Have we figured out who this spam gang is?

[goldeneye]

I think some of us have been getting spam from these bastards over the last few years - they used to use tiscali to host but then tiscali kicked them out earlier this year and have moved out to colocrossing (and some of these are now using the google link shortener as a new tactic)... Their MO seems to be "hijacking" IP addresses to attack port 25 to send this sh** and even a few of the IP addresses link to no one at all...

I have noticed that they usually strike on Tuesdays and Fridays (or Mondays and Thursdays) typically...

Here are some of the spam reports...

https://www.spamcop.net/mcgi?action=gettrack&reportid=6512069801

https://www.spamcop.net/mcgi?action=gettrack&reportid=6512069793

https://www.spamcop.net/mcgi?action=gettrack&reportid=6512068051

https://www.spamcop.net/mcgi?action=gettrack&reportid=6512067953

Wonder who this spam gang is for that matter?

 

[anyone8]

Just FYI, at least some of us don't have access to view the reports you linked. If you only want SpamCop admin to be able to see it, that might work.

Otherwise, tracking URLs usually look like: https://www.spamcop.net/sc?id=z6266145351z9959f30df739e6d2f4bba28ae4976342z As far as I know, the easiest way to get the tracking URL is at the top of the page where you scroll down and click the button to send reports.

[gnarlymarley]

Without the IP, there is not much we as users of the spamcop service can do.  Spammers are attacking more than just port 25.  I have seen spam come directly from a router, which does not have the SMTP service.  It would appear that spammers are trying to hack and use anything that can get their message through.