Grrr: bellnexxia.net SPF ignorant.

[Marty]

[soapbox][rant]

Excuse me while I vent a little...

GRRRRRRRRRRRRRRRRRRRRRRRRRRR!!!!!!!!!!!!!!!!!!!!!!! (thanks I feel a little better now).

This morning I found myself being joe-jobbed http://en.wikipedia.org/wiki/Joe_job

This happens from time to time, and it may be as a result of my SpamCop reporting for many years

What was unique this time was that all the NDR's (bounces) came from just ONE ISP postmaster department BELLNEXXIA.NET

I guess they never noticed that I have an SPF record on the domain indicating just one valid outgoing IP#.

I have reported a small sample of the misdirected bounces via SpamCop, with a note, "YOUR spam did NOT originate here - why are YOU therefore spamming ME ?" and later adding, "Please learn about SPF http://www.openspf.org/".

Can I sue them or ask the FBI to take action under the otherwise useless CAN-spam Act?

Does anyone in the USA still not realise that the spammers scored a major coup with the naming of that act in that "CAN" means "toilet" there, but in most of the rest of the world "CAN" implies "allowed, or permitted"?

Which of course CAN-spam does, allows them to spam at will (so long as they "allow" US to opt-OUT).

Politics may be taboo here, but I gotta ask, "did anyone concerned with anti-spam actually vote for the moron that signed THAT one into law?".

[/rant][/soapbox]

[Wazoo]

I've looked at this several times, but I have not found where there is an issue with the SpamCop.net Parsing & Reporting System. Therefore, moving to the Lounge area wth this Post.

[Farelf]

Whoa there Marty. If those are delayed bounces (once upon a time required by RFCs but since sunk in the sea of spoofed sender/reply to addresses) then that is no Joe-job, purely postmaster ignorance - ref http://members.spamcop.net/fom-serve/cache/329.html Just keep reporting those bounces, or a reasonable sample of them. Maybe post a sample of the reports by way of a Tracking URL so we can see just what's happening to those.

Next bellnexxia.net is Canadian, it is not US (AFAICT) so CAN spam is not going to be in the picture. The Canadians are terribly polite and are sure to have some remedy if you care to look it up.

Frankly, I'm puzzled - the delayed bounce thing is something that mostly happens from the "eastern bloc" part of the world where they do business differently. It is disappointing in the extreme if a sizeable Canadian ISP is doing it. Surely just a momentary aberration?

Finally, we all get delayed bounces and they can be a huge nuisance. If your name is on a list to be spammed, sooner or later you get your turn to be spoofed as the sender. Then you get your turn again. And again. That's the way the mainstream botnet-type spammers operate. Generally nothing to do with SC reporting. Unless you're special. But really, the modern spammer 'business model' has no place for pay-back. It's all about volume, as your delayed bounces will indicate. Those fools can't even be bothered culling the non-existent addresses from their lists, they're bullet-proof in terms of their sending facility (the botnets), they're not going to bother picking on RBL reporters unless they feel like a little diversion. And generally they don't know who the reporters might be because the reports can't get to them anyway - they are simply not where they pretend to be and even if they were, the ISPs the reports go to wouldn't pass them on. (If they did the Deputies would stop sending them reports).

[Marty]

Do I get a star for taking so long to reply to a topic I started?

Sorry for the misplaced post Wazoo, and thanks for the guidance. Could we have a "Rants" sub-forum where we can just "let off steam"?

Farelf: Thanks for the advice and your input. I'm not really paranoid. Well not enough to seriously believe that a spam-gang had targeted me I'm pretty sure they would be classified as joe-jobs, they were sent with one of my "private spam-trap" from: addresses to who knows how many domains, but only bellnexxia "returned" them to me, hundreds of the little blighters! Many of the sending IP's were already listed at spamcop and spamhaus BL's. Before SPF I used to sometimes get thousands, and from diverse ISP's. As you say, that email address was already being passed around, and it was probably just my turn to be the patsy.

All noted about CA not USA, and CAN-spam. Much obliged.

Anyhoo, it all passed within a couple of days.

Love your sig. btw, highly appropriate to matters of spam, and life in general

[Farelf]

Hi Marty, welcome back. The "Lounge" forum is fine for rants. Who doesn't feel like that when getting all those misdirected bounces from any source, let alone from a corner of the internet that most definitely should know better? Unfortunately the fact that it went away after a few days is exactly typical for this sort of nonsense, no proof that they've learned the error of their ways (though surely they must once, not so long ago, have known better or the internet would resound with outrage at their infamy). Maybe we keep the topic open for the moment, just in case they come to feature in your own or other members' nightmares once more. Hopefully not ...

Generally you can never be too paranoid but I think you've called it right - this was (most likely) just a random roll of the dice and hopefully a rare aberration on bellnexxia.net's part. If not we shall resume resounding.