser's decision was consistent with the available information for this IP address ....

I know the parser is using the info provided for that IP, my point was, why does the parser not filter out donaldduck[at]hotmail.com and discard it as fake.

Whenever I question the reliability of the parser at locating referenced websites, people are very quick to pipe up that this is not what the parser is for, and all the efforts are put in to detecting the source of the spam. My point is that quite often it does not do that very efficiently. Who wants to send spammers confirmation that their email address is live, and actively reports spam and yet the parser allows this with surprising ease. I know you can untick specific addresses, but surely anything [at]gmail.com or [at]hotmail.com or [at]geocities.com that isn't abuse[at] or postmaster[at] is fake, the parser should be smart enough to discard anything that is obviously fake.

[FAQ Entry: The Link Analysis Process]

(unless a miracle happens and the things that have been keeping Julian and the Deputies busy ensuring that the parser works well in finding the source of the spam e-mails)

I think the parser often gets the source wrong! Often it or gives the spammers email address as a reporting address - how and why does the parser give the address royir143[at]hotmail.com as a valid spam reporting email adddress (see below) ?!!! Surely it must be possible to have a system where anything other than abuse[at]hotmail.com is discarded as fake. I really think the spammers are one step ahead here and are actively building a database of users who report spam. They can then use this for a variety of uses like refining spam to evade the pharser, using reporters of spam to maliciously report legitimate websites, or more worryingly set DDos attacks and virus campaigns...

Tracking message source: 124.106.177.207:

Routing details for 124.106.177.207

[refresh/show] Cached whois for 124.106.177.207 : rrdelavega[at]pldt.com.ph nctabernilla[at]pldt.com.ph ssmiguel[at]pldt.com.ph riresurreccion[at]pldt.com.ph jcgonzales[at]pldt.com.ph vrortiz[at]pldt.com.ph royir143[at]hotmail.com

Using last resort contacts rrdelavega[at]pldt.com.ph nctabernilla[at]pldt.com.ph ssmiguel[at]pldt.com.ph riresurreccion[at]pldt.com.ph jcgonzales[at]pldt.com.ph vrortiz[at]pldt.com.ph royir143[at]hotmail.com

Message is 4 hours old

124.106.177.207 not listed in dnsbl.njabl.org

124.106.177.207 not listed in dnsbl.njabl.org

124.106.177.207 not listed in cbl.abuseat.org

124.106.177.207 not listed in dnsbl.sorbs.net

124.106.177.207 not listed in relays.ordb.org.

124.106.177.207 not listed in accredit.habeas.com

124.106.177.207 not listed in plus.bondedsender.org

124.106.177.207 not listed in iadb.isipp.com

Finding links in message body

Parsing text part

no links found

Please make sure this email IS spam:

From: "Phyllis Honeycutt" <tkynqmck[at]ainsight.com> (FWD: Big news shows promise)

Did not par ticularly enjoy your previous tra ding day? Don?t focus on that. Mov

e on to your most successful one with the tips I listed below! You?ll come out o

View full message

Report spam to:

Re: 124.106.177.207 (Administrator of network where email originates)

To: royir143[at]hotmail.com (Notes)

To: vrortiz[at]pldt.com.ph (Notes)

To: jcgonzales[at]pldt.com.ph (Notes)

To: riresurreccion[at]pldt.com.ph (Notes)

To: ssmiguel[at]pldt.com.ph (Notes)

To: nctabernilla[at]pldt.com.ph (Notes)

To: rrdelavega[at]pldt.com.ph (Notes)

Re: 124.106.177.207 (Third party interested in email source)

To: Cyveillance spam collection (Notes)