Jump to content

How do you stop a spammer who has his own IP and is spamming from his own server


Cutsnake88
 Share

Recommended Posts

I have been getting spammed by the same jerk for about a year now. He's been rubbed out of three hosts, that I know of - most recently iWeb. He has now secured his own IP address for his company and is spamming with impunity.

How do we stop a spammer who owns his own server? I have been reporting him to CERT India, but it continues unabated.

Company: Brainpulse

Nameserver: indianemailmarketers.co.in

Owner: Tarun Gupta

Address:

A-4 sector 27

Noida

Uttar Pradesh 201301

India

Phone:+91.1204730400

Email: support[at]brainpulse.com

Link to comment
Share on other sites

I have been getting spammed by the same jerk for about a year now. He's been rubbed out of three hosts, that I know of - most recently iWeb. He has now secured his own IP address for his company and is spamming with impunity.

How do we stop a spammer who owns his own server? I have been reporting him to CERT India, but it continues unabated.

Would clue "us" in better if you included a tracking URL or even IP

Top of the SpamCop report page is tracking URL

SpamCop v 4.8.1.007 © 2013 Cisco Systems, Inc. All rights reserved.

Here is your TRACKING URL - it may be saved for future reference:

http://www.spamcop.net/sc?id=z5625210793z9...aa37d48c0f0962z

Link to comment
Share on other sites

<snip>

How do we stop a spammer

<snip>

...The short answer is that we can't, any more than we can stop any other kind of criminal behavior outside of our direct reach. Only law enforcement agencies have any hope of doing that and they tend to show no interest unless it is clear either that financial damages have exceeded a certain threshold or harmed the agency or an important member.
Link to comment
Share on other sites

...The short answer is that we can't, any more than we can stop any other kind of criminal behavior outside of our direct reach. Only law enforcement agencies have any hope of doing that and they tend to show no interest unless it is clear either that financial damages have exceeded a certain threshold or harmed the agency or an important member.

I can't fid any reports made?
Parsing input: 223.130.5.34
No recent reports, no history available
abusgestion[at]iweb.com
Administrator interested in all reports

The actual listed abuse address is

network[at]brainpulse.com

Their

website (email marketing)

http://www.shooturmail.com/contact-us.html

would like to see headers

Live link to supposed spammer removed. Don't give these people oxygen (indexable back links), please!

Edited by Farelf
Link to comment
Share on other sites

I can't fid any reports made?
Parsing input: 223.130.5.34
No recent reports, no history available
abusgestion[at]iweb.com
Administrator interested in all reports

The actual listed abuse address is

network[at]brainpulse.com

Their

website (email marketing)

http://www.shooturmail.com/contact-us.html

would like to see headers

Brainpulse.com is the website of the company doing the spamming, so you're essentially reporting the spam to the spammer, thus confirming your email address.

I have been reporting it to incident[at]cert-in.org.in, but clearly they don't give a damn.

The most recent Spamcop reports were just now:

Submitted: 11/14/2013 12:03:19 PM +1100:

Increase your Website or products Sale within 12 weeks

6032781074 ( z_User_Notification ) To: incident[at]cert-in.org.in

6032781073 ( 223.130.4.87 ) To: abusgestion[at]iweb.com

I know iWeb isn't the host anymore - they booted him. That's why I asked the question.

Header of the most recent report:

Return-Path: <ask[at]hostbirds.co.in>

Received: from sm17.indianemailmarketers.co.in (sm17.indianemailmarketers.co.in [223.130.4.87]) by mail.wildchildweb.com with SMTP;

Wed, 13 Nov 2013 20:23:56 +1100

Received: from WS68 (unknown [192.168.0.68])

by host.indianemailmarketers.co.in (Postfix) with ESMTPA id 6CF971F385FA

for <admin[at]powersponsorship.com>; Wed, 13 Nov 2013 13:31:49 +0530 (IST)

From: "Sarah Blake" <ask[at]hostbirds.co.in>

To: <admin[at]powersponsorship.com>

Subject: Increase your Website or products Sale within 12 weeks

Date: Wed, 13 Nov 2013 14:35:54 +0530

Message-ID: <45f401cee04f$8fdb5f80$af921e80$[at]hostbirds.co.in>

MIME-Version: 1.0

Content-Type: multipart/alternative;

boundary="----=_NextPart_000_45F5_01CEE07D.A9960C80"

X-Mailer: Microsoft Outlook 14.0

Thread-Index: Ac7gT40/oIE9sZgwQi2/3Pru0kabXQ==

Content-Language: en-us

X-SmarterMail-spam: SPF_Pass, SpamCop, ISpamAssassin 5 [raw: 3], DK_None, DKIM_None, Custom Rules [scam:60]

X-SmarterMail-TotalSpamWeight: 67

Link to comment
Share on other sites

Brainpulse.com is the website of the company doing the spamming, so you're essentially reporting the spam to the spammer, thus confirming your email address.

I have been reporting it to incident[at]cert-in.org.in, but clearly they don't give a damn.

Cert-in seem your best bet

I would include in notes

Turn the heat up?

IP: 223.130.4.87  network[at]brainpulse.com
spam crime gang
"unsubscribes" don't work just worsen their attack
http://spamcop.net/w3m?action=checkblock&amp;ip=223.130.4.87
Other hosts in this "neighborhood" with spam reports
223.130.4.81 223.130.4.82 223.130.4.83 223.130.4.84 223.130.4.86 223.130.4.88 223.130.4.89 223.130.4.90 223.130.5.2 223.130.5.3 223.130.5.4 223.130.5.5 223.130.5.7 223.130.5.17 223.130.5.18 223.130.5.30

Link to comment
Share on other sites

Cert-in seem your best bet

I would include in notes

Turn the heat up?

IP: 223.130.4.87  network[at]brainpulse.com
spam crime gang
"unsubscribes" don't work just worsen their attack
http://spamcop.net/w3m?action=checkblock&amp;ip=223.130.4.87
Other hosts in this "neighborhood" with spam reports
223.130.4.81 223.130.4.82 223.130.4.83 223.130.4.84 223.130.4.86 223.130.4.88 223.130.4.89 223.130.4.90 223.130.5.2 223.130.5.3 223.130.5.4 223.130.5.5 223.130.5.7 223.130.5.17 223.130.5.18 223.130.5.30

Great idea. Thank you very much.

Link to comment
Share on other sites

  • 2 weeks later...

Great idea. Thank you very much.

Getting bombed by india myself mainly stock "recommendations

Cert India are proving useless so gave their email and every other Indian governments email address to spammer"

In all probability the spammer may not be Indian the links go to phising sites in US of A

Which you report here

http://www.google.com/safebrowsing/report_phish/Captcha

If looking at spam sites you need to heighten browser security

example

on Firefox I have Java on ask and a good free "Add-on" is

https://adblockplus.org/en/firefox

Do security scans regularly

Link to comment
Share on other sites

  • 2 weeks later...
  • 2 weeks later...

The reporting address for these people has now been updated on Spamcop to be network[at]brainpulse.com. In other words, spam reports are going to the spammer - confirming all of our email addresses are live.

Spamcop is not reporting to CERT-India (incident[at]cert-in.org.in, although I've been adding that to the reports, along with the "spam Crime Gang" wording suggested above.

Screenshot: http://screencast.com/t/wjx3aBMZI5

CERT India actually did email me back a few weeks ago and said they were taking action, but nothing has happened and they're still spamming.

The nameserver is indianemailmarketers.co.in.

Now what?

Link to comment
Share on other sites

<snip>

In other words, spam reports are going to the spammer - confirming all of our email addresses are live.

<snip>

...Generally, not so! SpamCop attempts to "munge" your e-mail address, unless you tell it to not do so or it misses a place where it appears, as it sometimes does. See the last paragraph of SCWiki entry "Mung / Munge / Obfuscate."
Link to comment
Share on other sites

The reporting address for these people has now been updated on Spamcop to be network[at]brainpulse.com. In other words, spam reports are going to the spammer - confirming all of our email addresses are live.

Spamcop is not reporting to CERT-India (incident[at]cert-in.org.in, although I've been adding that to the reports, along with the "spam Crime Gang" wording suggested above.

Screenshot: http://screencast.com/t/wjx3aBMZI5

CERT India actually did email me back a few weeks ago and said they were taking action, but nothing has happened and they're still spamming.

The nameserver is indianemailmarketers.co.in.

Now what?

Has there been a resurrection of spam from India?

Not yet getting it

Getting a lot of "Hard Drive drive encryption sites"

Screen capture showing Splash page image

https://dl.dropboxusercontent.com/u/50667687/MAL04.jpg

Link to comment
Share on other sites

...Generally, not so! SpamCop attempts to "munge" your e-mail address, unless you tell it to not do so or it misses a place where it appears, as it sometimes does. See the last paragraph of SCWiki entry "Mung / Munge / Obfuscate."

If the spammer is also the server admin, it would be easy to trace the original email using the email ID etc in the header. I have to assume that information - added by the originating server on the way out - wouldn't be munged, allowing reputable ISPs to track spammer activity and complaints.

If that's the case, munging the email and other ID stuff included in the original email doesn't help when the spammer is also the server admin.

Link to comment
Share on other sites

<snip>

If the spammer is also the server admin, it would be easy to trace the original email using the email ID etc in the header. I have to assume that information - added by the originating server on the way out - wouldn't be munged, allowing reputable ISPs to track spammer activity and complaints.

<snip>

...And your assumption, while reasonable, would be wrong. :) <g>

...But you don't have to take my word for it, just click the "Preview Reports" button after parsing; if you don't like what you see, click the "Cancel" button. If you are so inclined, you can re-submit, first editing the internet header to remove the offending content, provided that you change only the information that identifies you, personally, not any IP addresses or other header information that the parser uses to find the spam source (and replace the edited-out information with a comment that indicates that you made the edit). The only remaining concern would be that the spammer may have hidden some information in the spam internet header or the spam body that you could not recognize as identifying your e-mail address. If you fear that might be the case then, yes, you should uncheck all the boxes next to the abuse addresses for the spam source to which SpamCop offers to send the complaint, then click the (now mislabeled) "Send spam Report(s) Now" button, which will submit the information only to the statistics database used by SpamCop to determine whether a spam source should be included on the SpamCop blacklist.

Link to comment
Share on other sites

If the spammer is also the server admin, it would be easy to trace the original email using the email ID etc in the header. I have to assume that information - added by the originating server on the way out - wouldn't be munged, allowing reputable ISPs to track spammer activity and complaints.

If that's the case, munging the email and other ID stuff included in the original email doesn't help when the spammer is also the server admin.

Police in India say they have arrested six foreign nationals suspected

http://www.bbc.co.uk/news/technology-16392960

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...