Those Romanian bastards again!

[goldeneye]

Since about the end of March, I've been noticing spamming from Romania has picked up quite a bit and quite a few weren't caught on my ISP's spam filter, including 3 of the last 4 spams that weren't caught...

Here are all of them dating back from March 29:

http://www.spamcop.net/sc?id=z5306374619z5...6910d6c5467c72z

http://www.spamcop.net/sc?id=z5306374341ze...0040397544f84cz

http://www.spamcop.net/sc?id=z5302598049z5...a91720bba7731dz

http://www.spamcop.net/sc?id=z5292060929z0...35c5aad5fa319fz

http://www.spamcop.net/sc?id=z5291796617z5...341f81fcfa05e1z

In all five of these cases, the reports that are apparently sent to aren't to a postmaster or abuse address - I wonder if the spammers themselves in Romania are setting them up so that spamcop reports go to them and then they revenge spam using spamcop reports.

Romania is still one very lawless country that still hasn't gotten its act together when it comes to spam - it shouldn't even have been allowed to enter the EU in the first place.

[SpamCopAdmin]

The reports had been going to the wrong place, which I fixed.

Unfortunately, the correct reporting address bounces our mail, so we didn't really get anywhere.

- Don D'Minion - SpamCop Admin -

- service[at]admin.spamcop.net -

[turetzsr]

...Your spam does seem to be coming from machines in Romania but that doesn't necessarily mean that the spammers are Romanian and in any event does not by itself justify your attack on Romanians. If you are going to sling about words like "bastards" and "lawless," please offer more evidence than a few tracking URLs that show an abuse address with an ".ro" suffix. And please put it in a more appropriate forum, such as the "SpamCop Lounge." And indicate how Romania and Romanians differ from us Yanks, who are certainly far and away the most prolific sources of spam!

[goldeneye]

Oh believe me, I've had to deal with snowshoe spams for several months from Romania back in 2009 or thereabouts and those spams had hyperlinks which traced to Romanian servers.

I think I've sent countless, probably over 100 abuse reports on those spams with absolutely zero reply and maybe in fact encouragement from the abuse desks who were probably in cahoots with the spammers (or spam gangs) themselves who could be Romanian, but more likely Russian. The language barrier doesn't help either.

They got flagged eventually by one of the BLs, but only after probably hundreds, if not thousands of reports on them.

This is what colors my thought about Romanians on the at least the dealing with the spam front - and the apparent correct address in which spam complaints go to which now bounces does not help either in my assessment.

[enigma1]

There is no specific country responsible for spam or hacks. I guess depends on the temporary system acquisitions of the C&Cs at any given time.

[petzl]

There is no specific country responsible for spam or hacks. I guess depends on the temporary system acquisitions of the C&Cs at any given time.

The best way to attack spammers is attack their websites (make sure your defenses are set to high on Web Browser or you could become a zombie)

Good freeware Windows tool for this is IPNetInfo

http://www.nirsoft.net/utils/ipnetinfo.html

Just add the final link you are redirected to (be prepared to avert your eyes most are sick shockers)

Maybe someone can recommend a safe (text) browser that handles redirection?

[enigma1]

Maybe someone can recommend a safe (text) browser that handles redirection?

FF with some plugins to block cookies, js, redirections etc is enough.

The thing is you never know who you're attacking. The spam IP is likely a compromised system. The spamadvertized domain can be a portal pointing to another portal and in the end it could be some legit business who paid "somebody" for advertizing. Or they just try to compromise other systems in the process. Or they hope by having the victim's browser with js enabled to do something malicious towards another site. And many other combinations and in the attack process you may affect hosts or ISPs who have no idea at the time what's happening (although they should be more vigilant they aren't).

[dra007]

I can tell you that as Romanian born, I could deal with spamflow from Romania in their own language. Back than it was easy to stop the flow as most of the traffic bottle-necked through one single institution (Academic) and I got very receptive ears working my way up-stream the spam flow. You just have to do your homework. I think they are as serious about spam as anyone else (I get more aggrigious spam from Ukraine and other former soviet republics hosted in China or from India). Back then they were telling me US was the worst when it came to spam and I could not deffend against that statement..

[petzl]

I can tell you that as Romanian born, I could deal with spamflow from Romania in their own language. Back than it was easy to stop the flow as most of the traffic bottle-necked through one single institution (Academic) and I got very receptive ears working my way up-stream the spam flow. You just have to do your homework. I think they are as serious about spam as anyone else (I get more aggrigious spam from Ukraine and other former soviet republics hosted in China or from India). Back then they were telling me US was the worst when it came to spam and I could not deffend against that statement..

If one does not wish for mail try a countrywide block list

Mailwasher (Windows) allows you to add blocklists

settings/Origin of spam/ push "add" button

Call it Romania

in "Domain" box

ro.countries.nerd.dk

For Spamhaus the "Domian" is

sbl-xbl.spamhaus.org

All mail caught by Mailwasher will easily send the report to SpamCop