Miss Betsy Posted March 27, 2005 Share Posted March 27, 2005 As for the time stamping, if you look at the tracker now the time when the ISP resolved the issue seems to have changed: Out of curiosity, I looked at the tracker URL to see if it had changed again. It was still the original time. For some reason I never sent this post. It is now hours later. Miss Betsy Link to comment Share on other sites More sharing options...
mrmaxx Posted March 29, 2005 Share Posted March 29, 2005 mrmaxx, maybe you can solve your problem by updating Outlook. I have tested the exact message you posted, and it comes up as completely blank for me in the most recent versions of Outlook and Outlook Express. These programs now seem to respect the MIME specifications just fine and ignore everything behind the final boundary delimiter. The good news is, if the spam was really sent as posted, the spammer has wasted his time for all recipients who have properly working email clients 25988[/snapback] Much as I'd love to update the version of Outlook, I can't. This is a corporate environment and we don't have licenses for newer versions of LookOut... err Outlook. Heck, if I could, I'd ditch Outlook entirely. I'm VERY anti-MS software. :-) Link to comment Share on other sites More sharing options...
Jeff G. Posted March 29, 2005 Share Posted March 29, 2005 Try asking your Microsoft contacts to fix this important security problem with their product - it now appears to fail the implied warranty of fitness of purpose. Then again, IANAL. Link to comment Share on other sites More sharing options...
mrmaxx Posted March 29, 2005 Share Posted March 29, 2005 Try asking your Microsoft contacts to fix this important security problem with their product - it now appears to fail the implied warranty of fitness of purpose. Then again, IANAL. 26063[/snapback] Hah! Do you know what it's like trying to get "support" from Microsoft without them charging an arm and a leg?!?! Link to comment Share on other sites More sharing options...
Jeff G. Posted March 29, 2005 Share Posted March 29, 2005 If you have lawyers on retainer (or even on staff), then you can ask your lawyers to ask their lawyers. Seriously, I hear that responsibilities under warranties of fitness of purpose are not easily shirked, especially if the FTC gets involved. Link to comment Share on other sites More sharing options...
mrmaxx Posted March 29, 2005 Share Posted March 29, 2005 If you have lawyers on retainer (or even on staff), then you can ask your lawyers to ask their lawyers. Seriously, I hear that responsibilities under warranties of fitness of purpose are not easily shirked, especially if the FTC gets involved. 26070[/snapback] "Lawyer on Retainer..." Oh, that's good... I'm assuming we do, but I have no access to 'em... I'm just a peon. :-) Link to comment Share on other sites More sharing options...
Gromit Posted March 29, 2005 Share Posted March 29, 2005 Okay, I'm pretty sure this is what you all are talking about, but I haven't seen it addressed this way: http://www.spamcop.net/sc?id=z747217631zf7...1a352676dac9e2z --- Finding links in message body Parsing text part Resolving link obfuscation http://decline.easy-home-loans.org/rem.php http://accepted.easy-home-loans.org/2/inde...proved/callback Please make sure this email IS spam: From: "Wade M. Dillon" <wadedillonvx[at]worldnet.att.net> (Top Notch Refinances hassle free) You have been pre-approved for a $400,000 Home Loan at a Fixed Rate as low as 3.25%. This offer is being extended to you View full message --- You'll notice it skips from "Resolving link obfuscation" straight to "please make sure it is spam" without doing anything about the links. Oddly, if I hit refresh a bunch of times (up to 20, but only twice this time), sooner or later SC decides to do something about it and pulls out the contact information on the links. Link to comment Share on other sites More sharing options...
mrmaxx Posted March 29, 2005 Share Posted March 29, 2005 Okay, I'm pretty sure this is what you all are talking about, but I haven't seen it addressed this way: http://www.spamcop.net/sc?id=z747217631zf7...1a352676dac9e2z (snip) 26072[/snapback] Yeah.. that's one of the problems.... Another problem is that SC never even *sees* the spamvertised URLs. Link to comment Share on other sites More sharing options...
Gromit Posted March 29, 2005 Share Posted March 29, 2005 Yeah, I've noticed that one too. Link to comment Share on other sites More sharing options...
trpted Posted March 30, 2005 Author Share Posted March 30, 2005 http://www.spamcop.net/sc?id=z747473816z87...ec0fd4ab662b75z host qfl.loacm.com (checking ip) ip not found ; qfl.loacm.com discarded as fake. Cannot resolve http://qfl.loacm.com But using whois does ( http://dnsstuff.com/tools/whois.ch?ip=loacm.com&email=on) resolve the top level domain name loacm.com . Could I report them because it is in their, subdomain to be exact, domain? Link to comment Share on other sites More sharing options...
Jeff G. Posted March 30, 2005 Share Posted March 30, 2005 qfl.loacm.com [202.99.172.176] resolves for me at present, but only forward. SpamCop's parser suggest reporting the IP Address to abuse<at>cnc-noc.net, for all the good that will do, and the immediate upstream's abuse desk is abuse<at>att.net. Link to comment Share on other sites More sharing options...
trpted Posted March 31, 2005 Author Share Posted March 31, 2005 qfl.loacm.com [202.99.172.176] resolves for me at present, but only forward. SpamCop's parser suggest reporting the IP Address to abuse<at>cnc-noc.net, for all the good that will do, and the immediate upstream's abuse desk is abuse<at>att.net. 26106[/snapback] How did you find that out? Link to comment Share on other sites More sharing options...
Jeff G. Posted March 31, 2005 Share Posted March 31, 2005 I was (and am) on a Win98 box with no installation permission, so my options were limited. I was able to ping qfl.loacm.com and the ping command replied as follows: Pinging qfl.loacm.com [202.99.172.176] with 32 bytes of data: Reply from 202.99.172.176: bytes=32 time=444ms TTL=44 Reply from 202.99.172.176: bytes=32 time=421ms TTL=44 Reply from 202.99.172.176: bytes=32 time=427ms TTL=44 Reply from 202.99.172.176: bytes=32 time=484ms TTL=44 Ping statistics for 202.99.172.176:   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:   Minimum = 421ms, Maximum = 484ms, Average = 444ms When I tried to reverse the process with "ping -a 202.99.172.176", it did not resolve, as follows: Pinging 202.99.172.176 with 32 bytes of data: Reply from 202.99.172.176: bytes=32 time=441ms TTL=44 Reply from 202.99.172.176: bytes=32 time=453ms TTL=44 Reply from 202.99.172.176: bytes=32 time=436ms TTL=44 Reply from 202.99.172.176: bytes=32 time=416ms TTL=44 Ping statistics for 202.99.172.176:   Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds:   Minimum = 416ms, Maximum = 453ms, Average = 436ms Also, http://www.spamcop.net/sc?track=202.99.172.176 reports the following: Parsing input: 202.99.172.176 host 202.99.172.176 (getting name) no name Reporting addresses: abuse[at]cnc-noc.net I then traced a route to that IP Address to find its upstream (because I don't trust cnc-noc.net): 5 198 ms  42 ms 370 ms gbr6-p29.n54ny.ip.att.net [12.123.219.38] 6 115 ms  42 ms 315 ms tbr1-p012401.n54ny.ip.att.net [12.122.11.13] 7 369 ms  35 ms 366 ms tbr1-cl1.cgcil.ip.att.net [12.122.10.2] 8  85 ms 354 ms 259 ms tbr2-cl2.cgcil.ip.att.net [12.122.9.134] 9  88 ms 358 ms 362 ms tbr2-cl7.sl9mo.ip.att.net [12.122.10.46] 10 168 ms 446 ms 310 ms tbr2-cl2.la2ca.ip.att.net [12.122.10.14] 11  95 ms 111 ms 378 ms gbr6-p30.la2ca.ip.att.net [12.122.11.158] 12 199 ms 395 ms 366 ms gar2-p370.la2ca.ip.att.net [12.123.28.173] 13 472 ms 418 ms 408 ms 12.127.139.18 14 459 ms 419 ms 402 ms 219.158.3.25 15 427 ms 420 ms 416 ms 219.158.7.42 16 284 ms 286 ms 285 ms 202.99.160.254 17 287 ms 282 ms 288 ms 61.182.174.25 18 417 ms 419 ms 416 ms 61.182.174.70 19 421 ms 446 ms 465 ms 61.182.174.118 20 434 ms 467 ms 465 ms 61.182.175.137 21 475 ms *   471 ms 202.99.172.176 Hop 13 belongs to AT&T and Hop 14 belongs to CNC-NOC. Link to comment Share on other sites More sharing options...
turetzsr Posted March 31, 2005 Share Posted March 31, 2005 qfl.loacm.com [202.99.172.176] resolves for me at present, but only forward. SpamCop's parser suggest reporting the IP Address to abuse<at>cnc-noc.net, for all the good that will do, and the immediate upstream's abuse desk is abuse<at>att.net. 26106[/snapback] How did you find that out?26153[/snapback] ...There are probably any number of ways; I would first do a tracert<snip steps that are within my employer's network>  9  40 ms  50 ms  40 ms 12.119.89.97 10  40 ms  50 ms  40 ms gbr1-p53.phlpa.ip.att.net [12.123.205.2] 11  40 ms  50 ms  40 ms tbr2-p012501.phlpa.ip.att.net [12.122.12.105] 12  70 ms  70 ms  81 ms tbr1-cl1.dtrmi.ip.att.net [12.122.10.37] 13 100 ms  80 ms  80 ms 12.122.12.186 14  61 ms  60 ms  60 ms tbr2-cl2.sl9mo.ip.att.net [12.122.9.142] 15 111 ms 110 ms 100 ms tbr2-cl2.la2ca.ip.att.net [12.122.10.14] 16  90 ms  91 ms 100 ms gbr6-p30.la2ca.ip.att.net [12.122.11.158] 17 151 ms 100 ms 120 ms gar2-p370.la2ca.ip.att.net [12.123.28.173] 18 *   301 ms 320 ms 12.127.139.18 19 *   300 ms 311 ms 219.158.3.9 20 *   380 ms * 219.158.4.30 21 *   631 ms * 219.158.8.230 22 440 ms *   431 ms 202.99.160.254 23 501 ms 440 ms 431 ms 61.182.174.25 24 320 ms 311 ms 320 ms 61.182.174.70 25 450 ms *   451 ms 61.182.174.118 26 451 ms *   440 ms 61.182.175.137 27 460 ms 461 ms * 202.99.172.176 28 470 ms 441 ms * 202.99.172.176 29 481 ms 440 ms 461 ms 202.99.172.176 Noting that everything from hop 29 back to 19 is also China (and, therefore, abuse[at]cnc-noc.net), an ARIN lookup on the IP address associated with hop 18, 12.127.139.18, shows that it belongs to att.net, then going to Network Abuse Clearinghouse lookup to find Look up an address in the abuse.net contact database abuse[at]att.net (for att.net) Link to comment Share on other sites More sharing options...
trpted Posted April 1, 2005 Author Share Posted April 1, 2005 I then traced a route to that IP Address to find its upstream (because I don't trust cnc-noc.net):Hop 13 belongs to AT&T and Hop 14 belongs to CNC-NOC. 26158[/snapback] Why do you not trust cnc-noc.net ? Link to comment Share on other sites More sharing options...
Wazoo Posted April 1, 2005 Share Posted April 1, 2005 Why do you not trust cnc-noc.net ? Something along the lines of years of the lack of any sign of action taken to handle spam complaints perhaps? Link to comment Share on other sites More sharing options...
Jeff G. Posted April 1, 2005 Share Posted April 1, 2005 Yes, but I'd add in open proxies and other security issues. Link to comment Share on other sites More sharing options...
Wazoo Posted April 1, 2005 Share Posted April 1, 2005 For the user that took exception to a Warning action, the response you seem to be looking for is found in a Topic opened up in the Lounge area. I'd say it's a bit beyond absurd to block someone and then complain that the blocked party doesn't answer ... but, as you stated, you're the expert. Link to comment Share on other sites More sharing options...
NeilMaybin Posted April 5, 2005 Share Posted April 5, 2005 This problem is continuing - see: http://www.spamcop.net/sc?id=z749459020z20...37d83428b518bbz or http://www.spamcop.net/sc?id=z749460010zb3...91193e827ea130z for example. Have the lowlife at 12refinancenow, homestoneloans etc found a neat way of outwitting Spamcop? Has no one come up with a solution yet? Link to comment Share on other sites More sharing options...
dra007 Posted April 5, 2005 Share Posted April 5, 2005 spamcop.net,Apr 5 2005, 02:54 PM]/snip Have the lowlife at 12refinancenow, homestoneloans etc found a neat way of outwitting Spamcop? Has no one come up with a solution yet? 26300[/snapback] not to my knowledge, they have been spamming me daily for months.. they are also tricking the spam filters on my providers no matter how often and persistently I report them everywhere.. Link to comment Share on other sites More sharing options...
NeilMaybin Posted April 9, 2005 Share Posted April 9, 2005 Interestingly, some of the URLs they've used get reported straight away, for example, excellentlowrates. Hwoever, their current home of lowrateway seems to fool Spamcop: http://www.spamcop.net/sc?id=z750765448z40...0f62c0aa1d19baz Link to comment Share on other sites More sharing options...
Wazoo Posted April 10, 2005 Share Posted April 10, 2005 spamcop.net,Apr 9 2005, 06:12 PM]Interestingly, some of the URLs they've used get reported straight away, for example, excellentlowrates. Hwoever, their current home of lowrateway seems to fool Spamcop: http://www.spamcop.net/sc?id=z750765448z40...0f62c0aa1d19baz There is some confusion here, especially on my part. Your Tracking URL includes the following data; Reports regarding this spam have already been sent: Re: 67.160.155.156 (Silent report about source of mail) Reportid: 1399225289 To: mole[at]devnull.spamcop.net Mole reporting only goes after the source of the spam .. but then again, http://www.spamcop.net/fom-serve/cache/373.html makes no mention of this. Now wondering where I picked up thought ...???? Link to comment Share on other sites More sharing options...
jc` Posted April 13, 2005 Share Posted April 13, 2005 You'll notice it skips from "Resolving link obfuscation" straight to "please make sure it is spam" without doing anything about the links. Oddly, if I hit refresh a bunch of times (up to 20, but only twice this time), sooner or later SC decides to do something about it and pulls out the contact information on the links. 26072[/snapback] This is exactly the symptom I've been experiencing a lot lately. Thanks for the tip to refresh the page: sure enough, it worked when parsing a past report, but sadly SpamCop won't now send notices to the web host administrators. Reference URL: http://www.spamcop.net/sc?id=z752117317zf4...59cd0156ef8812z (shows info on the embedded URLs now, since I refreshed until the parser capitulated.) Link to comment Share on other sites More sharing options...
Wazoo Posted April 14, 2005 Share Posted April 14, 2005 First of all, let me state once again .. there is nothing to stop one from manually generating and submitting one's own complaint. That said ... This last spam item includes the spamvertised www.soft-cds.com .... I'l jump over the usual trace-route and WHOIS data and simply point to the results shown at http://www.dnsreport.com/tools/dnsreport.c...ww.soft-cds.com ... demonstrating that some crappy DNS service is in the mix, more than likely intentionally. Link to comment Share on other sites More sharing options...
jc` Posted April 24, 2005 Share Posted April 24, 2005 That'll be the same (intentional) problem that's preventing SpamCop from reporting uniquesubdomain.monarchic.net/g2/, then. Is there nothing that can be done? - jc Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.