Morg2 Posted September 3, 2015 Share Posted September 3, 2015 I'm a new supporter of Spamcop. I'm just a private individual with an email address I've used for years. No business, no public position, nothing like that. I don't know what I did to get on the spammers lists but suddenly in about May I started getting overwhelmed -- 100 spams a day. I couldn't put down my smartphone without it dinging as more came in. I have a low cost ISP webmail provider who do not have spam folders or customizable spam filters -- all they allow me to do is set a spam "score" above which they will discard permanently all mail without me ever being able to see it. I tried setting my score really low but spam didn't slow down, yet I started missing real emails. Then I found Spamcop. The first day I reported 76 spams (they were mostly from Centarra), and by day 3 they had stopped! It was like being cured of a toothache!! But now, a few weeks later, I've started getting all the same types of scams again, this time they are coming from santrex dot net, and all my reports go to devnull, presumably because santrex is a haven for spammers and wouldn't care. Today I got 20 spams. Obviously, it is not as effective trying to stop them from this IP. I will keep reporting them to Spamcop, but I wondered if you experts can suggest anything else I can do to make it stop? Any effective approaches I might be able to take with my ISP to convince them to block santrex, maybe? Link to comment Share on other sites More sharing options...
petzl Posted September 3, 2015 Share Posted September 3, 2015 I'm a new supporter of Spamcop. I'm just a private individual with an email address I've used for years. No business, no public position, nothing like that. I don't know what I did to get on the spammers lists but suddenly in about May I started getting overwhelmed -- 100 spams a day. I couldn't put down my smartphone without it dinging as more came in. I have a low cost ISP webmail provider who do not have spam folders or customizable spam filters -- all they allow me to do is set a spam "score" above which they will discard permanently all mail without me ever being able to see it. I tried setting my score really low but spam didn't slow down, yet I started missing real emails. Then I found Spamcop. The first day I reported 76 spams (they were mostly from Centarra), and by day 3 they had stopped! It was like being cured of a toothache!! But now, a few weeks later, I've started getting all the same types of scams again, this time they are coming from santrex dot net, and all my reports go to devnull, presumably because santrex is a haven for spammers and wouldn't care. Today I got 20 spams. Obviously, it is not as effective trying to stop them from this IP. I will keep reporting them to Spamcop, but I wondered if you experts can suggest anything else I can do to make it stop? Any effective approaches I might be able to take with my ISP to convince them to block santrex, maybe? I also have found "PHISHING" scams through compromised computers. If this is a problem and your ISP don't care enough to implement GOOD spam filtering, Gmail can be set to "POP" your account Gmail is very good for filtering "spam from ham" Yes complain to your ISP about their spam issue. Best to send in the "TRACKING URL" you get (before submitting) when you report so one can see and advise example. Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6156743505z5a3b12a6c9ac7457712d85bb8d6dfda6z Link to comment Share on other sites More sharing options...
Morg2 Posted September 4, 2015 Author Share Posted September 4, 2015 Thank you Petzl; I have started forwarding the report URL's to my ISP's customer service address, requesting that they block santrex. They haven't answered. Is there a way I can find out if they subscribe to and employ Spamcop's block list? If they did, though, I guess this santrex crap wouldn't be coming in at all -- is that correct? Now that I'm on a roll with dumb newbie questions, could I ask one more? Just out of curiousity, what purpose do the spammers think is being accomplished when they send out this stuff? It's not real advertising. Even assuming I really did want to buy a tracking device/cure diabetes/get rich in stocks, the content is just a bunch of random words ("chocolate oil bag iraq dial track pin status.....") I know I've read that often the purpose is to get people to click on a link to some phishing page, but many of them I don't even see a web address. So what is the catch? Obviously spammer mentality eludes me, and perhaps it's just as well, but I really do wonder if you more experienced people can explain it. (eg: https://www.spamcop.net/sc?id=z6156966355z8473cf8af36bd50bd49e4fb2235e9884z) Thanks! Link to comment Share on other sites More sharing options...
Dave_L Posted September 4, 2015 Share Posted September 4, 2015 The randomish nonsense text is intended to trick content filters. Apparently spammers get some money from people clicking on links, even if they don't buy anything. spam may contain scri_pt that automatically "clicks links". If your email client is not configured securely, just reading the spam is enough to benefit the spammer. Sometimes the spam you receive is sent by a novice spammer using his newly purchased "make money fast" spamming kit, and he neglected to follow the instructions. Link to comment Share on other sites More sharing options...
Morg2 Posted September 4, 2015 Author Share Posted September 4, 2015 Apparently spammers get some money from people clicking on links, even if they don't buy anything. Interesting! But, mostly there doesn't even seem to be anything for sale to choose to buy. What is the value in just having people click links to nothing? If ultimately there were actually some junky item to trick people into overpaying for, it would make some kind of sense. But racking up a 'high click count' alone doesn't pay their bills; or if it does, how? Link to comment Share on other sites More sharing options...
Lking Posted September 4, 2015 Share Posted September 4, 2015 Have you seen http://forum.spamcop.net/forums/topic/930-spammer-rules/ these "rules" may help you understand. If you would provide a tracking URL for one of the spam that does not have a link we may be able to help you see where the payoff is. Or keep in mind that we are trying to apply logic to an endeavor that may not be rational. The Tracking URL you provided earlier has a link. Link to comment Share on other sites More sharing options...
petzl Posted September 5, 2015 Share Posted September 5, 2015 (eg: https://www.spamcop.net/sc?id=z6156966355z8473cf8af36bd50bd49e4fb2235e9884z) Thanks! ATTACK is the best line of defense! Now I have something to go by, here is my opinion/recommendation! "santrex" isp don't have a working abuse address. abuse[at]nforce.com bounces (6 sent : 6 bounces) In such cases you can get BETTER than the BOT SpamCop so a bit of "stalking" I get a abuse WEB form here! https://www.nforce.com/contact Their FaceBook page is here (This lets you name and shame) https://www.facebook.com/NFOrceEntertainment Suggest you report using evidence use your tracking URL and other evidence ************************************************ PLEASE, PLEASE LEARN ABOUT EMAIL MARKETING! https://en.wikipedia.org/wiki/Opt-in_email#Best_practice NFOrce Entertainment B.V. No one appears at the wheel? WAKE-UP. WAKE-UP . Getting flooded by your spam! DoS attack https://en.wikipedia.org/wiki/Denial-of-service_attack I never "subscribed" don't want to even know you! https://www.spamcop.net/sc?id=z6156966355z8473cf8af36bd50bd49e4fb2235e9884z abuse[at]nforce.com bounces (6 sent : 6 bounces) Your servers are being blacklisted you are NOT getting abuse reports? https://www.spamcop.net/w3m?action=checkblock&ip=46.166.143.123 Other hosts in this "neighborhood" with spam reports 46.166.142.178 46.166.142.179 46.166.142.180 46.166.142.181 46.166.142.182 46.166.142.183 46.166.142.184 46.166.142.185 46.166.142.186 46.166.142.187 46.166.142.188 46.166.142.189 46.166.142.190 46.166.142.191 46.166.142.192 46.166.142.193 46.166.142.194 46.166.142.195 46.166.142.196 46.166.142.197 46.166.142.198 46.166.142.199 46.166.142.200 46.166.142.201 46.166.142.202 46.166.142.203 46.166.142.204 46.166.142.205 46.166.142.206 46.166.142.207 46.166.142.208 46.166.142.209 46.166.142.210 46.166.142.211 46.166.142.212 46.166.142.213 46.166.142.214 46.166.142.215 46.166.142.216 46.166.142.217 46.166.142.218 46.166.142.219 46.166.142.220 46.166.142.221 46.166.142.222 46.166.142.224 46.166.142.225 46.166.142.226 46.166.142.227 46.166.142.228 46.166.142.229 46.166.142.230 46.166.142.231 46.166.142.232 46.166.142.233 46.166.142.234 46.166.142.235 46.166.142.236 46.166.142.237 46.166.142.238 46.166.142.239 46.166.142.240 46.166.142.241 46.166.142.242 46.166.142.243 46.166.142.244 46.166.142.245 46.166.142.246 46.166.142.247 46.166.142.248 46.166.142.249 46.166.142.250 46.166.142.251 46.166.143.2 46.166.143.3 46.166.143.4 46.166.143.5 46.166.143.6 46.166.143.7 46.166.143.8 46.166.143.9 46.166.143.10 46.166.143.11 46.166.143.12 46.166.143.13 46.166.143.14 46.166.143.15 46.166.143.16 46.166.143.17 46.166.143.18 46.166.143.19 46.166.143.20 46.166.143.21 46.166.143.22 46.166.143.23 46.166.143.24 46.166.143.25 46.166.143.28 46.166.143.29 46.166.143.30 46.166.143.31 46.166.143.32 46.166.143.33 46.166.143.34 46.166.143.35 46.166.143.36 46.166.143.37 46.166.143.38 46.166.143.39 46.166.143.40 46.166.143.41 46.166.143.42 46.166.143.43 46.166.143.44 46.166.143.45 46.166.143.46 46.166.143.47 46.166.143.48 46.166.143.49 46.166.143.50 46.166.143.51 46.166.143.52 46.166.143.53 46.166.143.54 46.166.143.55 46.166.143.56 46.166.143.58 46.166.143.59 46.166.143.60 46.166.143.61 46.166.143.62 46.166.143.63 46.166.143.64 46.166.143.65 46.166.143.66 46.166.143.67 46.166.143.68 46.166.143.69 46.166.143.70 46.166.143.71 46.166.143.72 46.166.143.73 46.166.143.74 46.166.143.75 46.166.143.76 46.166.143.77 46.166.143.78 46.166.143.79 46.166.143.80 46.166.143.81 46.166.143.82 46.166.143.83 46.166.143.84 46.166.143.85 46.166.143.86 46.166.143.87 46.166.143.88 46.166.143.89 46.166.143.90 46.166.143.91 46.166.143.92 46.166.143.93 46.166.143.94 46.166.143.95 46.166.143.96 46.166.143.97 46.166.143.98 46.166.143.99 46.166.143.100 46.166.143.101 46.166.143.102 46.166.143.103 46.166.143.104 46.166.143.106 46.166.143.107 46.166.143.108 46.166.143.109 46.166.143.110 46.166.143.111 46.166.143.112 46.166.143.113 46.166.143.114 46.166.143.115 46.166.143.116 46.166.143.117 46.166.143.118 46.166.143.119 46.166.143.120 46.166.143.121 46.166.143.122 Link to comment Share on other sites More sharing options...
Morg2 Posted October 5, 2015 Author Share Posted October 5, 2015 These Santrex guys are at it again. Here is just a small sample of the devnull reports I sent in this morning which came from them. Does it really help if I click "send report" when all the reports are devnull anyhow? I still am not sure what happens then. Thanks. http://www.spamcop.net/sc?id=z6187398016z3e380241f91ce048d56cb996b3006f15zhttp://www.spamcop.net/sc?id=z6187398017z8e9acd9871d8a34115b199a98a9b3486zhttp://www.spamcop.net/sc?id=z6187398018zae3783451ee2c301e18d699d0a337966zhttp://www.spamcop.net/sc?id=z6187398019ze980f628a9eab38042f510bf726afeb2zhttp://www.spamcop.net/sc?id=z6187398020zc592045c9a0441b0866ee02ba14959ffzhttp://www.spamcop.net/sc?id=z6187398021z3c6685e6efb9eba8186ea85f98932443zhttp://www.spamcop.net/sc?id=z6187398022zf7fc0c7be33a163ae4f42855086bc7ddzhttp://www.spamcop.net/sc?id=z6187398023z216452eb13a81d79e6b4b6ba5ee14c7dzhttp://www.spamcop.net/sc?id=z6187398024zf7777fb83866099fb0fe2cc1947dda4bzhttp://www.spamcop.net/sc?id=z6187398025z849179be4dbdb6ebcf47e7aed69c72e6zhttp://www.spamcop.net/sc?id=z6187398026z73473448c222cfef9bb1e8a9cec0bffezhttp://www.spamcop.net/sc?id=z6187398027z590b79f7a9e1f99f28d14fe3bb50b55fzhttp://www.spamcop.net/sc?id=z6187398028z96d951fe976c9bc5222aafcba9517b52zhttp://www.spamcop.net/sc?id=z6187398029z14d414eab4e4671289cfe9baeb83bb5bzhttp://www.spamcop.net/sc?id=z6187398030zcf84eef6a41927b8c3a921de7ab97b8ez Link to comment Share on other sites More sharing options...
Lking Posted October 5, 2015 Share Posted October 5, 2015 When you click "Send Report" sending the report is only one thing that happens. The information is also added to the history for that IP address and depending on resent history the IP address maybe added to the SC block list. THAT always happens, no mater if the report (s) go to devnull or not. Link to comment Share on other sites More sharing options...
petzl Posted October 6, 2015 Share Posted October 6, 2015 These Santrex guys are at it again. Here is just a small sample of the devnull reports I sent in this morning which came from them. Does it really help if I click "send report" when all the reports are devnull anyhow? I still am not sure what happens then. Thanks. These clowns are complete dirt bags! To evade blocklists they are "IP-Hopping" each of the "tracks" you sent has a different IP 46.166.145.206 46.166.145.204 46.166.145.203 46.166.145.197 46.166.145.198 46.166.145.196 They refuse and bounce spam reports, Dutch government departments are notorious useless bureaucrats, but if SpamCop is able to,try sending to cert [ at [ ncsc.nl in your SpamCop report in notes complain about you being DDoS attacked by them. No unsubscribe (not that you subscribed) they appear to be PHISHING If they do have a unsubscribe try it out (they have your email address anyhow!) If unsubscribe webpage does not work start putting in Dutch official email addresses like "cert [ at [ ncsc.nl " dutch terrorist contacts, Interpol, These "unsubscribe" bot pages are usually to confirm email addresses so make it work against them ATTACK is the best form of defense sometime you have to get better than SpamCop Nowadays you should consider a VPN that encrypts and hides your IP as a defense Everytime you send a email it goes from one IP to another, many infected with BOTNETS that scape email addresses, bank accounts and so on Link to comment Share on other sites More sharing options...
Morg2 Posted October 6, 2015 Author Share Posted October 6, 2015 Thanks petzl, I am going to try your suggestions. I never thought that an average person like me with no business connections, just a personal email, would ever have to contend with this volume of spam. I'm not an online shopaholic, I don't visit dirty websites -- I just write my friends, and read Wikipedia!! I'm starting to wonder if I have an enemy who could somehow maliciously put my address on a spammer list somewhere, if that is even possible. Anyway thanks SC members, for your patience in explaining to me. ... depending on resent history the IP address maybe added to the SC block list. Lking, any rough idea how many reports SC needs to get before this happens? I personally must have sent in at least 200 reports on Santrex, eg, over the last few weeks. Just curious what the point is, at which "maybe" becomes "is"! Link to comment Share on other sites More sharing options...
turetzsr Posted October 6, 2015 Share Posted October 6, 2015 Hi, Morg2,        There's no easy answer to your question but in case you're interested in the complicated (and yet still [deliberately] imprecise) details, you can have a look at the sections labeled "Important Definitions," "How the SCBL Works" and "SCBL Rules" in SC FAQ article "What is the SpamCop Blocking List (SCBL)?" Link to comment Share on other sites More sharing options...
petzl Posted October 7, 2015 Share Posted October 7, 2015 Thanks petzl, I am going to try your suggestions. I never thought that an average person like me with no business connections, just a personal email, would ever have to contend with this volume of spam. I'm not an online shopaholic, I don't visit dirty websites -- I just write my friends, and read Wikipedia!! I'm starting to wonder if I have an enemy who could somehow maliciously put my address on a spammer list somewhere, if that is even possible. Anyway thanks SC members, for your patience in explaining to me. You have no enemies. More likely one of your friends that you email has had their computer compromised ("BOTNET'ed") and amongst other things, your email and maybe even name has been scrapped by criminals. Hard to get everyone to be security conscious although Windows now adds a pretty decent malware, virus and back-up in their operating system. "IP hopping" however makes it unlikely for SpamCop to add these thugs to their blocklist! SpamCop has "email traps" to collect IP address of spammers. After a number of hits they get blocked, a actual report of that IP counts a "20" hits(?). This equitation keeps changing as new brooms take over CISco are latest owners, so it's in their interest to be good at what they do. SpamHaus another blocking list though looks at SC statistics and may list them on their blocklist A VPN (IMO) has become another necessary part of ones computer defense. You can set one up yourself and there are some free ones, I just pay $40 a year. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.