Jump to content

why would a legitimate domain request 'no reports'?


Morg2
 Share

Recommended Posts

Lately almost half the spam I've gotten has been traced back to "mit.edu", which according to the Spamcop reports, has asked indefinitely to not receive any reports. I can see some spammer-haven ISP not wishing to be bothered dealing with their scum tenants, but a respectable university? How does it make sense that they wouldn't want to root out the abusers and punish them for messing with the name?

Just curious if anyone can explain the philosophy of that.

Here's the lines from a recent report:

Using abuse net on arin-mit-security[at]mit.edu
abuse net mit.edu = abuse[at]mit.edu
Using best contacts abuse[at]mit.edu

ISP does not wish to receive reports regarding http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd- no date available
Link to comment
Share on other sites

I could be wrong but what they don't want reports about is the "document type", in most web pages you have a statement saying what standard the page is supposed to adhere to and that statement can also say where there is something that defines that standard. Its not their fault a spammer pointed to it.

Link to comment
Share on other sites

Thank you for the Tracking URLs. They confirm what Spinner stated, http://www.w3.org/is the domain of The World Wide Web Consortium.
Every webpage should include a reference, similar to, http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtdidentifying the HTML standards used.

Many websites that make a point of complying with the W3C standards, include on their pages a badge and link to the standards and the W3C validator, similar to:

<a href="http://validator.w3.org/check">
   <IMG src="http://www.w3.org/Icons/valid-html401" alt="Valid HTML 4.01 Transitional">
</a>

Obviously, W3 does not want to receive reports if a spammer includes a reference to their website/domain.

Others in a similar situation would be someone like the "New York Times." At one time it was common for spammers to include references to news stories implying validity of the clams for the snake oil they are trying to sell.

Link to comment
Share on other sites

  • 4 weeks later...

Late to the topic, same question -- I looked at his tracking URLs but the reports must have changed since you looked at them on March 24th, no mention there of W3.

So did he just remove the W3 site from his report, and then it went through OK?

Link to comment
Share on other sites

Hank:

I just looked at those two tracking URLs, and they both contain text like this:

Resolving link obfuscation

http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd

No recent reports, no history available
ISP does not wish to receive report regarding www.w3.org
Host www.w3.org (checking ip) = 128.30.52.100
Resolves to 128.30.52.100
Routing details for 128.30.52.100
Cached whois for 128.30.52.100 : arin-mit-security[at]mit.edu
Using abuse net on arin-mit-security[at]mit.edu
abuse net mit.edu = abuse[at]mit.edu
Using best contacts abuse[at]mit.edu

ISP does not wish to receive reports regarding http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd - no date available
Link to comment
Share on other sites

hank if you scroll to the bottom of the parsing of each tracking URL you will see where the parser identified W3. Without bothering to decode the body of the spam, I assume the link can be found in poorly constructed html there. If the html in the body of the email was properly formed the parser would not have picked up the standard referenced in the html <head>

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...