kluless Posted November 14, 2015 Share Posted November 14, 2015 I keep receiving spam from aneel[at]bug80.com, the abuse email is also aneel[at]bug80.com. I ran a 'who is' search on the domain name and it turns out that he/she is his/her own service provider. Is there a higher authority that this can be reported to, in order to stop this nuisance? Link to comment Share on other sites More sharing options...
patti2 Posted November 14, 2015 Share Posted November 14, 2015 Can you provide a Tracking URL? Link to comment Share on other sites More sharing options...
lisati Posted November 14, 2015 Share Posted November 14, 2015 The "From" address in an email is notoriously unreliable as an indicator of the true origin of an email, because it is easily forged. A tracking URL will help us take a look at other information contained in the email and hopefully make useful suggestions about who to contact to report abuse. Link to comment Share on other sites More sharing options...
kluless Posted November 16, 2015 Author Share Posted November 16, 2015 I'll have to wait for another one to arrive, usually it's been 2 or 3 a day, but none for a couple of days now... Link to comment Share on other sites More sharing options...
kluless Posted November 17, 2015 Author Share Posted November 17, 2015 OK, I received a couple more today, from 103.227.210.175 which is in the APNIC region. Link to comment Share on other sites More sharing options...
petzl Posted November 17, 2015 Share Posted November 17, 2015 OK, I received a couple more today, from 103.227.210.175 which is in the APNIC region. still not a tracking URL? Or headers (NOT body of spam) Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6194396432z8021cc36dd80c56218c391b1caf2114bz SpamCop often just reports the email server as the source! In comments box I put 79.126.164.141 (Administrator of network where email originates) BOTNET ATTACK HOST http://cbl.abuseat.org/lookup.cgi?ip=79.126.164.141 This IP is infected (or NATting for a computer that is infected) with the gamut spambot. In other words, it's participating in a botnet. TO REMOVE INFECTION Norton Power Eraser is a free tool and doesn't require installation. It just needs to be downloaded and run. https://security.symantec.com/nbrt/npe.aspx BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER CHANGE TO SECURE PASSWORD SCAN INFECTED COMPUTER FOR MALWARE A BOTNET infected computer/server means the all data passing through it may be compromised (bank details, log-on/password, email, etc). CBL lists those computers that are infected with instructions on how to remove BOTNET infections The following Cisco site shows servers/computers with prior or existing BOTNET infections http://www.senderbase.org/lookup/ip/?search_string=79.126.164.141 Link to comment Share on other sites More sharing options...
kluless Posted November 29, 2015 Author Share Posted November 29, 2015 Thanks, I haven't received any more from them for over a week... Link to comment Share on other sites More sharing options...
petzl Posted November 29, 2015 Share Posted November 29, 2015 Thanks, I haven't received any more from them for over a week... SpamCop sometimes works Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.