Why does Spamcop refuse to bother these people?

[Christine]

These are just a few of the spams I've been sent in the past few days with links that resolve to nic.br. Whoever these people are, they sure do seem to want my money for their sleazy counterfeit handbags.

I would very much like them to be bothered, as I don't believe they qualify as "innocents."

http://www.spamcop.net/sc?id=z696002223ze0...11865ce4af6a4bz

http://www.spamcop.net/sc?id=z696003224z5f...f099e5f4f02b1cz

http://www.spamcop.net/sc?id=z696040433zfc...ab6240c90d7a2dz

[contact]

It is actually the ISP that has clicked "I refused to bother" on the feedback/answer page, after SpamCop alerted or "bothered" them with a spam email notice.

I also get lots of spams from the nic.br, as well as from

"I refuse to bother abuse[at]nic.mx"

[petzl]

I've been sent in the past few days with links that resolve to nic.br

One of the many abilities of a SpamCop email account is to block email from spam ignorant/friendly Countries such as Brazil. So unless a specific email address is in my WhiteList all email from Brazil is in my "report as spam" folder.

When reported (at click of mouse, as easy as this) they are then added to SpamCops Blocklist (SCBL). So even if a ISP does not accept abuse reports they cannot send email which means there sites do not get traffic (It is not wise to check spam sites at any rate as many are trying to access your computer with trojan/virus's)

At present with so many offshore countries spam tolerant a SpamCop email account is now almost compulsory. As once these low lifes have your address the spam will not stop and infact increase till you have to dump that email address. At least by reporting that email address you are stopping the spam getting to those who use SCBL and this is before it is sent not after.

A spam run would take the spammer hours to send and SCBL can have it bitbinned in seconds and going nowhere

[Christine]

The address is question is a .edu which unfortunately has been published in quite a few places, which means that I can't get rid of it and it gets a fair amount of spam. And since the University has to let e-mail from Brazilian and Chinese and Korean professors and family members through...

I also can't really forward it to a filtered account because right now I'm doing most of my mail checking on public and semi-public machines.

spam Cop is a great way to relax and blow off steam, I must say.

[Wazoo]

First of all .. nic.br is an IP allocation place. Specifically, they don't do the web-hosting, providing of e-mail services, etc. Just the who gets the use of an IP address block. Way back when, I'm thinkning that they had requested to be an additional notify on complaints, but my memory may be faulty on this one.

On the other hand, what a frigging mess the research decides to turn out with ...

From the SpamCOp routing tables, which seems to show the "added" status of the

nic.br folks ....

Reports routes for 201.6.84.106:

routeid:11175170 201.6.0.0 - 201.6.127.255 to:mail-abuse[at]nic.br

Administrator found from whois records

routeid:11175168 201.6.0.0 - 201.6.127.255 to:abuse[at]virtua.com.br

Administrator found from whois records

Non-authoritative answer

Recursive queries supported by this server

Query for 106.84.6.201.in-addr.arpa type=255 class=1

106.84.6.201.in-addr.arpa PTR (Pointer) c906546a.virtua.com.br

84.6.201.in-addr.arpa NS (Nameserver) dns2.virtua.com.br

84.6.201.in-addr.arpa NS (Nameserver) ns.embratel.com.br

84.6.201.in-addr.arpa NS (Nameserver) dns1.virtua.com.br

dns1.virtua.com.br A (Address) 201.6.0.100

dns2.virtua.com.br A (Address) 201.6.0.102

whois -h whois.lacnic.net 201.6.84.106 ...

inetnum: 201.0/12

status: allocated

owner: Comite Gestor da Internet no Brasil

ownerid: BR-CGIN-LACNIC

remarks: These addresses have been further assigned to Brazilian users.

remarks: Contact information can be found at the WHOIS server located

remarks: at whois.registro.br and at http://whois.nic.br

whois -h whois.nic.br 201.6.84.106 ...

% Permission denied.

remarks: Security issues should also be addressed to

remarks: nbso[at]nic.br, http://www.nbso.nic.br/

remarks: Mail abuse issues should also be addressed to

remarks: mail-abuse[at]nic.br

whois -h whois.registro.br 201.6.84.106 ...

% Permission denied.

remarks: Security issues should also be addressed to

remarks: nbso[at]nic.br, http://www.nbso.nic.br/

remarks: Mail abuse issues should also be addressed to

remarks: mail-abuse[at]nic.br

http://whois.nic.br/

query done on www.emcaj.agocras.net

Permissão negada.

remarks: Security issues should also be addressed to

remarks: nbso[at]nic.br, http://www.nbso.nic.br/

remarks: Mail abuse issues should also be addressed to

remarks: mail-abuse[at]nic.br

http://www.nbso.nic.br/ - don't speak the language, but perhaps the graphic at http://www.nbso.nic.br/stats/spam/ is supposed to offer up the warm fuzzy feeling that something is being done ????? (oops, saw the "English button .... one hell of a list of tools found at http://www.nbso.nic.br/tools/ ) .. but still see nothing that relates to answering the original query here, unless you want to follow through on a "security" type issue complaint, based on the opening paragraph;

NBSO is the Brazilian Computer Emergency Response Team, sponsored by the Brazilian Internet Steering Committee, responsible for receiving, reviewing, and responding to computer security incident reports and activity related to networks connected to the Brazilian Internet.

However, going back to the original "complaint" about the line;

"I refuse to bother postmaster[at]nic.br"

That spam report / complaint is actually handled, as seen in the later list of targets;

Internal spamcop handling: (spambr)

mail-abuse[at]nic.br

spam[at]virtua.com.br

abuse[at]virtua.com.br

and the line;

antispambr[at]abuse.net redirects to spambr[at]admin.spamcop.net

which infers an internal routing table in a SpamCop database.

Things are not as clear cut as they seems ... and still working on the "Permission denied" response I'm getting on the whois look-ups.

[turetzsr]

First of all .. nic.br is an IP allocation place.  Specifically, they don't do the web-hosting, providing of e-mail services, etc.  Just the who gets the use of an IP address block.  Way back when, I'm thinkning that they had requested to be an additional notify on complaints, but my memory may be faulty on this one.

<snip>

20516[/snapback]

...No Wazoo, I am quite certain that your memory of this is quite accurate, as I have a very clear memory of that! <g>

...[Edit] And my memory was good:

% Copyright registro.br

%  The data below is provided for information purposes

%  and to assist persons in obtaining information about or

%  related to domain name and IP number registrations

%  By submitting a whois query, you agree to use this data

%  only for lawful purposes.

%  2004-11-24 19:15:34 (BRST -02:00)

inetnum:      201.6/16

asn:          AS28573

ID abusos:    AFS352

entidade:  NET Serviços de Comunicação S.A.

<snip>

remarks:  Security issues should also be addressed to

remarks:  nbso[at]nic.br, http://www.nbso.nic.br/

remarks:  Mail abuse issues should also be addressed to

remarks:  mail-abuse[at]nic.br [emphasis mine -- Steve T]

<snip>

[Miss Betsy]

spam Cop is a great way to relax and blow off steam, I must say.

Absolutely!

The 'refuse to bother' line is there because spamcop refuses to stoop to the level of spammers and will not send reports to those who request that they not be sent. In this case, I believe they go to a special handling address (an arrangement between the receiver and spamcop for a special non public email address). Whatever the disposition of the report, it will be added to the blocklist (you may see 'devnull' in the report address which means the report goes nowhere, but the IP address is counted against the blocklist).

And wherever it goes, there is nothing like hitting the 'send' button to relieve your frustration!

Miss Betsy

[petzl]

The address is question is a .edu which unfortunately has been published in quite a few places, which means that I can't get rid of it and it gets a fair amount of spam.  And since the University has to let e-mail from Brazilian and Chinese and Korean professors and family members through...

I also can't really forward it to a filtered account because right now I'm doing most of my mail checking on public and semi-public machines.

spam Cop is a great way to relax and blow off steam, I must say.

20513[/snapback]

Even more reason to block their email (Professional people should be educated in abilities to explain to their ISP's that spam is not tolerated and hurting their homeland) Rub some salt in by explaining that they have to post from a Hotmail account as they are in a Country where it is impossible to differentiate their email from spam which is mainly a menace

That said a WhiteList overrides any blacklist setting so specific email or domains would get through but not others. (And SpamCop Email has this ability)

I have a diamond mine in Brazil, I get all reports from there even though Brazil is blocked but not specific email addresses. I also get email from China a simple matter to whitelist genuine domains

It seems that spammers hurt Australia ( a reformed spam tolerant county) enough for the Government to fine Australian Spammers a million dollars a day and seems to have halted spam from here (I'm in Australia)