oldskoolflash Posted March 10, 2005 Posted March 10, 2005 I have just recieved a spam e-mail that made me suspicious. It had identifying info in the body (it showed a reply to a message from my e-mail even though I (obviously) never e-mailed this guy. I stripped this info from the body before pharsing and to my surise the spamvertized site www.hycod.com pharses to a hotmail account as the site administrator. Obviously this set alarm bells ringing and I unchecked those boxes when reporting the spam. How has this happened, and why is spamcop pharsing to hotmail - surely no legitimate site administrator would use a hotmail account?
oldskoolflash Posted March 10, 2005 Author Posted March 10, 2005 The site www.hycod.com resolves to 210.245.226.81 which when checked on APNIC gives the following.... I guess that answers my question about why Spamcop is pharsing to hotmail, but why would any reputable site admin use hotmail?...... inetnum: 210.245.226.0 - 210.245.226.127 netname: JSTUDIO-HK country: HK descr: J-Studio Digital Solutions Company descr: SERVERS AND INTERNET ACCESS FACILITIES descr: HONG KONG admin-c: AC286-AP tech-c: AC286-AP status: ASSIGNED NON-PORTABLE changed: npconwt[at]yahoo.co.uk 20041201 mnt-by: MAINT-HK-NEWWORLDTEL source: APNIC person: Anson Chan nic-hdl: AC286-AP e-mail: anson28[at]hotmail.com address: 17/F Chevalier Commercial Centre, address: 8 Wang Hoi Road, Kowloon Bay, address: Hong Kong phone: +852-21337341 fax-no: +852-21332175 country: HK changed: anson28[at]hotmail.com 20050224 mnt-by: MAINT-HK-NEWWORLDTEL source: APNIC
oldskoolflash Posted March 10, 2005 Author Posted March 10, 2005 Ok this is really hacking me off now, I have just got another spamvertized e-mail and the site pharses back to the same joker in Hong Kong - what do you do when the spammer is the ISP hosting the site! Details: http://fimn.vgr100.com/ph/znfm/hgefsjn.php resolves to 210.245.226.81 Time to cook up some Friedspam methinks!
petzl Posted March 11, 2005 Posted March 11, 2005 Ok this is really hacking me off now, I have just got another spamvertized e-mail and the site pharses back to the same joker in Hong Kong - what do you do when the spammer is the ISP hosting the site! Details: http://fimn.vgr100.com/ph/znfm/hgefsjn.php resolves to 210.245.226.81 Time to cook up some Friedspam methinks! 25289[/snapback] ROKSO spammers are professional spam gangs If one uses SpamCop Members sort list (otherise known as the SCBL)none of it would get to your in box
get-even Posted March 11, 2005 Posted March 11, 2005 I have just recieved a spam e-mail that made me suspicious. It had identifying info in the body (it showed a reply to a message from my e-mail even though I (obviously) never e-mailed this guy. I stripped this info from the body before pharsing and to my surise the spamvertized site www.hycod.com pharses to a hotmail account as the site administrator. Obviously this set alarm bells ringing and I unchecked those boxes when reporting the spam. How has this happened, and why is spamcop pharsing to hotmail - surely no legitimate site administrator would use a hotmail account? 25287[/snapback] Homail is far from perfect, but they have an excellent "zero-tolerance" policy. Write a polite short (ten or fifteen line) message and add a copy of te *unmunged* spam and a copy of the 'whois' data for the domain " hycod.com" to abuse[at]hotmail.com. If the message doesn't bounce and you do get the standard "auto-reply", his account will likely be canceled within two days. Once the account is canceled, go to wdprs.internic.net a file a complaint saying that the email contacts are invalid - depending on the registrar, the domain (but probably not the site, which likely uses many domains) will be gone in a couple of weeks. Quick check, the registrar is Namebay Sam, so the domain will last a while, but the domain is also part of the taiwantelcom.com/taiwanmedialtd.com group, which despite its name operates mainly from Amsterdam - their domains are blacklisted right and left, and already the contacts' domain TAIWANTELCOM.COM and the name servers' domain, DNST.NET are on "hold" status - the first stage of already being deleted. On just this basis, you can already file a complaint at wdprs, and hycod.com should be on "HOLD" itself within three days; Note: this gang creates about 10 new domains a week (I know that at least 6 that were shut down last week). This is a large professional operation - expect more spam from different domains now that you are on their list.
oldskoolflash Posted March 11, 2005 Author Posted March 11, 2005 Homail is far from perfect, but they have an excellent "zero-tolerance" policy. Write a polite short (ten or fifteen line) message and add a copy of te *unmunged* spam and a copy of the 'whois' data for the domain " hycod.com" to abuse[at]hotmail.com. If the message doesn't bounce and you do get the standard "auto-reply", his account will likely be canceled within two days. Once the account is canceled, go to wdprs.internic.net a file a complaint saying that the email contacts are invalid - depending on the registrar, the domain (but probably not the site, which likely uses many domains) will be gone in a couple of weeks. 25297[/snapback] Thanks get-even that is sound advice. One hell of an effort for just one spammer though - I guess the fight must go on! How I long the day when these scumbags are put out of bussiness for good - with this kind of deceptive, illegal activity their days are numbered. I know some of the worst offenders still operate within Europe and the USA, but legislation is catching up with them. I just wish I could ban ALL incoming traffic from China, Tiawan, Korea etc. etc. until they take a tougher stance. Surely, with the technology available today (and with the idividuals permission) an IP could identify the origin of an e-mail and simply reject it on that basis. I know this sounds like i'm "chucking the baby out with the bathwater" but personally I have no e-mail communication with individuals in these countries and I should have the choice wheter to accept incoming communication from them?
oldskoolflash Posted March 11, 2005 Author Posted March 11, 2005 ROKSO spammers are professional spam gangs If one uses SpamCop Members sort list (otherise known as the SCBL)none of it would get to your in box 25295[/snapback] Great - I'm on Ralsky's list. So basically I'm now signed up for a lifetime of this crap until the US decides to respond to the complaints of a few million people and stop harbouring this criminal. This is the guy who is making everyone's lives a misery by churning out his crap on a daily basis. Ranging from copied software (hello, Microsoft!) to pharmaceutical sites selling patented drugs (hello, Pfizer!!). Both are US companies, under the umbrella of the worlds most powerful government, and this is happening in the US, by a US citizen - I'm sorry but pinch me here because I can't believe this is really happening. This is also the guy who tried to sue SpamCop if I'm not mistaken..... Sorry rant over - I guess you can sense my displeasure on finding out that I'm on this pi$$ artist's list! :angry: :angry: :angry: :angry:
Wazoo Posted March 11, 2005 Posted March 11, 2005 This is also the guy who tried to sue SpamCop if I'm not mistaken..... No, that was Scotty Richter and crew. Ralsky is the guy that feels unpatriotic at having to send so much money overseas as so many U.S. based ISPs refuse to host his "business needs" ...
oldskoolflash Posted March 11, 2005 Author Posted March 11, 2005 No, that was Scotty Richter and crew. 25310[/snapback] Sorry, yes I remember it now. Lots of fighting talk from both sides and in the end a stalemate due to ineffective legislation. From memory, he came pretty close to wining one over SpamCop due to his opt-in/opt-out argument. Mind you, didn't exactly the same thing happen when Verizon sued Ralsky, big talk, big numbers, big legal bills and no action. Europen law has toughened up recently but it is left powerless because most 80% of traffic is coming from the US (redirected through Chinese, Korean, Tiawanese etc servers). US legislation needs to get tough or these guys will continue their spew, laugh in our faces, and then pop out and buy their next Ferrari....
Wazoo Posted March 11, 2005 Posted March 11, 2005 Sorry, yes I remember it now. Lots of fighting talk from both sides and in the end a stalemate due to ineffective legislation. From memory, he came pretty close to wining one over SpamCop due to his opt-in/opt-out argument. Not my recollection at all, but ... that goes back to an ancient discussion in the Lounge area ... http://lawsuite.word-to-the-wise.com/ for some of the documentation
oldskoolflash Posted March 11, 2005 Author Posted March 11, 2005 Not my recollection at all, but ... that goes back to an ancient discussion in the Lounge area ... http://lawsuite.word-to-the-wise.com/ for some of the documentation 25323[/snapback] hmmm read all of that but am still none-the-wiser? Sorry Wazoo I know this thread is going way off topic..... but... Didn't both parties settle amicably in the end (i.e. SpamCop would continue reporting Opt-In an Opt-in would accept SpamCop reporting them?). I thought the crux of Opt-In's argument was that the munged SpamCop reports did not allow them to remove the so called "opt-in" e-mail addresses from their list? This whole opt-in clause is where the problem stems from, and unfortunately, it is a US problem... In 2000 the House of Representatives voted 427 to 1 to pass an anti-spam bill. But instead of asking users to opt-in, it asked users to request removal from the list. We all know that the concept of opting-out from a spammer is useless, and so did the experts - the bill died before reaching the Senate.
oldskoolflash Posted March 11, 2005 Author Posted March 11, 2005 That was the pro-spam lobby hard at work. 25332[/snapback] Yep - i guess so. It just confirms that this problem is not being tackled properly by the US, European law states that you have to opt-in....... The result = virtualy no spam from European ISP's. Unfortunately Ralsky & Co. continue to make big money and blight our lives, because they can, and the US lets them do it...
turetzsr Posted March 18, 2005 Posted March 18, 2005 <snip> Surely, with the technology available today (and with the idividuals permission) an IP could identify the origin of an e-mail and simply reject it on that basis. I know this sounds like i'm "chucking the baby out with the bathwater" but personally I have no e-mail communication with individuals in these countries and I should have the choice wheter to accept incoming communication from them? 25301[/snapback] ...Aren't there "blackholes" lists for this?
Recommended Posts
Archived
This topic is now archived and is closed to further replies.