mianet Posted January 20, 2005 Share Posted January 20, 2005 Well we got hit by a Nigerian scam ring that is using our auto-server sign up and stolen cards to get a valid mia.net email address to use to spam people with that crappy Nigerian spam... For details see here: http://www.mia.net/HTML/News/index.html We have used a Auto-Server signup for dialup for years, however we have altered that function. We still allow online signups, and cc billing automatically, but will now approve all accounts manually. This should prevent things like this in the future. These morons just keep signing up... It is impossible to block as it looks to be a "ring of them", or a consorted effort.. Anyway, beware. We have contacted the FTC, like it will do any good... I think they will go away now that they can no longer sign up with our service. This of course got us in SpamCop, among others.. Which begs the question again about how useful spamcop really is when problems like this occur. Obviously I am a bit irritated right now, but the method by which SC determines to ban you is still a bit flawed IMHO. We got a notification from them, ie., a complaint, and as always, responded to it SAME DAY, as we ALWAYS have. We indicated we had taken care of the problem. Nuff said, right? Nope. Given there were around 15 or so of these fraud signups, there were multiple accounts, but only one that we know of that actually was able to send mail before we killed the account. So since there were obviously more than one complaint to SpamCop, since we responded as having closed the issue, when another complaint came in, we end up banned. Our server was not open, was not exploited, was not relayed off.. This was a valid customer (though fraudulent) who not only violated our TOS, which we enforced, but also used a stolen CC. We killed the account within 20 minutes of its creation. So we end up in SC anyway... Something is not right. I can only imagine that a larger ISP gets thousands of fraudulent orders a day/week, so that said, how do they avoid this? I've been a member of SC almost since the beginning, and always rspond to any and all complaints SAME DAY, but am still left with the possibility of waiting 20 hours for removal. Anyway.. What can I do? Thank you.. Link to comment Share on other sites More sharing options...
Merlyn Posted January 20, 2005 Share Posted January 20, 2005 Just an observation but it looks like you were not too concerned before: host 209.236.224.195 = mail.mia.net Parsing input: 209.236.224.195 host 209.236.224.195 = mail.mia.net (cached) ISP does not wish to receive reports regarding 209.236.224.195 - no date available Also I do not see that IP listed or any of your other IP's. Which one are you talking about? Link to comment Share on other sites More sharing options...
Wazoo Posted January 21, 2005 Share Posted January 21, 2005 http://openrbl.org/ip/209/236/224/195.htm shows one losting Lookup 209.236.224.195 (mail.mia.net) in 20+9 Zones AS: [NO_ROUTE] Net 209/8 IANA-NETBLOCK-209 ? Results: Positive=1, Negative=27, Timeouts=1 (2005-01-21 00:02:19 UTC) PSBL/surriel.com: 553 PSBL spam received SpamCopBL currently showing; 209.236.224.195 not listed in bl.spamcop.net Link to comment Share on other sites More sharing options...
mianet Posted January 21, 2005 Author Share Posted January 21, 2005 Just an observation but it looks like you were not too concerned before: host 209.236.224.195 = mail.mia.net Parsing input: host 209.236.224.195 = mail.mia.net (cached) ISP does not wish to receive reports regarding 209.236.224.195 - no date available Also I do not see that IP listed or any of your other IP's. Which one are you talking about? 23382[/snapback] Odd... That is not true. We always respond to any complain, and always same day. I never requested not to be notified. We do receive reports for "209.236.224.195" and wish to continue to do so. How that shows up that way is beyond me.. Seems like a bug. Yes, it looks as though the IP was pulled earlier today Thank you. Link to comment Share on other sites More sharing options...
Merlyn Posted January 21, 2005 Share Posted January 21, 2005 It is not a bug and you are not currently listed. What IP are you questioning? Link to comment Share on other sites More sharing options...
agsteele Posted January 21, 2005 Share Posted January 21, 2005 Our server was not open, was not exploited, was not relayed off.. This was a valid customer (though fraudulent) who not only violated our TOS, which we enforced, but also used a stolen CC. We killed the account within 20 minutes of its creation. So we end up in SC anyway... Something is not right. I can only imagine that a larger ISP gets thousands of fraudulent orders a day/week, so that said, how do they avoid this? I've been a member of SC almost since the beginning, and always rspond to any and all complaints SAME DAY, but am still left with the possibility of waiting 20 hours for removal. 23378[/snapback] I appreciate your frustration but, as you realise as a long term user, this is the way the blocklist works. Because I, as a recipient, want to reject messages from your Nigerian friends I can use the SpamCop BL to reject all messages originating from your servers confident that as soon as you stop the flow you'll be delisted promptly and I can safely accept your incoming mail once again. Seems to me that the blocklist worked correctly. Thanks, too, for your prompt action in tackling the issue. Andrew Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.