Jump to content

abuse At Load.com

  • Posts

  • Joined

  • Last visited

Contact Methods

  • Website URL
  • ICQ

abuse At Load.com's Achievements


Member (2/6)



  1. That makes sense, at the time I remember thinking that all of the other topics seemed specific to other issues, so I just took a stab in the dark, apparently I stabbed in the wrong direction hehe Thanks again for the help.
  2. Ok so not to seem slow but what you are telling me is that we are doing it correct ? If that is the case why do we continue to get listed as the source of the spam ? We have been doing it this way for at least the last 3 months, and every time we check to see on a report it has shown the host is not associated with your domain name error that I spoke of before. I am guessing when you have mailhosts fully implemented this will no longer work either, is that true ? Lastly is there anything we can do moving forward when mailhosts becomes the standard methodology for spamcop.net
  3. Here are the complete headers for the message as recieved by aol Thank's for taking the time to help me figure this out. Return-Path: <test[at]rock.com> Received: from rly-xg03.mx.aol.com (rly-xg03.mail.aol.com []) by air-xg02.mail.aol.com (vx) with ESMTP id MAILINXG23-45c42e0762876; Fri, 22 Jul 2005 00:29:47 -0400 Received: from smtp-out.load.com (smtp-out.load.com []) by rly-xg03.mx.aol.com (vx) with ESMTP id MAILRELAYINXG36-45c42e0762876; Fri, 22 Jul 2005 00:29:29 -0400 Received: (qmail 16430 invoked by uid 0); 22 Jul 2005 04:29:24 -0000 Received: from ([]) by smtp-out.load.com (Load SMTP 5.0.1) with HTTP id 8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com for test[at]rock.com; Fri, 22 Jul 2005 04:29:17 -0000 Date: 22 Jul 2005 04:29:17 +0000 Message-ID: <8F488A60_F22F_4C7A_9F34_7E1F63CA718B[at]webmail.loadmail.load.com> From: "test" <test[at]rock.com> To: <Undisclosed Recipients> X-TrueSenderIP: X-SenderHTTPUserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) X-Mailer: LoadMail SMTP X-TrueHostName: X-WebServer: webmail.rock.com X-CS-SpamStatus: 0 X-Queue: AFFINITY X-Priority: 3 Subject: test message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----=_NextPart_33926b6b_6fb4_4b81_9f88_2543e52cfb98" X-AOL-IP:
  4. Sorry guys I did all of those things, the question I was asking was, is there a time period before the system figures out that I am infact the same user that is listed on the ARIN registration, like do you place the entry in the db and have a cron job that goes out every so often and make the distinction of who is 1st party and who is 3rd party.
  5. I can post the entire message and let spam cop parse it ? Would that help ? Thanks -Adam
  6. I would love to send you a track back url but it has been quite some time since I have had one, The problem we are having is that our users keeps hitting the spam traps and we don't know who yet.
  7. This is more of question than anything else. We started doing this with our webmail service and it is just ignored by spamcop, I guess my question is are we doing it incorrectly ? Received: from smtp-out.load.com (smtp-out.load.com []) by rly-xh06.mx.aol.com (v106.2) with ESMTP id MAILRELAYINXH65-70f42db76c7e1; Mon, 18 Jul 2005 05:30:47 -0400 Received: (qmail 8741 invoked by uid 0); 18 Jul 2005 09:30:45 -0000 Received: from ([]) by smtp-out.load.com (Load SMTP 5.0.1) with HTTP id 2DAACD9B_E1EF_443B_9977_AAC36F1C8216[at]webmail.loadmail.load.com for gibson[at]tygo.com; Mon, 18 Jul 2005 09:30:40 -0000 Here are a couple of lines from a message from a spaming user, when this message is parsed by spam cop it basicly gets to the Received line with ref to and says this host is not associated with your domain, and ignores the ip address thus falling back to our default outbound smtp ip address. we began including this type of header in addition to our x-truesender-ip header, but it has not done any thing for us. What do you think ? Or are we doing anything you can see wrong ? Thanks Adam Rogas CTO Load Ltd
  8. I know at one point the spam cop system knew that our address was the admin address for these domain names. but something has changed as now we are listed as a 3rd party with intrest. Has any one else had this problem, or is this just me ? We did recently switch our accounts around, but also I am not really sure what the differences are between the two, or is it just a display thing ? [delete] Third party interested in daily aggregate summary reports [delete] Third party interested in daily aggregate summary reports [refresh] Administrator found from whois records [delete] Third party interested in daily aggregate summary reports [delete] Third party interested in daily aggregate summary reports [delete] Third party interested in daily aggregate summary reports Thanks
  9. I can clarify some of my recent posts. This statement is very true, all we pretty much need are the headers of the message to track down where the mail is coming from. Also true is that we do not need to know, nor do we care who received the message. All we really care about is that we receive the report that someone has gotten spammed so that we can take immediate action. No we believe that spam cop reports are effective, they help us both as a mail sender, as well as a mail receiver. Our suggestions were to make clear what is currently working with other systems. No all we care about is that the senders address is not munged. Yes this is probably the one thing that we think would help us do a better job of policing our users. To the end user Hotmail just deletes some incoming spam messages, and then filters other messages. From their data feed service, that we subscribe to, they give us the names and counts of offenders, so basically they help us track down abusive users that have slipped through the cracks, so we can take action before they affect a wider range of internet users. Adam Rogas CTO Load Ltd
  10. The real difference is ease of use, basically the messages that get sent back via the loop are not munged (the original receipt info is removed), so it is easy to start tickets on the abusive users the second we get the message. Also the fact that they are sent back as attachments keeps things neat and tidy, this is just really more a preference than any thing as it is easier for us to know for sure what we are parsing. Basically all of the minor differences are why the "secret" address method is really not so useful in a large volume, very dynamic, automated scenario. The one thing that is huge for us with Hotmail is that they will give us at least limited information about the number of times specific addresses have hit their spam traps. If there were levels of trust so that we, as a reputable asp/isp were trusted enough to be given at least some information about users that have hit spam traps out there, so that we could take action against them instead of shooting in the dark trying to find out which one really abusive user in the middle of thousands of legitimate high volume text messengers and business users, is causing your trust in us to go right out the window. I completely understand the necessity of protecting the network of trap addresses, We have many trap addresses at our service as well as at others, it is a key component to our spam fighting techniques. However I / we have a real enforcement problem if we don't know who to point the finger at, and with the volumes we are talking about, emailing the deputies and pleading for info every time is not a real solution. There is not really any way around it, the type of services that many of us provide are unfortunately targets for abusive users, we are constantly trying to be diligent about actively policing our users. My suggestions have one goal, and that is to help me as an email provider protect the other email providers of the world from my potentially abusive users, just as I would hope they would all be as diligently trying to protect me, and the rest of us from their users. Adam Rogas CTO Load Ltd
  11. I just recently updated abuse.net, so it should have updated information shortly I have no idea who abuse[at]nyi.net or why they would be listed as a responsible party of this ip block or our others. but they are. Our admins used to just use my old address to deal with tracking these issues with spamcop but as we got bigger we needed to reorganize all of this in to a more appropriate account / mail box
  12. I guess the point is this, Right now there is pretty much nothing, until it is too late. We get notified that within the last hour "someone" submitted "something" about our network. And many times we can get a copy of the message that has offended, but we have a couple million mail boxes to keep track of many of them hosted for private labeled "free" web mail services, similar to hotmail. The benefit of us getting direct feed back when one of our users pisses someone at hotmail or aol off when something like this happens is huge, we at least can flag the account as suspicious, we have heuristics that do this type of thing in place for other signs of abuse already, but this one really helps, as it is pretty much another human (in the case of AOL) saying hey this message is crap, and you should watch this guy. And quite honestly our false positive rate is under 0.1% with this in place. All I know is that it has been effective. Nothing that is currently available is the silver bullet that is going to put an end to spam. I, We are not implying that this is. However it is far easier to integrate into the work flow of a semi-automated abuse desk/system than the all manual process of checking spamcop every waking hour of the day. The list is great, we use the list it helps us block / tag allot of spam. This would just allow us to be a bit more pro-active (or really directly reactive). Most of the information we have gotten from AOL and HotMail, with filtering, has enabled us to stop spammers / abusive users as or before they get out of hand, not 24 hours latter when the damage to our reputation has already been done. We had many reservations when we started this process, espcially with AOL, concerns of false positives, or a masive manual process of confirming the spam complaints, but honestly what we found, at least with our user base, was that 99.9% of the complaints we were getting from them (aol) were legitimate in nature, and direct action was able to be taken on our part, with direct proof of the occurence, while still protecting the privacy of the submiting aol user. Adam Rogas CTO Load Ltd.
  13. Here are the links for the two services I referenced above AOL http://postmaster.aol.com/tools/fbl.html MSN http://postmaster.msn.com/snds/
  14. AOL has a feature like this and it looks like hotmail / msn is working on something like this as a service to ISP's, ASP's . . . pretty much any one who is stuck with the un-enviable task of hosting other peoples e-mail In aol's scenario an attached copy of the message is sent back to the feedback address with recipient information stripped out. Allowing your abuse desk to take immediate, possibly automated, action to solve a problem you may not yet be aware of. In msft's current solution they give access to a web site where you can find the unique helo / mail from / connection ip etc in a list format for all of the distinct connections from the networks you you can prove you have a right to see, and they are currently working on something like this in a web services format for a bit more of an automated reporting solution. I can only imagine some of the larger isp's / asp's that have deal with spam cop would be willing to contribute for this type of service, I know we would be willing to if it made sense. I can only imagine it would promote more immediate action on behalf of large service providers that have enough problems staying ahead of inbound mail traffic much less keeping track of their "not always so legit" out bound mail traffic. Adam Rogas CTO Load Ltd
  • Create New...