Jump to content

Spamcop "probing"?


mailguy99
 Share

Recommended Posts

This email came through to one of our helpdesk accounts:

Received: from newabe.citeglobe.com ([209.44.124.120]) by mail.xxx.au with MailMarshal (v6,5,4,7535)

id <B4f2f385e0000>; Mon, 06 Feb 2012 13:18:06 +1100

Date: Sun, 5 Feb 2012 20:53:49 +0000 (UTC)

From: Cerys Macdonald via LinkedIn <member[at]linkedin.com>

Reply-To: Cerys Macdonald <billroberts[at]newmail.spamcop.net>

To: helpdeskxxx.au <helpdeskxxx[at]xxx.au>

Message-ID: <1392939564.36279827.1588003540399.JavaMail.app[at]ela9-bed53.prod>

Subject: Cerys Macdonald sent you a message via LinkedIn

MIME-Version: 1.0

Content-Type: text/html; charset=UTF-8

Content-Transfer-Encoding: 7bit

Our helpdesk software generated a "Thanks for your enquiry" message back to billroberts[at]newmail.spamcop.net and we appear on SCBL and can't send mail to key clients. ??!

The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net?

- mailguy99

Link to comment
Share on other sites

<snip>

The forged linkdIn message is pharmacy spam, and I understand the general issue of auto-responders - but what *spammer* sets a reply-to address to spamcop.net?

...One that either wants you to get on blacklists or wants you to think SpamCop is spamming or both.

...Now that you understand the issue of auto-responders, you have turned yours off, right?

...It is unlikely that this one auto-response alone will have caused you to be listed unless billroberts[at]newmail.spamcop.net is a spam trap. If you wish to see the details, go to SpamCop FAQ (links near top of every SpamCop Forum page) entry labeled "What is on the list?" for an explanation -- scan down to the sections labeled "How the SCBL Works" and "SCBL Rules."

Link to comment
Share on other sites

209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Link to comment
Share on other sites

209.44.124.120 = newabe.citeglobe.com was the problem. It was on our list for a couple of days, but it was removed Tuesday, February 07, 2012 09:16:38 -0700 because the host assured us the problem was fixed, and there hasn't been any spam since.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap.

- mailguy99

Link to comment
Share on other sites

Thanks Don, as I said it *was* spam from them - the puzzle for me is why the reply-to address on the spam they were sending led to a spamcop spamtrap.

- mailguy99

The IP seemed to be sending a lot of "spam" possibly vacation notices (I only see subject lines)? This to real peoples email accounts.

Spamtraps alone will not get you listed, they have to be backed up by real reports.

Also the abuse reports to that IP are disabled "abuse (#) netelligent.ca"?

Pay to ask for it to be re-enabled maybe. The spam is still coming from real people today but may be late submissions (just two so far)

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...