pedro_burrito Posted February 10, 2004 Share Posted February 10, 2004 I see in spamcop that someone has reported us twice. I will gladly block the person sending the offending email if I had more information. Here is the info in spamcop: A sample sent sometime during the 24 hours beginning Friday, February 06, 2004 7:00:00 PM -0500: Received: from -.-.net ([207.140.74.231])- by -.-.net- (- -.-.-.-.- -) with - id <-207-.-.-.-.net[at]-.-.net>- for <-[at]-.net>- Sat, - Feb 2004 - - Subject: property matches for emma rich found on - From: mi.. at ..r.com A sample sent sometime during the 24 hours beginning Sunday, February 08, 2004 7:00:00 PM -0500: Received: from -.-.net ([207.140.74.231])- by -.-.net- (- -.-.-.-.- -) with - id <-.-.-.-.net[at]-.-.net>- for <-[at]-.net>- Mon, - Feb 2004 - - Subject: property matches for emma rich found on - From: mi.. at ..r.com My two MTA's are 207.140.74.231 and 12.32.9.121. Can I get the email address of the offender? I can block him/her from ever sending another email out of my system. Link to comment Share on other sites More sharing options...
jefft Posted February 10, 2004 Share Posted February 10, 2004 I see in spamcop that someone has reported us twice. I will gladly block the person sending the offending email if I had more information. Here is the info in spamcop: You need to email the deputies for more information: deputies[at]admin.spamcop.net JT Link to comment Share on other sites More sharing options...
Spambo Posted February 10, 2004 Share Posted February 10, 2004 I see in spamcop that someone has reported us twice. I will gladly block the person sending the offending email if I had more information. Here is the info in spamcop: [snip] My two MTA's are 207.140.74.231 and 12.32.9.121. Can I get the email address of the offender? I can block him/her from ever sending another email out of my system. Reports for both IPs would be sent to abuse[at]att.net http://www.spamcop.net/sc?track=12.32.9.121 http://www.spamcop.net/sc?track=207.140.74.231 AT&T is ultimately responsible for the IPs, if their abuse department hasn't contacted you about the spam reports (which isn't to surprising in itself) then you should contact them. Insist that they inform you when IPs they've assigned to you are being used to abuse other people & networks. If AT&T's abuse department still has the reports on file you may be able to contact the person(s) who reported the spam by sending an email to the return address on the spam reports. The email will be forwarded to the person(s) filing the reports but only for a limited amount of time. Since both reports seem to have been filed in January it's possible the temporary return address(es) have expired. A word of caution: While SpamCop will forward responses to a spam report (within the time limitations) to the person filing the report, it cannot make them respond to you. A nicely worded email will have a better chance of being replied to than something terse.. Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2004 Share Posted February 10, 2004 I see in spamcop that someone has reported us twice. I will gladly block the person sending the offending email if I had more information. Here is the info in spamcop: A sample sent sometime during the 24 hours beginning Friday, February 06, 2004 7:00:00 PM -0500: Received: from -.-.net ([207.140.74.231])- by -.-.net- (- -.-.-.-.- -) with - id <-207-.-.-.-.net[at]-.-.net>- for <-[at]-.net>- Sat, - Feb 2004 - - Subject: property matches for emma rich found on - From: mi.. at ..r.com A sample sent sometime during the 24 hours beginning Sunday, February 08, 2004 7:00:00 PM -0500: Received: from -.-.net ([207.140.74.231])- by -.-.net- (- -.-.-.-.- -) with - id <-.-.-.-.net[at]-.-.net>- for <-[at]-.net>- Mon, - Feb 2004 - - Subject: property matches for emma rich found on - From: mi.. at ..r.com My two MTA's are 207.140.74.231 and 12.32.9.121. Can I get the email address of the offender? I can block him/her from ever sending another email out of my system. as the results of a quick lookup on one of the IPA's you list results in; nslookup 12.32.9.121 Canonical name: mta04.interealty.net And if we make the assumption that you're not really a lowlife spamming type, then the question would be "just how many" e-mails did you send out with that specific Subject Line? Again, one would think that you'd only have one entry in your database for a person by the name of Emma Rich .....????? Link to comment Share on other sites More sharing options...
pedro_burrito Posted February 10, 2004 Author Share Posted February 10, 2004 Assuming that I am not a low life spammer ;-} I have over 10,000 real estate agents and brokers sending out house for sale listings via email to their clients through my systems. I've got 300 different servers funneling email listings through two virus checker machines and then through my two MTA's. The specific subject line is not included in any of the logs that I've found on my mta's or virus checkers. That was the first thing I searched for (emma rich). Link to comment Share on other sites More sharing options...
Chris Parker Posted February 10, 2004 Share Posted February 10, 2004 I have over 10,000 real estate agents and brokers sending out house for sale listings via email to their clients through my systems. I've got 300 different servers funneling email listings through two virus checker machines and then through my two MTA's. The specific subject line is not included in any of the logs that I've found on my mta's or virus checkers. That was the first thing I searched for (emma rich). Well, the email in the reported spam had: mi.. at ..r.com Not sure how many of them start with "MI" and end with "R.COM" Might be enough to see who to watch, or contact directly... Link to comment Share on other sites More sharing options...
jefft Posted February 10, 2004 Share Posted February 10, 2004 Assuming that I am not a low life spammer ;-} I have over 10,000 real estate agents and brokers sending out house for sale listings via email to their clients through my systems. I've got 300 different servers funneling email listings through two virus checker machines and then through my two MTA's. The specific subject line is not included in any of the logs that I've found on my mta's or virus checkers. That was the first thing I searched for (emma rich). Pedro, The deputies at the address above can give you the details, including the email headers. It sounds like you're running a fairly big operation. I had a look at your two IP's appears to have generated only a couple of complaints. And, we've detected thousands of emails coming out of your servers. Your servers have never been blacklisted and are 20 times lower than the treshold needed for blacklisting. In short, they appear very clean. In this case, I probably really wouldn't worry about it. Users do make mistakes and it's possible that someone erroneously reported a legitimate message to SpamCop. Since your complaints ratio is very low, it's clear that there really isn't spamming going on. Either an agent or a customer made a mistake or there was a misunderstanding. If you're going to be sending this volume of email, you may want to get the reports yourself instead of having them sent to AT&T. If you can get your IP space allocated (SWIP) to you, then you'll receive the reports directly. JT p.s. It appears the person who reported these spams really is named Emma Rich. Link to comment Share on other sites More sharing options...
Wazoo Posted February 10, 2004 Share Posted February 10, 2004 Assuming that I am not a low life spammer ;-} I have over 10,000 real estate agents and brokers sending out house for sale listings via email to their clients through my systems. I've got 300 different servers funneling email listings through two virus checker machines and then through my two MTA's. The specific subject line is not included in any of the logs that I've found on my mta's or virus checkers. That was the first thing I searched for (emma rich). ok, had to start somewhere <g> There was no visible sign to this point as to the size of your situation, though the DNS did suggest that you probably weren't running things from the living room ... Think JT has given you the best next steps to take. Good luck! Link to comment Share on other sites More sharing options...
WB8TYW Posted February 11, 2004 Share Posted February 11, 2004 It is quite possible that Ms Rich is a victim of having a "cute" name, or an overly helpful "friend". Some of the MLS systems that I visited in a home search a few years ago required an e-mail address in order to get to the listings. They accepted anything that looked like an e-mail address, and let you in. They also required an address with a valid zip code. Apparently this feature is not being abused too badly so far. But it probably would be a good idea to require the e-mailed addresse respond to a confirmation token before sending content to them. -John Personal Opinion Only Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.