My joke for today

[Lking]

I got two of these today. Would of course provided a URL for the report but ....

Tired of constant movement because of problems with hosting? Botnet is unable to send all your spam mails? Registration of IP with the ability to respond to the complaint. It is very easy!

Visit our site to get additional info about our services.

Direct URL: http://....ru

[Farelf]

So, spammers have problems too, eh? But a superior service awaits. No need to abandon/optimize those store-bought lists after all. Perhaps, if you still have one of those when the system comes/stays up, you might like to post a tracker here Lou. Hopefully it's all some sort of a sting to catch actual spammers, somehow. That would really be merriment-making - even if unprincipled.

[Lking]

Perhaps, if you still have one of those when the system comes/stays up, you might like to post a tracker here Lou.

Some days we're lucky some days we're not. One copy got processed "Wednesday, June 24, 2009 6:20:18 PM -0600" Go figure.

Subject: IP registration for spammers, malvare, doorway.

[Farelf]

You know, that looks a little to me like a new/small operator ipaddr.ru (part of net-art.cz) is being set up by a competitor to look like a spammer's one-stop shop, to undermine the new boy. I'm not happy about the similarity to NetArt.cz when net-art.cz is actually/apparently Russian and a little puzzled by the American hosting, but ... wouldn't be the first time such a dirty trick was played. If so, spamming a SC reporter (or a number of SC reporters) might seem an efficient way to conduct such a campaign.

DNS is a little odd:

DNS records

name class type data time to live

ipaddr.ru IN A 206.71.190.192 18151s (05:02:31)

192.190.71.206.in-addr.arpa IN PTR mail.net-art.cz 3135s (00:52:15)

but then a complete set of records exists for net-art.cz, the web-site of which has recently ducked for cover:

HTTP - 80 HTTP/1.1 403 Forbidden (but cached copies exist of a very basic net-art.cz/en/ page)

Dunno, I just think there is more to such a blatant/ironic effort. But then I've overestimated spammers before.

[rconner]

You know, that looks a little to me like a new/small operator ipaddr.ru (part of net-art.cz) is being set up by a competitor to look like a spammer's one-stop shop, to undermine the new boy.

The site at ipaddr.ru links to a disclaimer page (english translation via Google) that refers to and repudiates the spam. One might conjecture another Job of Joe, except that it isn't clear how or why ipaddr.ru would be victimized in this way.

-- rick

[kaa]

Hello,

I'm the owner of ipaddr.ru/net-art.cz projects. Of course, we've never sent UCE. I have a spamcop account since 2003.

The most probably reason for provocation is a business conflict which took place in begin of 2009. I have no facts and because I will not call the name.

Now I got a problem with hoster and a lot of complains needs to be resolved.

[Farelf]

Good find on the repudiation, Rick.

...One might conjecture another Job of Joe, except that it isn't clear how or why ipaddr.ru would be victimized in this way.

?? Competitiveness. Even a low-intensity attack might harm their reputation with existing and prospective clients and threaten the relationship with their host. Perhaps regulatory/law-enforcement authorities might harass, be sensitized henceforth to the 'brand-name'. All under the heading 'dirty tricks against a competitor'. Or am I missing something?

[Edit - above written before kaa's post made]

[Lking]

More conformations that spammers are dumb keeps rolling in.

Todays example is http://www.spamcop.net/sc?id=z3647250516z8...05d1f2265b0886z

An email to postmaster [at] mydomain.com "because of the security upgrade of the mailing service your mailbox". Applying a directory attack to a small domain does result in some odd results.

In this case the payload (in the first received of this type) was 2 downloads trying to get in through my browser. There was a trojan horse and a download package.

This is more interesting than all those folks in Poland are somewherestan concerned about my sex life.

What ticks me off it the time I spend because of someone that doesn't know how to use their tools resulting in spam with "Subject: Spamit_New_Subj" in my inbox.

[Lking]

The link to today's spam joke is

http://www.spamcop.net/sc?id=z3897437455z3...af6338593e8409z

The signature block added by the provider is

Do You Yahoo!?

Tired of spam? Yahoo! Mail has the best spam protection around

http://mail[dot]yahoo[dot]com

Of course when reported spamcop reports that Yahoo is grown tired of (requested not to) receiving reports.

[Farelf]

...

The signature block added by the provider is

(Do You Yahoo!?

Tired of spam? Yahoo! Mail has the best spam protection around )

Of course when reported spamcop reports that Yahoo is grown tired of (requested not to) receiving reports.

Now, now Lou - it's the reporting of that signature block that Yahoo doesn't want and they would otherwise be entitled to IB status on such instances anyway. With the reporting of Yahoo's part as an intermediary/relay, a separate matter, notification is going to a 'special' Yahoo reporting address, presumably for special attention.

By all accounts a claim of good spam protection for Yahoo inboxes would be entirely justified - the superlative "best" might be open to debate but faint advertizing n'er won fair consumer.