DavidT Posted May 22, 2005 Share Posted May 22, 2005 I found 8 rather long messages in my SC Held Mail this weekend, all with the Subject line: Spamming by Microsoft - Confidential Report [ 1 of 22 ] They're from Robert Soloway, a top-10 ROKSO spammer: http://www.spamhaus.org/rokso/listing.lass...net%20Marketing His operation was recently targeted by Microsoft in their anti-spam legal efforts: http://www.oreillynet.com/pub/a/network/20.../spamkings.html Soloway is promising to send out billions of his anti-Microsoft messages, apparently in 22 installments (see Subject line above), and has been posting in the anti-spam Usenet group, NANAE: http://groups-beta.google.com/group/news.a...747455587b195e8 DT Link to comment Share on other sites More sharing options...
Merlyn Posted May 22, 2005 Share Posted May 22, 2005 Do you have the headers from one you can share or maybe a link to the Spamcop parse? It's origins would be interesting. :-) Link to comment Share on other sites More sharing options...
DavidT Posted May 22, 2005 Author Share Posted May 22, 2005 I thought about posting a Tracking URL on one of them (I reported them manually), but they were all from hijacked/zombied machines all over the world, so the sources are pretty random. Here...I'll give you the rest of the headers on a sample (this one happened to come to me courtesy of Comcast's incompetence): Return-Path: <contact[at]spamis.org> (snip) Received: from c-66-30-238-22.hsd1.ma.comcast.net (c-66-30-238-22.hsd1.ma.comcast.net [66.30.238.22]) by x.com (8.11.6/8.11.6) with SMTP id j4LHlwU10728 for <x[at]x.com>; Sat, 21 May 2005 13:47:58 -0400 Received: from 182.224.8.192 by 66.30.238.22; Sat, 21 May 2005 11:40:06 -0700 Message-ID: <FXIEVVJPLAQAKIWGGAYCRFJS[at]catcha.com > From: "SPAMIS" <contact[at]spamis.org> Reply-To: "SPAMIS" <contact[at]spamis.org> To: x[at]x.com Subject: Spamming by Microsoft - Confidential Report [ 1 of 22 ] Date: Sat, 21 May 2005 17:48:06 -0100 X-Mailer: eGroups Message Poster MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--6557527546179637839" X-Priority: 3 X-MSMail-Priority: Normal Link to comment Share on other sites More sharing options...
Merlyn Posted May 22, 2005 Share Posted May 22, 2005 So, just more proof he is raping machines and stealing resources to spam. Thanks.... Link to comment Share on other sites More sharing options...
acebirddog Posted August 11, 2005 Share Posted August 11, 2005 This guy has been pulling a "Joe Job" on me... I am getting about 40 to 50 failed delivery messages every hour. All of them with random *usernames[at]mydomain.com. Analyzing the headers, they are all from Open Proxies. 14 different ones so far. Not much I can do. Cannot seem to block IP addresses fast enough. I turned off my catch all but it is still doing damage. They need to send this guy to jail. I know he is the one that is sending out the viagra and other drug spam, as well as selling his opt-in mailing list to whoever will pay for it. I would sure like to see him get the full punishment of law. Link to comment Share on other sites More sharing options...
Jeff G. Posted August 11, 2005 Share Posted August 11, 2005 I am getting about 40 to 50 failed delivery messages every hour. All of them with random *usernames[at]mydomain.com. Analyzing the headers, they are all from Open Proxies. 14 different ones so far. Not much I can do. Cannot seem to block IP addresses fast enough. 31568[/snapback] Those are misdirected bounces, which should be avoided by using 500-series errors during the SMTP transaction. Such misdirected bounces are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Misdirected bounces section of Why are auto-responders (and delayed bounces) bad?. Link to comment Share on other sites More sharing options...
Turmoyl Posted August 11, 2005 Share Posted August 11, 2005 He's just throwing a tantrum due to Scott Richter getting crushed by M$ earlier this week. By tonight we (meaning the anti-spam movement, collectively) should have all of his new IP's blocked (this is kind of inevitable, especially with him posting on NANAE and thereby highlighting himself to everyone) and he's blocked on the "right-hand side" as well at RFCI: http://www.rfc-ignorant.org/tools/lookup.p...ain=spamis.info There might be a trickle of new IP's in use on every one of the 22 installments he plans to send but it shouldn't be too hard at all to keep up with. Link to comment Share on other sites More sharing options...
btech Posted August 13, 2005 Share Posted August 13, 2005 Here's a few I did: http://www.spamcop.net/sc?id=z795364728z3e...e93d2a382add1cz I've had about 10 in the past 4 days. Is there an addy [at] MS we can forward them to? The only one I know is 'piracy' and I doubt they care about this spammer. I was thinking about callin the phone number in the email, since it's supposedly here in Seattle where I am... Link to comment Share on other sites More sharing options...
acebirddog Posted August 17, 2005 Share Posted August 17, 2005 Well Soloway must have read this because he is hammering me with his stupid spamis junk and using my main e-mail address as the from... The bounces have stopped however. He seems to have changed the e-mail some. It is still stupid useless rambling. He does not even know how to use proper English. Return-Path: <xxx> Received: from host2.lifetimewebsites.com (root[at]localhost) by xxxxx.com (8.12.10/8.12.10) with ESMTP id j7H90Rv2000949 for <xxxxxxxx>; Wed, 17 Aug 2005 05:00:27 -0400 X-ClientAddr: 130.94.132.69 Received: from whatsup.splitinfinity.net (whatsup.splitinfinity.net [130.94.132.69]) by host2.lifetimewebsites.com (8.12.10/8.12.10) with SMTP id j7H90Cfc032733 for <xxxxxxxx>; Wed, 17 Aug 2005 05:00:18 -0400 Date: Wed, 17 Aug 2005 05:00:12 -0400 Message-Id: <200508170900.j7H90Cfc032733[at]host2.lifetimewebsites.com> From: xxxxxxxx To: xxxxxxxxxx Subject: Fw: interesting microsoft news article... X-Lifetime-Websites-MailScanner-Information: Please contact Lifetime Websites for more information X-Lifetime-Websites-MailScanner: Not scanned: Please contact Lifetime Websites for details X-Lifetime-Websites-MailScanner-SpamScore: 4 X-MailScanner-From: ace X-spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on host2.lifetimewebsites.com X-spam-Level: * X-spam-Status: No, hits=1.3 required=5.0 tests=LINES_OF_YELLING, MAILTO_TO_SPAM_ADDR,NO_REAL_NAME autolearn=no version=2.63 130.94.132.69 is an open proxy REPORT Link to comment Share on other sites More sharing options...
btech Posted August 18, 2005 Share Posted August 18, 2005 Yea, I got 3 from him today, but what has me puzzled is how the FROM and TO were both my email address, but in the report, it's an "X" http://www.spamcop.net/sc?id=z797427008zcf...e97c0f1ff1d39fz Link to comment Share on other sites More sharing options...
Wazoo Posted August 18, 2005 Share Posted August 18, 2005 Yea, I got 3 from him today, but what has me puzzled is how the FROM and TO were both my email address, but in the report, it's an "X" 31797[/snapback] Go to your www.spamcop.net page, follow the Preferences link. Under Report Handling Options, there's a checkbox for spam Munging with a bit of an explanation. Assumedly, your current setting is Obscure identifying information Link to comment Share on other sites More sharing options...
btech Posted August 18, 2005 Share Posted August 18, 2005 that's the thing, I turned off munging over a year ago, because I didn't see the need. That's why I'm soooo confused. All three of the email from this fool did the same thing and since I have my own domain name whitelisted, the email got into my inbox, but when I reported it, I saw only "X"s Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 18, 2005 Share Posted August 18, 2005 that's the thing, I turned off munging over a year ago, because I didn't see the need. That's why I'm soooo confused. All three of the email from this fool did the same thing and since I have my own domain name whitelisted, the email got into my inbox, but when I reported it, I saw only "X"s 31801[/snapback] For me, the parse has been showing me the "x" for a while now, but if you look at the reports, the email address is showing. I actually see this as a feature so that when you post a tracking URL, it will not show your email address in that link. Link to comment Share on other sites More sharing options...
acebirddog Posted August 19, 2005 Share Posted August 19, 2005 I got about 8 of these SPAMIS rants last night. All of them have my email address as the from and to. I have read several other people on the internet are getting the same thing as well. I would like to thank Soloway for service on my joe and for making me understand that spammers are truely pieces of dirt that do not respect any rules we have for conduct on the Internet. I get this picture of him in my mind, 400 pound geeky looking I.T. person that never showers. Probably never comes out of that appartment in Washington. BTW - That phone number on his registrar info is for some law firm. They have never heard of him. More reason to send him to jail. Keep up your SPAMIS rant jerky boy. You are ticking off a pit bull that will bite back. Link to comment Share on other sites More sharing options...
m3mn0ch Posted August 19, 2005 Share Posted August 19, 2005 [HELP ME PLEASE !!! I have been receiving large amounts of SPAMIS emails, as well as other spam that from google searching apparently comes from the same spammer. Recently, using email dns traces, i sent out a number of emails to suspect ip address' criticising the people for sending the SPAMIS emails for being hypocrites. Now i am receiving large amounts of SPAMIS spam emails to my 2 main email address' on my domain-name "chris[at]nurv.com.au" & "admin[at]nurv.com.au", and the sender address on all the emails now is my 2 email adress' as above, obviously spoofed. I presume that some of my emails got through to the people behind the spam and now i am being personally targeted. Is there anything I can do to stop the now flood of spam i am receiving from the "SPAMIS" person. I am desperate as to what to do. Any advice or referalls welcome. I have done numerous google searches looking for a solution and am posting this message to a number of sites in the hope someone can offer some advice to help me. You can email me on "chris[at]nurv.com.au". Thankyou for your time. Chris Richards, Australia Edit: Moderator munged posted email addresses to help avoid future spam to them. Link to comment Share on other sites More sharing options...
btech Posted August 19, 2005 Share Posted August 19, 2005 the only thing you can do is to make up a new email address OR institute a 'verify' system in your email, so only people that reply a second time will get through. Link to comment Share on other sites More sharing options...
StevenUnderwood Posted August 19, 2005 Share Posted August 19, 2005 OR institute a 'verify' system in your email, so only people that reply a second time will get through. 31823[/snapback] NOOOOOOOOOOOOOOOOOOOOOOOOOO!!!!!!! This is called Challenge/Response and if you search on those 2 words, you will find plenty of problems, including getting blacklisted because the challenge you are sending out ends up going to a spamtrap somewhere. Link to comment Share on other sites More sharing options...
acebirddog Posted August 19, 2005 Share Posted August 19, 2005 Create a filter that sends any thing with the word SPAMIS in it to the trash or forward to your domains blackhole. POOF - problem gone. I did this myself. Dont see his crap anymore. Link to comment Share on other sites More sharing options...
Jeff G. Posted August 19, 2005 Share Posted August 19, 2005 institute a 'verify' system in your email, so only people that reply a second time will get through.31823[/snapback] SpamCop doesn't recommend such CR (Challenge/Response) systems - they are now considered abusive and reportable by SpamCop per the "Messages which may be reported" section of On what type of email should I (not) use SpamCop? and the Challenge/response spam filtering section of Why are auto-responders (and delayed bounces) bad?. Link to comment Share on other sites More sharing options...
acebirddog Posted August 5, 2006 Share Posted August 5, 2006 http://www.solowaysucks.net/ Keep it up Boobie! ROBERT ALAN SOLOWAY SUCKS Link to comment Share on other sites More sharing options...
Jank1887 Posted August 7, 2006 Share Posted August 7, 2006 yeah.. that'll work. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.