Jump to content

Privatelayer, or: does it make sense to report this kind of spammer?


whitesheep
 Share

Recommended Posts

Privatelayer is one of several providers that appear to let spammers use mail servers that mostly send "good" mail, or at least messages that are rarely reported and/or sent to few spam traps.

An example is 46.19.136.125: SpamCop's IP Space Map shows a tiny fraction of "spam reports vs. email volume", even though nearly all hosts in the corresponding /24 block have already been reported for spamming, and though all messages I have ever received from that block have clearly been spam. Privatelayer has never replied to any of my spam reports.

Does it make sense to keep reporting these? I guess they will never end up on the SCBL, and it is quite clear this particular provider is not going to take action against his customer. What can I do about this spammer? His messages are crafted well, with the only SpamAssassin rule that hits being the Bayes filter (well, and my personal "Privatelayer" kill-switch).

Link to comment
Share on other sites

Hi, whitesheep,

...Welcome to our little Forum community! :) <g>

...You have obviously done your homework in trying to understand what SpamCop reporting is and does -- thank you for that!

...My own personal opinion, for what it's worth, is that reporting these spams might possibly be, or become, worthwhile because:

  • Privatelayer might some day become responsive to these reports, although I agree with you that this seems unlikely.
  • Privatelayer may actually be taking action, however ineffective, but not acknowledging your reports. I can only remember one time that I received anything other than an automated reply to a report and I've been reporting for something like nine years, now.
  • either enough reports will come in within about a 48 hour period and/ or Privatelayer-sourced spam will start hitting SpamCop spam traps that the IP address(es) will make it to the blacklist.

...Having said that, I'll note that if you have what you consider to be activities that are a better use of your time, you should not bother reporting them -- only report what you have the time and inclination to report.

Link to comment
Share on other sites

Privatelayer is one of several providers that appear to let spammers use mail servers that mostly send "good" mail, or at least messages that are rarely reported and/or sent to few spam traps.

An example is 46.19.136.125: SpamCop's IP Space Map shows a tiny fraction of "spam reports vs. email volume", even though nearly all hosts in the corresponding /24 block have already been reported for spamming, and though all messages I have ever received from that block have clearly been spam. Privatelayer has never replied to any of my spam reports.

Does it make sense to keep reporting these? I guess they will never end up on the SCBL, and it is quite clear this particular provider is not going to take action against his customer. What can I do about this spammer? His messages are crafted well, with the only SpamAssassin rule that hits being the Bayes filter (well, and my personal "Privatelayer" kill-switch).

Privatelayer seems rogue appears to do nothing to stop spam abuse

Doubt if any of the "email" they send goes anywhere

https://www.senderscore.org/lookup.php?look...p;ipLookup.y=12

Fact is most major email providers like Gmail won't accept their email

any responsible ISP serious about email will use a sever that effectively filters out junk

http://www.ironport.com/it/technology/

This means spam is rarely reported it's just bit binned

Small home users using their own ISP for email are why cyber-crime is growing

I never see spam in my email my employers have given me (they use Ironport).

They ban employees from using their network to collect private email to keep their computers secure

I would suggest using Gmail which is presently more secure, their spam filtering is excellent. They rely on advertising, so they read mail passing through their servers and personalize adverts to target it's customers.

In today's world you need to create a throwaway (create a boilerplate) identity to stop identity fraud when you sign-up for all of the rubbish you must now sign-up for.

Years ago I signed up for SpamCop email as then it led the world in spam detection and prevention, but times change

Governments need to do a "warrant of fitness" check on email providers which would I believe shut down email provision from companies like Privatelayer

Link to comment
Share on other sites

...Does it make sense to keep reporting these? I guess they will never end up on the SCBL, and it is quite clear this particular provider is not going to take action against his customer. What can I do about this spammer? His messages are crafted well, with the only SpamAssassin rule that hits being the Bayes filter (well, and my personal "Privatelayer" kill-switch).
As you say, the SCbl doesn't seem likely to stop this one. Its niche is the rapid response to an overwhelmingly spammer-controlled outbreak through individual servers supported by (or preceded by) timely and relatively complete reports back to the responsible abuse handler, followed by equally rapid relaxation when the "spew" stops. That's apparently NOT appropriate in the case of "your" spammer.

Yet, spammer tactics are always "evolving" (which doesn't preclude reversion to older models on occasion) and at least SC raises the bar by keeping reversion to any of the "old-style" spam-intensive operations in the spotlight should the myrmidons of spamdom be tempted to go that way (and they will, should it provide results, no matter how marginal those might appear in terms of a conventional "business model").

FWIW, I would advise continued reporting if you are able/unless your resources are limited and could be put to better use. Effective spamfighting requires the engagement of the spammers across a broad spectrum of activities to resist their many and varied (and varying) tactics. They seem to be losing ground in terms of e-mail spam (ham:spam ratios may be slowly improving), but that is at enormous cost to the internet community. Much of that cost is hidden in the great volume, the majority, of messages (hopefully mostly spam) which are never delivered through aggressive filtering and silent deletion. Most of that work is out of the control of individuals but any and all resistance makes the spammers' existence more marginal.

SC reporting of this one keeps the 46.19.136.0/24 near the top of the list in terms of spam count (http://www.spamcop.net/w3m?action=map;mask...20;sort=spamcnt) yet it is literally nowhere to be seen in the SenderBase Top 100 spammers by ip address for the last day yet SenderBase (SBRS) could be used to effectively block it (but block much else besides) yet it is listed in no significant public DNSBLs as polled by http://multirbl.valli.org/dnsbl-lookup/46.19.136.125.html yet a responsible IronPort-filtering (BOTH inwards AND outwards) ESP such as the one I use has its main outgoing servers continually listed in some fairly serious (though quite unforgiving) ones, for example http://multirbl.valli.org/dnsbl-lookup/203.59.1.210.html. It would probably be even harder for them without the trickle of SC reports which would (should) help to track down outbreaks as they occur.

Do you see where I'm going with this? Effective spamfighting and spam control needs all the resources and information that can be given, and is far from straight-forward. Even if Privatelayer currently seems unresponsive, we can't tell or be sure. Even if they are "blackhat" that may not always be the case. Even if they are blackhat and stay so and never trip the SCbl, reporting provides other information for those needing it. Regardless of all else, there is a good chance some of any "spamvertized" payload websites in that spam might be making their way into the SURBL, as a by-product of SC reporting.

Just my opinion ...

Link to comment
Share on other sites

<snip>

Governments need to do a "warrant of fitness" check on email providers which would I believe shut down email provision from companies like Privatelayer

...<Somewhat off-topic alert> Or we users can keep the internet relatively government-free and do our own vetting, such as is done by devices like the SCBL and this forum. :)

...Any continued political commentary might be better placed in the "SpamCop Lounge" Forum.

Link to comment
Share on other sites

...<Somewhat off-topic alert> Or we users can keep the internet relatively government-free and do our own vetting, such as is done by devices like the SCBL and this forum. :)

...Any continued political commentary might be better placed in the "SpamCop Lounge" Forum.

Gone beyond mere political rhetoric

Already many Governments now have laws against spammers with abuse reports able to be made to them as well as the ISP's concerned

Examples

All Australian abuse reports (from Australian IP) can be made to report[at]submit.spam.acma.gov.au

Brazil IP's include cert[at]cert.br mail-abuse[at]cert.br (found this effective)

Europe and USa also have addresses for reporting abuse not sure if they are effective

SpamCop should look at including these Nationwide abuse address in it's abuse reports

Link to comment
Share on other sites

Gone beyond mere political rhetoric

Already many Governments now have laws against spammers with abuse reports able to be made to them as well as the ISP's concerned

Examples

<snip>

...Laws are not (necessarily) politics and a law wasn't what you proposed.
SpamCop should look at including these Nationwide abuse address in it's abuse reports
...They wouldn't be relevant in all cases, so SpamCop probably isn't going to do that. (You can ignore the following, I'm sure you already know this but I'm including it for those who are less experienced. :) <g>) However, we reporters can, ourselves, add addresses to whom to also send reports: see "Preferences" | "Report Handling Options" | "Public standard report recipients" in SpamCop (you must be logged in to see this). You can enter one or more e-mail addresses separated by a comma and space. This will offer the added addresses for you to send reports on the parse page and you can check them on or off as you deem appropriate. Caution: there's a limit as to how many characters you can enter into the field -- for me, the limit seems to be 100 characters, including commas and spaces.
Link to comment
Share on other sites

I would suggest using Gmail which is presently more secure, their spam filtering is excellent. They rely on advertising, so they read mail passing through their servers and personalize adverts to target it's customers.

In today's world you need to create a throwaway (create a boilerplate) identity to stop identity fraud when you sign-up for all of the rubbish you must now sign-up for.

Gmail has a couple nice features for that too. You can add periods anywhere in your username. This is more helpful for nicely formatting your address (e.g. firstname.lastname[at]gmail.com), but you could use periods in different locations to help track who's spreading your email address.

The big one is that you can add a plus sign and anything else after your username. You can use firstnamelastname+sitename[at]gmail.com when you register at sitename.com. If you get spam at firstnamelastname+sitename[at]gmail.com, then you know that sitename.com sold/lost your address. It doesn't do a whole lot to directly stop spam, but it does add some extra tracking ability in case spam does start, and may make it a little easier to filter.

Link to comment
Share on other sites

Gmail has a couple nice features for that too. You can add periods anywhere in your username. This is more helpful for nicely formatting your address (e.g. firstname.lastname[at]gmail.com), but you could use periods in different locations to help track who's spreading your email address.

The big one is that you can add a plus sign and anything else after your username. You can use firstnamelastname+sitename[at]gmail.com when you register at sitename.com. If you get spam at firstnamelastname+sitename[at]gmail.com, then you know that sitename.com sold/lost your address. It doesn't do a whole lot to directly stop spam, but it does add some extra tracking ability in case spam does start, and may make it a little easier to filter.

For me Gmail would be perect if I could pay for "Gmail plus" where I don't get adverts and they did not "data mine" my email

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...