Jump to content

Blasted Russian spammers!


mrmaxx
 Share

Recommended Posts

I got an email today with an email address in the body (which I know SpamCop will not report on it's own, so I included a manual report on it.) However, looking up the IP of the email domain in question did nothing to inspire confidence as it's a "safe-mail" address, which I'm guessing is a throw-away email address.

So, I tried to traceroute to find their upstream. Unfortunately, none of the traceroute tools will work from inside my firewall, and none of the web-based traceroutes would work either. Until I tried tracing from Ukraine. THAT worked.

If anyone gets email pointing to a western-cet.com email address for replies, you should consider complaining to ihome.ru as their mail-host's upstream. Not likely to get a lot of sympathy, but at least that seems to be a valid upstream with valid abuse contacts. MY abuse.net lookup for ihome.ru got me the following:

postmaster[at]ihome.ru (for ihome.ru)

abuse[at]ihome.ru (for ihome.ru)

noc[at]ihome.ru (for ihome.ru)

abuse[at]ruscomnet.ru (for ihome.ru)

Hope that helps someone else. As I said, the way I got ihome.ru was through traceroute from a Ukranian lookingglass/traceroute site.

It gives me warm fuzzies to know that the spammers weren't able to completely block my figuring out who their ISP/upstream is! <Evil Grin>

Link to comment
Share on other sites

...It gives me warm fuzzies to know that the spammers weren't able to completely block my figuring out who their ISP/upstream is! <Evil Grin>
Indeed you've done well. The Robtex summary on western-cet.com is the most censorious I can recall seeing, saying in part "Trustworthiness, vendor reliability and privacy of this site is very poor. Child safety is unsatisfactory." Which indicates these folk are best approached from the rear, with a long and pointy stick and that the obstacles to establishing their upstream are a deliberate part of their "business plan" and may indeed indicate collusion on the part of that upstream retailer (who, nevertheless, has no place to hide).
Link to comment
Share on other sites

Indeed you've done well. The Robtex summary on western-cet.com is the most censorious I can recall seeing, saying in part "Trustworthiness, vendor reliability and privacy of this site is very poor. Child safety is unsatisfactory." Which indicates these folk are best approached from the rear, with a long and pointy stick and that the obstacles to establishing their upstream are a deliberate part of their "business plan" and may indeed indicate collusion on the part of that upstream retailer (who, nevertheless, has no place to hide).

thanks... any chance we could get that domain hard-coded to go to their upstream providers, who as you indicated, may not give a flip about spamming? When I plugged that domain name into SpamCop it was wanting to report to the "safe-mail" email address and refused to do so since it bounces. :(

Link to comment
Share on other sites

thanks... any chance we could get that domain hard-coded to go to their upstream providers, who as you indicated, may not give a flip about spamming? When I plugged that domain name into SpamCop it was wanting to report to the "safe-mail" email address and refused to do so since it bounces. :(
As petzl keeps reminding us, try the refresh button on the report confirmation page when that happens (or feed the domain to the parser paste-in window and do similar with the resulting reporting address detail). Report routing now updated, "Using last resort contacts strela777[at]safe-mail.net", which is a different safe-mail address and not yet pinged for bounces. Talk to Don about the upstream suggestion, he will have a better idea (than I do) of the futility or otherwise of trying that - service[at]admin.spamcop.net
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...