Loop defeating SpamCop Reporting?

[digilect]

While reporting spam on a particular sender, I always get the following error:

Finding IP block owner:

Routing details for 184.82.170.148

Report routing for 184.82.170.148: abuse[at]hostnoc.net

abuse[at]hostnoc.net redirects to abuse[at]burst.net

abuse[at]burst.net redirects to spamcop[at]burst.net

spamcop[at]burst.net bounces (99 sent : 99 bounces)

Sorry, no reporting addresses found for 184.82.170.148.

Nothing to do.

Anyone have any similar problems? Could I do something different? This seems very troubling.

[SpamCopAdmin]

>- spamcop[at]burst.net bounces

That's the problem. The final destination bounces our mail, and so SpamCop won't send them anything.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[turetzsr]

...But please keep reporting any you find, if you have the time and inclination, as it helps keep the source IP address(es) on the SpamCop blacklist! <g>

[daveb]

I have been reporting over and over. Every spam I get now (that makes it through the filters) is from burst.net.

I think we've reached the point where it's a rogue ISP, since a tech request I made with them got no answer either. But it won't be blacklisted until particular IP addresses get 60 complaints each, right? And then it goes one IP at a time. That seems fairly ineffective.

I know there are legit people there too but it does seem that burst.net is a happy home for spammers... or at least one prolific spammer. Is the 60 complaints per ISP requirement for blacklisting really justified?

[Farelf]

"Parsing input: 184.82.170.148

No recent reports, no history available"

When you get those "errors" you haven't been cancelling the reports have you? No, no, you should always send (even though nothing goes out) to add data to the SC blocklist, as Steve T notes. In any event, a single reporter can't cause a listing but there may be others reporting (for other IP addresses at least). In most instances it will take much much less than 60 reporter complaints (within the time frame) to cause listing - it depends on how much spam compared to how much non-spam (ham) is seen going through that server. See http://forum.spamcop.net/scwik/SCBL

[turetzsr]

<snip>

Is the 60 complaints per ISP requirement for blacklisting really justified?

...Hi, daveb,

...This 60 complaints per ISP requirement is entirely new to me. Could you please provide a reference? My understanding is that there is a very complex formula that determines whether a given IP address will appear on the SpamCop blacklist, described in the article to which there is a link labeled "What is on the list?" on the SpamCop FAQ page (links to which appear near the top left of each SpamCop Forum page).

[daveb]

Thanks for the clarification.

The IPs I'm getting are more like 64.120.247.87 ... it's not burst.net itself, it's one or more of their customers, but they have been unresponsive to reports through spamcop and direct.

The problem is that there are so many IPs being used to send the spams and to host the sites referenced in the spams... I see dozens of IPs in the Senderbase listings with "poor" ratings (this one is fresh enough to be neutral) but none actually on any blacklists. I get the idea that IPs are being purchased/assigned en masse and used briefly, then sent back to the pool for use by legit customers. (64.120.247.82, 64.120.247.83, and 64.120.247.84 could be examples, just scanning senderbase).

Glad to know it requires fewer than 60 complaints, though.

Ha ha... after all the looking at various instructions, explanations, FAQs, etc, it could take me hours to dig up that number again. I will look though, it always helps to find and fix bad info!

[turetzsr]

<snip>

Glad to know it requires fewer than 60 complaints, though.

<snip>

...Well, the thing is, it could be 2, 60, or 600,000, depending on various conditions, especially the number of "good" e-mails seen coming from the IP address in question. And it's by individual IP (if I understand correctly).

[daveb]

Makes sense to me. I still have not found that source, I might have mis-read something -- in which case I am sorry!!

[BrokerCop]

I'm new here, admittedly novice, but I registered on the forums for the sole purpose of trying to see how I can prevent multiple spam emails a day from domains seemingly originating from Burst.net servers. I have been a spamcop customer for several years, but all I do is manually report (don't know how to do anything else, too novice). I see here that there are other complaints. If anyone has advice I'd greatly appreciate it. I probably send 10-20 reports a day through SpamCop to burst.net. It's beginning to annoy folks at my small real estate brokerage. Thanks.

[turetzsr]

<snip>

I registered on the forums for the sole purpose of trying to see how I can prevent multiple spam emails a day from domains seemingly originating from Burst.net servers.

...We'd all like to know how to prevent spams! The best we know to do is to report them to SpamCop, which sends complaint e-mails to the abuse address of the spam source hoping that they will take responsibility to stop it (as only they can) and to try to get that source listed on the SpamCop blacklist so that it can be used by responsible e-mail providers to route the (suspected) spam to somewhere other than subscribers' main Inboxes.

<snip>

all I do is manually report (don't know how to do anything else, too novice

<snip>

...You can do what we normally mean when we say "manually report" (compose and send our own complaint e-mails) without SpamCop! If you complete the normal SpamCop spam processing, it will compose and send complaint e-mails (as I mentioned above) to the abuse addresses of the spam sources on your behalf and includes it in the statistics that contribute to deciding whether it should be placed on the SpamCop blacklist. Could you describe a bit more what it is that you are doing to manually report?

<snip>

If anyone has advice I'd greatly appreciate it. I probably send 10-20 reports a day through SpamCop to burst.net.

...That's about all you can do, as far as I know. If you would like to have the advantage of the SpamCop Blacklist in having your suspected spam handled differently than "good" e-mail, for example to have it go to some other folder rather than to your Inbox, you would have to point your e-mail provider to the SpamCop FAQ (links to which appear near the top left of each SpamCop Forum page) article labeled "How do I configure my mailserver to reject mail based on the blocklist?." But that will only help for spam coming from IP addresses that have made it to the SpamCop blacklist.

It's beginning to annoy folks at my small real estate brokerage.

<snip>

...In what way? When I report spam, no one knows, other than anyone who happens to be looking over my shoulder and anyone in the corporate e-mail server administration group that happens to be looking at outgoing e-mail traffic at the moment (and if they understand they will be grateful I'm contributing to identifying spam, which gets filtered by a third-party service before it gets to the corporate network).

[BrokerCop]

When I say "manually reporting" I mean pasting the email into the spamcop tool. I have heard of some way to configure my email, but I have not been successful at understanding what that means, lost interest in trying a few years ago.

By annoying, I mean that my team is tired of getting all of the emails from burst.net's servers, not by anyone knowing about my reports. Sorry for my not understanding the lingo here. Sounds like I can't do much else other than report.

...and by the way, thank you for the reply and advice.

[turetzsr]

When I say "manually reporting" I mean pasting the email into the spamcop tool. I have heard of some way to configure my email, but I have not been successful at understanding what that means, lost interest in trying a few years ago.

...Ah, I see, that's a reasonable, if unique, use of the term "manually." <g> FYI, there's a SpamCop Glossary available (look for a label entitled "FAQs and Words" near the top of a SpamCop Forum page and click it; a drop-down list that includes the words "SpamCop.net Glossary" will appear) that contains a link to the definition of "Manual Report" that we most often use here. There is also SpamCop Wiki (look for a link near the top of a SpamCop Forum page labeled "SCWiki") that has a link to an article called "ManualReport." And -- son of a gun -- searching the SpamCop Wiki for "Manual" finds an article called "SubmitByPaste" which describes your (and my) method of submitting spam -- so your use of the term isn't as unique as I thought! <g>

...The alternative is to report to SpamCop by sending your spam as an attachment -- see SpamCop FAQ article labeled "How to "Forward as Attachment"" and/ or SCWiki articles "HowToUseReporting" and/ or "ForwardOrForwardAsAttachment" and/ or "SubmitAddress" and/ or "LimitationOnForwardingMessages" and/ or "SubmitByEmail." Note, though, that you are not permited to use this method if your e-mail client tool is Microsoft Outlook (Outlook Express is okay, though).

By annoying, I mean that my team is tired of getting all of the emails from burst.net's servers, not by anyone knowing about my reports.

...Ah, they're getting as annoyed as you are! <g> In that case, they should be willing to help you with the problem, perhaps by researching means for them to reject e-mails coming from burst.net servers until burst.net agrees to better control the spam coming from their network or by engaging a service that filters out suspected spam such as any e-mail coming from burst.net for review by you and others at your real estate brokerage rather than letting it go directly to your Inbox. The latter will help avoid "false positives" but also involves the spam still having to be reviewed.

Sorry for my not understanding the lingo here.

<snip>

...No problem, especially as it turns out that your use of lingo was apparently anticipated, as evidenced by the SpamCop Wiki evidence I mentioned above. <g>

[daveb]

Frankly, I think it's time burst.net was simply cut off as a whole. They are the sole source of 98% of my spam at this point.

(Or perhaps any new IP address assigned to burst.net.)

I use Eudora for Mac and there is no forward as attachment, no handy extension (though there used to be one), etc. Perhaps I could change my email or operating system to facilitate using SpamCop's reporting, but for the moment, like BrokerCop, I am doing copy and paste.

I might start now-and-then using Apple Mail under IMAP to investigate my mailbox which would make it easier.

We are talking about 20-30 emails per day, all but one or two from burst.net.

[BrokerCop]

Frankly, I think it's time burst.net was simply cut off as a whole. They are the sole source of 98% of my spam at this point.

Agreed, and, this is somewhat of an anomaly in my view. Normally if I see spam from one set of servers, and I focus on reporting for a while, they generally stop. I have sent them direct messages, and I get nothing but their autoresponder. I don't really know how this works with SpamCop, or they can get on the CBL, but one would think their actions (or non-actions) thus far are sufficient....given this many complaints/troubles.

Thanks all for the advice/feedback.

[daveb]

FWIW, I put on some server side filters, and I can use Apple Mail more often to report more easily. That said, yes, I even went so far as to visit their web site and post reports there; it creates tickets but nobody assigns the tickets so they just sit there.

Either burst.net is a small time operation (though it does not appear to be so, and I've known of the company for years) or they don't give a rat's &&& about spam. I have found lots of postings from 2001-2003 about their being a safe harbor for spammers.

Thanks, brokercop. Nice to know someone else out there is with me!

[BrokerCop]

RE: Burst

I have also submitted tickets to their "abuse" department, but you cannot talk to anyone in that department. I spoke to someone in their IT department a few moments ago, but he was less than helpful and suggested that I would never hear from them. Multiple tickets have gone unanswered with them. I am too novice to understand this, but it sure seems that their servers should be on the CBL. I just don't know how they can get away with allowing tons of spam (true spam) to be sent from their servers. I'm about ready to just pay the $200 fee and submit a sample of over 100 spam emails to the FCC in a "formal" complaint. I wonder if that would cause them to respond and take some corrective action.

[daveb]

Over the weekend, the amount of spam from burst.net has slowed dramatically and my own ticket was responded to and closed. I think we should give them a few days and see what happens. That said, if it keeps going, mark me down for a $50 contribution to your fee.

[turetzsr]

<snip>

I'm about ready to just pay the $200 fee and submit a sample of over 100 spam emails to the FCC in a "formal" complaint. I wonder if that would cause them to respond and take some corrective action.

...Hm, I've never seen that (but I'm no expert!) -- I hope you are looking at a true FCC offer!

...Others have suggested that the FCC only gets involved if it is clear that there are very large dollars of losses involved in the spam activity and that suggestion seems to be supported by the information we've seen about the (very small number of) actual actions taken against spammers.

Hi, daveb,

...Thanks, X (keeping my fingers crossed)! <g>

[daveb]

Good points, turetzsr.

This does seem like a community issue.

I am suspicious when I suddenly get spams from 10 different IPs, all at burst.net ... I wonder if they have a deal with spammers, for $x we'll supply you with as many IPs as you want and leave them active for 48 hours before switching to the next batch...

[SpamCopAdmin]

http://www.fcc.gov/guides/spam-unwanted-te...sages-and-email

The FCC does not charge for sending them spam samples.

- Don D'Minion - SpamCop Admin -

- Service[at]Admin.SpamCop.net -

[gare]

<snip>

I'm about ready to just pay the $200 fee and submit a sample of over 100 spam emails to the FCC in a "formal" complaint. I wonder if that would cause them to respond and take some corrective action.

...Hm, I've never seen that (but I'm no expert!) -- I hope you are looking at a true FCC offer!

...Others have suggested that the FCC only gets involved if it is clear that there are very large dollars of losses involved in the spam activity and that suggestion seems to be supported by the information we've seen about the (very small number of) actual actions taken against spammers.

Hi, daveb,

...Thanks, X (keeping my fingers crossed)! <g>

Their site says

"There is no charge for filing a complaint. You can file your complaint using an online complaint form. You can also file your complaint with the FCC’s Consumer Center by calling 1-888-CALL-FCC (1-888-225-5322) voice or 1-888-TELL-FCC (1-888-835-5322) TTY; faxing 1-866-418-0232; or writing to: "

gary

Edit by SteveT (turetzsr): added to top the post to which I was replying so that my reply is in context.