Jump to content


  • Posts

  • Joined

  • Last visited

Unclenick's Achievements


Member (2/6)



  1. Thanks. They are just new to me. I managed a good run of almost four years after changing ISP's in which I received very little spam. In the last six months, however, the flood gates re-opened, probably because someone with my address had their computer compromised, so I am seeing a lot of these tactics for the first time. Interestingly enough, my Spamcop e-mail address, which went largely un-spammed for an even longer number of years, is now the principle recipient of this "advertising" largess. I suppose it is proof that these guys have set themselves up in a successfully immune fashion and are either indifferent to being reported or are wanting to be reported to learn how effective their obfuscation is?
  2. Today I ran a URL for an unresolved spamvertized site through DNSstuff.com to figure out who to copy a report to? When I did, I got back no less than 15 IP addresses all claiming to belong to this same URL. 4 name servers were referenced. Anyone else see this multiple entry accomplished before? I didn't keep the original e-mail, but I believe it was one of the Canadian Pharmacy spamvertized sites, even though the URL was a .cn. The other oddball I ran into the other day was a trace that DNSstuff couldn't handle, probably owing to being blocked from a Russian server. I put it in at DNStools.com instead, and got back an IP addy that was formatted like this: Anyone else run into this before? I've noticed that very often DNStools will return the name of a URL as its resolution. So it, says, "somename.com resolves to somename.com", rather than the expected "somename.com resolves to". If someone more familiar with the workings of these things could shed some light, it will be appreciated. Nick
  3. I hadn't realized that they wanted the spam intact, but it makes sense. Otherwise it's hearsay evidence of a crime. Ah, well. Seemed like thing to do at the time.
  4. Sorry for the fuzzy focus. Got in a hurry. It was the User Notification Report I was referring to. I want to send a note that is different to different designated recipients. For example, a message to abuse[at]ISP.com that says: "Spamvertized web site in your IP range. www.######.com resolves to" (a number in their range). Then I also want to copy it to webcomplaints[at]ora.fda.gov or phishing-report[at]us-cert.gov or whatever the appropriate government reporting addy is, but not hand that same note off to them, which would be incorrect. I suppose I could try to format the note based on address, but it seems awkward.
  5. I'm sure this has come up before, but my attempts to search on the topic keep resulting in error messages from the search engine, which seems to be returning that message in place of "no matches found." If I take the time to use DNS Stuff or DNS Tools to track down the ISP's and and DNS's associated with a spamvetized site, I would like to be able to copy reports to their abuse addresses as well as to the government reporting addresses. Having just one user reporting address available makes me choose.
  6. Hmmm. My Yahoo has a "Bulk" folder by default, but my Hotmail account does not. I'll check the configuration and run the Mailhost attempt again. A search of all folders in Hotmail doesn't find any sign of the robot emails, thus far. I did run that. Nick
  7. Yeah. The apparent malware tracks would kind of statle you. I get annoyed just by Zone Alarm telling me that Hotmail wants me to allow About Blank. I remember that one. Can't bring myself to do it. Speaking of Hotmail, it is now the only account I've been unable to configure. Even Yahoo worked just fine. My Hotmail mailbox never receives any of the robot e-mails when I try to configure it. Is there something special required here? Thanks, Nick
  8. Can't get it done. I am using Eudora. There is a broken link in the special Eudora instructions to a third party patch for forwarding e-mail as an attachment, so I can't use that method. Using the two-pane entry form, the response I get is that smtp-5[at]widopenwest.com has no IP address, and is discarded as fake. A subsequent message says my e-mail addy appears to traverse more than one domain, and I have to configure them all individually and in order (which is what I thought I was trying to do). That's where I stalled out before. I have gone ahead and requested a waiver this time. I hate to have to stop and do that for all the confuring, one at a time, which is why I aborted the process before. I'll follow it through this time and see what happens?
  9. I've run into an issue whenever I've tried to configure before. Can't recall what it was, since it's been awhile? Everything seemed to be working without that, so I blew it off when it didn't go smoothly. I'll try again. That wouldn't account for the untraceables I get at Hotmail, though, since they don't forward through Spamcop. Next time I get one, I'll revisit the truncation approach. Thanks.
  10. OK. Here's where I need help to understand this. Look at that last report I posted in the quote of my own post, above. You will see that the spam is recieved at spamcop (the spammer is actually spamming my Spamcop address) and forwarded to my ISP account at wowway.com. The Spamcop report comes up interpretting the forwarding account Received lines as a forged source. I don't understand the e-mail parsing well enough to see why that is happening? As an experiment (I did not break the rules by sending this report), today, I truncated the forwarding Received lines down to the first Spamcop received line information and put that in the reporting form to see if Spamcop could parse it and return a trace result? Sure-enough, it appears to have tracked to the source with no problem. That is here: http://www.spamcop.net/sc?id=z1281223425z0...d4c038e9e8f555z So, is the spammer doing something that somehow shows up in the received lines and fools spamcop? Or is Spamcop just not handling the spam headers properly?
  11. I've gotten several of these in the last month. Two at a hotmail account, and two at my Wowway ISP account, including one today. Mine have included U.K. Yahoo contact e-mail addresses, so I have been forwarding copies to Yahoo abuse advising they close the recipient e-mail accounts. I understand the U.K. has been promoted to the #1 419 scam source. Nigeria has surrendured the throne, it seems. FYI, today's: http://www.spamcop.net/sc?id=z1280318581z8...eb8f5ce413713bz Moderator Edit: Extracted from http://forum.spamcop.net/forums/index.php?showtopic=8036 and made into it's own Topic .... has nothing to do with GMail .... does appear to be a "MailHost Configuration of your Reporting Account" issue .. so moved into that Forum Section ... PM sent to advise of all this activity ...
  12. Steve: O.K. That's an interesting difference? I get whole hours: Since the system considers anything over 2 days to be too old to report, I expect you mis-typed and you are actually getting 8.8 hours? In that case, how do I get the decimal place to display? I'm feeling stupid if I missed that one, having been a member at the time that feature first appeared. Andrew: That's why I suggested a running average. Not as easy to do, since it requires remembering the reporting times of each individual report on a FIFO basis for the running interval. A less space consuming scheme would be to maintain an acumulated simple average for today (same math as the current number, but re-zeroed at midnight), in addition to, in FIFO order, the last, say, 99 daily values just before re-zeroing. For display, today's average, accumulated thus far, would be added to the sum of the FIF0 data and the result divided by 100. That would give an approximate running average for the last 100 days that is accurate within 1%. In any event, it is more programming and server space. Probably not a reasonable expectation any time soon. Since the board gives no awards for best best reporting time, it seems to me that allowing someone to zero their average for display purposes would do no harm. The higher resolution I infer that Steve has will help me out, but I would add another decimal place for long time users, or else go to hh:mm format and resolution.
  13. Either a reset, or higher resolution (show hours and minutes), or have two average reporting time numbers, one being your lifetime average and the other being a running average for the last year or six month period. Allowing the user to specify a running averaging period in options would be nice, whether this replaced the currently displayed number or was a separately displayed second number. Whatever approach is used, the point is to give the user the ablility to tell whether their reporting habits are trending their reporting time up or down? Currently, if you have much of a reporting history, you can't tell until you get lucky enought to see the number flip. Nick
  14. I can barely imagine the bandwidth and server capacity required to handle the volume such a service would attract! With most e-mail in the world being spam, and much of that going to corporate e-mail boxes, you could theoretically nearly triple the world's e-mail volume (get spam, forward spam, report sent for each spam). That said, it has often occurred to me to trace and post the registration contact e-mail addresses for spamvertised sites on a spambot page. Probably won't get them to stop, and you'd have to manually wade through all the forged site registrations. Still, it might provide some sense of personal satisfaction.
  15. Most welcome. I am a moderator on another forum. It raises ones consciousness. Sort of. When I joined this forum the other day, my re-read of some pinned information answered the main question I had, but I thought I would set up a sign-in anyway. I'll try to participate a bit, when I'm not too busy chasing cell-phone sales spammers off the forum I help moderate.
  • Create New...