Jump to content

Reports are not being sent (yes we signup for ISP)


ErPlease

Recommended Posts

Posted

SpamCop Support Personal

We could use some assistance in this matter.

We recently sent over several servers to the interland datacenter for the purposes of co-location,

however their IP's are not portable and we are currently unable to update the ARIN registration information.

Therefore our contact information cannot be listed, hence we are unable to receive any spamcop reports

generated from within our network.

Currently when looking up one of our ip's via this URL

http://www.spamcop.net/sc?track=66.40.20.34

The following information is displayed.

Parsing input: 66.40.20.34

host 66.40.20.34 = mx02.erplease.com (cached)

Reporting addresses:

abuse[at]interland.com

abuse[at]interland.net

--

We've signup for an ISP account via SpamCop URL http://www.spamcop.net/fom-serve/cache/94.html.

We are currently receiving [spamCop summary report], however we are not receiving detail information

ie, the MESSAGE Subject, Message Body or any "particular" useful information in determining

which particular recipient reported us for commercial email advertisements.

My question:

How can our contact information be listed on the below URL, whereas when someone

reports us for commercial advertisements, spamcop would forward the complaint to our

particular abuse department as well as our upstream provider's abuse department?

So for example, when we check this URL

http://www.spamcop.net/sc?track=66.40.20.34

It would also include the reporting addresses as

abuse[at]erplease.com

OR, how can we get a copy of the reports generated from any of our particular ip’s ‘even though our ARIN registration information is not on file?

On another note, when checking our IP against this url

http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34

It indicates the reporting address to be correct, however we have never received any reports, but we are listed in the spamcop database.

Posted
On another note, when checking our IP against this url

http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34

It indicates the reporting address to be correct, however we have never received any reports, but we are listed in the spamcop database.

34910[/snapback]

You are listed (as you probably read) primarily for spamtrap hits and a number of user reports. Those user reports COULD be mistakes because of the listing due to spamtrap hits. SOMETIMES, people do not check their held mail closely enough. Please figure out the cause of the spamtrap hits first as they are scaled much higher in the calculation.

P.S. This passage:

or any "particular" useful information in determining

which particular recipient reported us for commercial email advertisements.

reeks of whtelisting (removing the complainers rather than cleaning the list properly) which is not looked upon kindly here.

Report History:

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 2:15:22 PM -0400:

Access America's Largest Music Network

1540277621 ( 66.40.20.34 ) To: abuse[at]interland.net

1540277614 ( 66.40.20.34 ) To: abuse[at]interland.com

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 12:18:44 PM -0400:

Access America's Largest Music Network

1540197385 ( 66.40.20.34 ) To: abuse[at]interland.com

1540197370 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 9:42:34 AM -0400:

Access America's Largest Music Network

1540072298 ( 66.40.20.34 ) To: abuse[at]interland.com

1540072297 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 8:13:36 AM -0400:

Access America's Largest Music Network

1539997069 ( 66.40.20.34 ) To: abuse[at]interland.com

1539997067 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 7:53:50 AM -0400:

Access America's Largest Music Network

1539981918 ( 66.40.20.34 ) To: abuse[at]interland.com

1539981917 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 5:06:41 AM -0400:

Access America's Largest Music Network

1539866633 ( http://mx02.erplease.com/u?id=3993711c&o=158&c=... ) To: mole[at]devnull.spamcop.net

1539866632 ( http://erplease.com/ss/2/ ) To: mole[at]devnull.spamcop.net

1539866631 ( 66.40.20.34 ) To: mole[at]devnull.spamcop.net

--------------------------------------------------------------------------------

Submitted: Wednesday, October 26, 2005 3:43:08 AM -0400:

*** spam *** Access America's Largest Music Network

1539832691 ( Forwarded spam ) To: [concealed user-defined recipient]

1539832690 ( Forwarded spam ) To: [concealed user-defined recipient]

1539832687 ( 66.40.20.34 ) To: [concealed user-defined recipient]

1539832685 ( http://mx02.erplease.com/u?id=4236369y&o=158&c=... ) To: abuse[at]interland.com

1539832684 ( 66.40.20.34 ) To: abuse[at]interland.com

1539832683 ( http://mx02.erplease.com/u?id=4236369y&o=158&c=... ) To: abuse[at]interland.net

1539832682 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Tuesday, October 25, 2005 11:30:24 PM -0400:

Access America's Largest Music Network

1539669504 ( 66.40.20.34 ) To: abuse[at]interland.com

1539669498 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Tuesday, October 25, 2005 11:09:54 PM -0400:

Access America's Largest Music Network

1539655432 ( http://erplease.com/ss/2/ ) To: abuse[at]algx.net

1539655416 ( 66.40.20.34 ) To: spamcop[at]imaphost.com

1539655408 ( http://mx02.erplease.com/u?id=4152815e&o=158&c=... ) To: abuse[at]interland.com

1539655407 ( 66.40.20.34 ) To: abuse[at]interland.com

1539655400 ( http://mx02.erplease.com/u?id=4152815e&o=158&c=... ) To: abuse[at]interland.net

1539655395 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Submitted: Tuesday, October 25, 2005 8:20:06 PM -0400:

Access America's Largest Music Network

1539646238 ( http://erplease.com/ss/2/ ) To: abuse[at]algx.net

1539646237 ( 66.40.20.34 ) To: spamcop[at]imaphost.com

1539646236 ( http://mx02.erplease.com/u?id=3705959t&o=158&c=... ) To: abuse[at]interland.com

1539646235 ( 66.40.20.34 ) To: abuse[at]interland.com

1539646230 ( http://mx02.erplease.com/u?id=3705959t&o=158&c=... ) To: abuse[at]interland.net

1539646226 ( 66.40.20.34 ) To: abuse[at]interland.net

--------------------------------------------------------------------------------

Posted

Interesting query, seeing as I've been going back and forth with some folks about a specific FAQ entry that used to document the "parsing decision process" involved with selecting the target for a report/complaint ... this data was 'commented out' after some procedural changes ... I had suggested that the old data be separated out, updated and added as a new entry into the "official" FAQ ... such that I could add it to the the various FAQ versions made available here .... let me point out the obvious .. this hasn't happened yet ....

Issue #1: http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34

66.40.20.34 listed in bl.spamcop.net (127.0.0.2)

Causes of listing

System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop)

SpamCop users have reported system as a source of spam about 10 times in the past week

Listing History

System has been listed for 2.4 days.

Looking for potential administrative email addresses for 66.40.20.34:

207.155.248.93 is an mx ( 10 ) for mx02.erplease.com

207.155.248.93 is an mx ( 10 ) for erplease.com

hmmmm, http://www.mxtoolbox.com/index.aspx lookup for erplease.com says;

ns2.cnchost.com reports the following MX records:

Preference Host Name IP Address

10 hood.cnchost.com 207.155.252.6

20 audacious.cnchost.com 207.155.252.66

30 intrepid.cnchost.com 207.155.248.50

40 iphigenia.cnchost.com 207.155.252.54

50 impregnable.cnchost.com 207.155.252.95

60 unicorn.cnchost.com 207.155.248.93

10/26/2005 3:00:39 PM Central Standard Time

Anyway, back to issue 2:

http://www.senderbase.org/?searchBy=ipaddr...ing=66.40.20.34

Volume Statistics for this IP

Magnitude Vol Change vs. Average

Last day ........ 4.9 .. 11355%

Last 30 days .. 3.7 .... 722%

Average ........ 2.8

For the "immediate" issue, is this increase due to the recent "movement" or are these numbers indication a serious situation? These types of number usually indicate that spammers have more control of that server than the Admins ....

Date of first message seen from this address 2005-10-22 suggests that it might be the move ...????

(I was going with the possibility that Interland may have given you a dirty IP range, but .. while typing this, I see StevenUnderwood posted some examples of spam, which are dated "after" your apparnet move .... doesn't seem to be Interland at fault in this case.)

Item 3: This display suggests that "you" are in control of a /24 which used to be one decision point on where reports ended up. However, there were and are other items of interest ... for instance;

10/26/05 15:15:25 whois erplease.com

Registrant:

Now 30

Spiegelburgring 4

Bellheim, Bellheim 76756

DK

Domain Name: ERPLEASE.COM

Administrative Contact, Technical Contact:

Now 30 memailnow04[at]yahoo.com

Spiegelburgring 4

Bellheim, Bellheim 76756

DK

43 098 8372

Record expires on 27-Apr-2007.

Record created on 27-Apr-2005.

Database last updated on 26-Oct-2005 16:15:30 EDT.

Domain servers in listed order:

NS1.CNCHOST.COM 207.155.248.5

NS2.CNCHOST.COM 207.155.252.5

The lack of an abuse address, the "yahoo" address for an Admin account .. well, that just kind of takes one out of the pool for norml consideration by the parser to "see" you as an appropriate contact. I've not checked, but have you listed with abuse.net yet (anoher decision point)?

One could try posting an "over-ride" requests over in news://news.spamcop.net/spamcop.routing, but based on the above, that probably wouldn't be granted directly, perhaps a third-party addition ... but not my call ... Numerous FAQs available if you want to do more research, grab another "Contact Us" address ... try the "Start here ... Before you post" link that you probably skipped over to make this post ...

Thanks for showing up and once again demonstrating that this is in fact a FAQ (Frequently Asked Question) ... ???

Posted

Of course, the facts that http://www.erplease.com/ is completely devoid of content, Google's cache of it is nearly empty, and that the domain already has four hits on NANAS since it was registered in April do not inspire confidence, either.

Furthermore, the facts that spammed URL http://erplease.com/ss/2/ is still alive and functions as a 0-second META HTTP-EQUIV=Refresh redirector to http://musicinc.cc/click.php?APID=216&affID=0000240&link=1, which goes on to function as a 302 redirector to http://www.musicinc.cc/click.php?APID=216&...=0000240&link=1, which goes on to function as a 302 redirector to http://myaffiliateads.com/click.php?APID=2...0000240&link=1&, which goes on to function as a 302 redirector to http://www.imusicsearch.com/indexa.htm?affID=0000240, and that spammed URL http://mx02.erplease.com/u?id=4236369y&o=158&c=f&l=* is still alive, is a coded unsubscribe URL, and functions as a 302 redirector to http://mx02.erplease.com/subscribe/unsubsc...%2A&w=&a=&o=158 frankly inspires disgust.

Your abuse of your Yahoo! account has been reported.

Posted

Not "giving", just "adding to". From iMusicSearch.com's Term's and Conditions:

SUBSCRIPTION E-MAILS

iMusicSearch is a direct marketer that delivers email messages to its subscribers. All information voluntarily provided to iMusicSearch by a registrant may be used to support our marketing partner’s data services business. These services include the provision of personally identifiable data to marketing companies, advertising agencies, data compilers, data companies, and, to the extent permitted by law, individual reference, email marketers and look-up service programs. Such information may be used by such companies to provide users via email with information on products and services that may be of interest to them.

At least they tell you up front that they give your info to anyone and everyone. But it is right alongside their Privacy Policy stating:
Use and Disclosure of Data

iMusicSearch.com does not sell or rent personally identifying information. iMusicSearch.com does not disclose personally identifying information to anyone that iMusicSearch.com is not authorized to do so.

And on their Affiliate Sign-up page, we see:
3. Email Marketing - One of the most popular ways for affiliates to promote the site and make sales.  Our site is run on a dedicated bulk friendly server so it is ok to send opt in emails.
Well, at least they specify "opt in" emails, and not opt-out, double-opt-in, double-tripple-we-know-you-really-meant-it-opt-in, you're-third-cousin-once-removed-accidentally-signed-up-so-we-know-you'll-want-this-too-opt-in, or you-have-an-email-address-and-we-found-it-so-too-bad-opt-in.
Posted

I looked at that also. they are very spam friendly and at first I was thinking ErPlease was just them but it seem from some public sightings that ErPlease is just another spammer that wants to get the Spamcop reports for listwashing.

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...