goldeneye Posted June 1, 2010 Share Posted June 1, 2010 This is at least the third email I got with a URL that refers to that IP when parsed - and it isn't the IP block - it is the particular, specific IP. http://www.spamcop.net/sc?id=z4091158454zd...be4371c5ddac7fz Whatever that reporting e-mail that is (dgoulakos[at]optima.org), it doesn't sound right at all and it's bounced 6 out of 7. Not only that, but ARIN claims that the 170.117.0.0/17 block is that particular contact. Another snowshoe spam artist - such idiocy... Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 1, 2010 Share Posted June 1, 2010 SpamCop knows the address is bouncing our mail. That's why the reports are being sent to dgoulakos#optima.org[at]devnull.spamcop.net for statistical tracking. Mail sent to "devnull" addresses is going to the trash. It is the act of sending the email that feeds our stats, so sending the report to the trash works just fine for our purposes. - Don D'Minion - SpamCop Admin - - service[at]admin.spamcop.net - . Link to comment Share on other sites More sharing options...
petzl Posted June 1, 2010 Share Posted June 1, 2010 SpamCop knows the address is bouncing our mail. That's why the reports are being sent to dgoulakos#optima.org[at]devnull.spamcop.net for statistical tracking. Mail sent to "devnull" addresses is going to the trash. It is the act of sending the email that feeds our stats, so sending the report to the trash works just fine for our purposes. Parsing input: 170.117.122.82 No recent reports, no history available So why no reports available? just asking Link to comment Share on other sites More sharing options...
goldeneye Posted June 1, 2010 Author Share Posted June 1, 2010 One more damn e-mail from this 170.117.122.82 POS... http://www.spamcop.net/sc?id=z4093407681z3...f5c669d8add6d0z with the domain savejava.com Now the connection they used to advertise that domain which translates into the POS IP 170.117.122.82 was from 209.66.157.232, which apparently is a connix.com connection. Link to comment Share on other sites More sharing options...
goldeneye Posted June 1, 2010 Author Share Posted June 1, 2010 More of this POS... http://www.spamcop.net/sc?id=z4093747046zb...ce2ae216016ecdz This time with domain second9949.com - sent from 204.110.241.40. I think that entire 170.117.0.0/17 is rogue or stolen, especially that POS IP address 170.117.122.82. Link to comment Share on other sites More sharing options...
Farelf Posted June 1, 2010 Share Posted June 1, 2010 ...I think that entire 170.117.0.0/17 is rogue or stolen, especially that POS IP address 170.117.122.82.Well, since the host owner Optima is rejecting reports, that's a reasonable assumption. Here is what Robtex "sees" from that IP address currently: http://www.robtex.com/ip/170.117.122.82.html (lots and lots of spammy domains showing there) Since this is "only" a spamvertizer, SC is never going to make much of an impact - especially since the mail carrying the links (SC's actual target) are from diverse sources, possibly a botnet. Elliot Health Systems/Optima is US registered I think, this stuff needs to be reported to US authorities (FTC) by an affected US resident (such as you) to test whether there is any illegality. That's maybe a bit tricky in this case, the link to the spam is the "payload", not the sender. All seems pretty self-evident to "us" but there'd be no lawyers if everything was really as simple as it looks. Or you could try complaining upstream to the 170.117.0.0/17 owner, colosseum.com which looks like verizon with an abuse address abuse-mail[at]verizonbusiness.com. Again, they may not be primarily geared to deal with spamsite hosting. Who would dream those spammers would have the audacity to operate that way? Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted June 1, 2010 Share Posted June 1, 2010 Parsing input: 170.117.122.82 No recent reports, no history available So why no reports available? just asking Because the IP is not a spam source, it's a web host. The SpamCop stats apply to the web URL that was reported, not the host IP, which is only used to determine who to send the report to. - Don D'Minion - SpamCop Admin - . Link to comment Share on other sites More sharing options...
petzl Posted June 2, 2010 Share Posted June 2, 2010 Because the IP is not a spam source, it's a web host. The SpamCop stats apply to the web URL that was reported, not the host IP, which is only used to determine who to send the report to. Thanks that explains it. Sometimes researching IP's and wondered why Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.