ErPlease Posted October 26, 2005 Posted October 26, 2005 SpamCop Support Personal We could use some assistance in this matter. We recently sent over several servers to the interland datacenter for the purposes of co-location, however their IP's are not portable and we are currently unable to update the ARIN registration information. Therefore our contact information cannot be listed, hence we are unable to receive any spamcop reports generated from within our network. Currently when looking up one of our ip's via this URL http://www.spamcop.net/sc?track=66.40.20.34 The following information is displayed. Parsing input: 66.40.20.34 host 66.40.20.34 = mx02.erplease.com (cached) Reporting addresses: abuse[at]interland.com abuse[at]interland.net -- We've signup for an ISP account via SpamCop URL http://www.spamcop.net/fom-serve/cache/94.html. We are currently receiving [spamCop summary report], however we are not receiving detail information ie, the MESSAGE Subject, Message Body or any "particular" useful information in determining which particular recipient reported us for commercial email advertisements. My question: How can our contact information be listed on the below URL, whereas when someone reports us for commercial advertisements, spamcop would forward the complaint to our particular abuse department as well as our upstream provider's abuse department? So for example, when we check this URL http://www.spamcop.net/sc?track=66.40.20.34 It would also include the reporting addresses as abuse[at]erplease.com OR, how can we get a copy of the reports generated from any of our particular ip’s ‘even though our ARIN registration information is not on file? On another note, when checking our IP against this url http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34 It indicates the reporting address to be correct, however we have never received any reports, but we are listed in the spamcop database.
StevenUnderwood Posted October 26, 2005 Posted October 26, 2005 On another note, when checking our IP against this url http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34 It indicates the reporting address to be correct, however we have never received any reports, but we are listed in the spamcop database. 34910[/snapback] You are listed (as you probably read) primarily for spamtrap hits and a number of user reports. Those user reports COULD be mistakes because of the listing due to spamtrap hits. SOMETIMES, people do not check their held mail closely enough. Please figure out the cause of the spamtrap hits first as they are scaled much higher in the calculation. P.S. This passage: or any "particular" useful information in determining which particular recipient reported us for commercial email advertisements. reeks of whtelisting (removing the complainers rather than cleaning the list properly) which is not looked upon kindly here. Report History: -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 2:15:22 PM -0400: Access America's Largest Music Network 1540277621 ( 66.40.20.34 ) To: abuse[at]interland.net 1540277614 ( 66.40.20.34 ) To: abuse[at]interland.com -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 12:18:44 PM -0400: Access America's Largest Music Network 1540197385 ( 66.40.20.34 ) To: abuse[at]interland.com 1540197370 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 9:42:34 AM -0400: Access America's Largest Music Network 1540072298 ( 66.40.20.34 ) To: abuse[at]interland.com 1540072297 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 8:13:36 AM -0400: Access America's Largest Music Network 1539997069 ( 66.40.20.34 ) To: abuse[at]interland.com 1539997067 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 7:53:50 AM -0400: Access America's Largest Music Network 1539981918 ( 66.40.20.34 ) To: abuse[at]interland.com 1539981917 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 5:06:41 AM -0400: Access America's Largest Music Network 1539866633 ( http://mx02.erplease.com/u?id=3993711c&o=158&c=... ) To: mole[at]devnull.spamcop.net 1539866632 ( http://erplease.com/ss/2/ ) To: mole[at]devnull.spamcop.net 1539866631 ( 66.40.20.34 ) To: mole[at]devnull.spamcop.net -------------------------------------------------------------------------------- Submitted: Wednesday, October 26, 2005 3:43:08 AM -0400: *** spam *** Access America's Largest Music Network 1539832691 ( Forwarded spam ) To: [concealed user-defined recipient] 1539832690 ( Forwarded spam ) To: [concealed user-defined recipient] 1539832687 ( 66.40.20.34 ) To: [concealed user-defined recipient] 1539832685 ( http://mx02.erplease.com/u?id=4236369y&o=158&c=... ) To: abuse[at]interland.com 1539832684 ( 66.40.20.34 ) To: abuse[at]interland.com 1539832683 ( http://mx02.erplease.com/u?id=4236369y&o=158&c=... ) To: abuse[at]interland.net 1539832682 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Tuesday, October 25, 2005 11:30:24 PM -0400: Access America's Largest Music Network 1539669504 ( 66.40.20.34 ) To: abuse[at]interland.com 1539669498 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Tuesday, October 25, 2005 11:09:54 PM -0400: Access America's Largest Music Network 1539655432 ( http://erplease.com/ss/2/ ) To: abuse[at]algx.net 1539655416 ( 66.40.20.34 ) To: spamcop[at]imaphost.com 1539655408 ( http://mx02.erplease.com/u?id=4152815e&o=158&c=... ) To: abuse[at]interland.com 1539655407 ( 66.40.20.34 ) To: abuse[at]interland.com 1539655400 ( http://mx02.erplease.com/u?id=4152815e&o=158&c=... ) To: abuse[at]interland.net 1539655395 ( 66.40.20.34 ) To: abuse[at]interland.net -------------------------------------------------------------------------------- Submitted: Tuesday, October 25, 2005 8:20:06 PM -0400: Access America's Largest Music Network 1539646238 ( http://erplease.com/ss/2/ ) To: abuse[at]algx.net 1539646237 ( 66.40.20.34 ) To: spamcop[at]imaphost.com 1539646236 ( http://mx02.erplease.com/u?id=3705959t&o=158&c=... ) To: abuse[at]interland.com 1539646235 ( 66.40.20.34 ) To: abuse[at]interland.com 1539646230 ( http://mx02.erplease.com/u?id=3705959t&o=158&c=... ) To: abuse[at]interland.net 1539646226 ( 66.40.20.34 ) To: abuse[at]interland.net --------------------------------------------------------------------------------
Wazoo Posted October 26, 2005 Posted October 26, 2005 Interesting query, seeing as I've been going back and forth with some folks about a specific FAQ entry that used to document the "parsing decision process" involved with selecting the target for a report/complaint ... this data was 'commented out' after some procedural changes ... I had suggested that the old data be separated out, updated and added as a new entry into the "official" FAQ ... such that I could add it to the the various FAQ versions made available here .... let me point out the obvious .. this hasn't happened yet .... Issue #1: http://www.spamcop.net/w3m?action=checkblock&ip=66.40.20.34 66.40.20.34 listed in bl.spamcop.net (127.0.0.2) Causes of listing System has sent mail to SpamCop spam traps in the past week (spam traps are secret, no reports or evidence are provided by SpamCop) SpamCop users have reported system as a source of spam about 10 times in the past week Listing History System has been listed for 2.4 days. Looking for potential administrative email addresses for 66.40.20.34: 207.155.248.93 is an mx ( 10 ) for mx02.erplease.com 207.155.248.93 is an mx ( 10 ) for erplease.com hmmmm, http://www.mxtoolbox.com/index.aspx lookup for erplease.com says; ns2.cnchost.com reports the following MX records: Preference Host Name IP Address 10 hood.cnchost.com 207.155.252.6 20 audacious.cnchost.com 207.155.252.66 30 intrepid.cnchost.com 207.155.248.50 40 iphigenia.cnchost.com 207.155.252.54 50 impregnable.cnchost.com 207.155.252.95 60 unicorn.cnchost.com 207.155.248.93 10/26/2005 3:00:39 PM Central Standard Time Anyway, back to issue 2: http://www.senderbase.org/?searchBy=ipaddr...ing=66.40.20.34 Volume Statistics for this IP Magnitude Vol Change vs. Average Last day ........ 4.9 .. 11355% Last 30 days .. 3.7 .... 722% Average ........ 2.8 For the "immediate" issue, is this increase due to the recent "movement" or are these numbers indication a serious situation? These types of number usually indicate that spammers have more control of that server than the Admins .... Date of first message seen from this address 2005-10-22 suggests that it might be the move ...???? (I was going with the possibility that Interland may have given you a dirty IP range, but .. while typing this, I see StevenUnderwood posted some examples of spam, which are dated "after" your apparnet move .... doesn't seem to be Interland at fault in this case.) Item 3: This display suggests that "you" are in control of a /24 which used to be one decision point on where reports ended up. However, there were and are other items of interest ... for instance; 10/26/05 15:15:25 whois erplease.com Registrant: Now 30 Spiegelburgring 4 Bellheim, Bellheim 76756 DK Domain Name: ERPLEASE.COM Administrative Contact, Technical Contact: Now 30 memailnow04[at]yahoo.com Spiegelburgring 4 Bellheim, Bellheim 76756 DK 43 098 8372 Record expires on 27-Apr-2007. Record created on 27-Apr-2005. Database last updated on 26-Oct-2005 16:15:30 EDT. Domain servers in listed order: NS1.CNCHOST.COM 207.155.248.5 NS2.CNCHOST.COM 207.155.252.5 The lack of an abuse address, the "yahoo" address for an Admin account .. well, that just kind of takes one out of the pool for norml consideration by the parser to "see" you as an appropriate contact. I've not checked, but have you listed with abuse.net yet (anoher decision point)? One could try posting an "over-ride" requests over in news://news.spamcop.net/spamcop.routing, but based on the above, that probably wouldn't be granted directly, perhaps a third-party addition ... but not my call ... Numerous FAQs available if you want to do more research, grab another "Contact Us" address ... try the "Start here ... Before you post" link that you probably skipped over to make this post ... Thanks for showing up and once again demonstrating that this is in fact a FAQ (Frequently Asked Question) ... ???
Jeff G. Posted October 26, 2005 Posted October 26, 2005 Of course, the facts that http://www.erplease.com/ is completely devoid of content, Google's cache of it is nearly empty, and that the domain already has four hits on NANAS since it was registered in April do not inspire confidence, either. Furthermore, the facts that spammed URL http://erplease.com/ss/2/ is still alive and functions as a 0-second META HTTP-EQUIV=Refresh redirector to http://musicinc.cc/click.php?APID=216&affID=0000240&link=1, which goes on to function as a 302 redirector to http://www.musicinc.cc/click.php?APID=216&...=0000240&link=1, which goes on to function as a 302 redirector to http://myaffiliateads.com/click.php?APID=2...0000240&link=1&, which goes on to function as a 302 redirector to http://www.imusicsearch.com/indexa.htm?affID=0000240, and that spammed URL http://mx02.erplease.com/u?id=4236369y&o=158&c=f&l=* is still alive, is a coded unsubscribe URL, and functions as a 302 redirector to http://mx02.erplease.com/subscribe/unsubsc...%2A&w=&a=&o=158 frankly inspires disgust. Your abuse of your Yahoo! account has been reported.
Merlyn Posted October 27, 2005 Posted October 27, 2005 A current sample of the "spam" can be seen here: http://dnsbl.net.au/spam/samples/0/0/7/8/6/00786434.txt Senderbase shows Volume Statistics for this IP Magnitude Vol Change vs. Average Last day 5.1 14529% Last 30 days 3.8 723% But thanks for the early warning we have added 66.40.20.0/24 our local blocklists and our partners have been notified along with a few other notable places.
Merlyn Posted October 27, 2005 Posted October 27, 2005 Looks like you are giving imusicsearch.com a very bad name with your spamming. You are affiliate 0000240 right?
Jank1887 Posted October 27, 2005 Posted October 27, 2005 Not "giving", just "adding to". From iMusicSearch.com's Term's and Conditions: SUBSCRIPTION E-MAILS iMusicSearch is a direct marketer that delivers email messages to its subscribers. All information voluntarily provided to iMusicSearch by a registrant may be used to support our marketing partner’s data services business. These services include the provision of personally identifiable data to marketing companies, advertising agencies, data compilers, data companies, and, to the extent permitted by law, individual reference, email marketers and look-up service programs. Such information may be used by such companies to provide users via email with information on products and services that may be of interest to them. At least they tell you up front that they give your info to anyone and everyone. But it is right alongside their Privacy Policy stating:Use and Disclosure of Data iMusicSearch.com does not sell or rent personally identifying information. iMusicSearch.com does not disclose personally identifying information to anyone that iMusicSearch.com is not authorized to do so. And on their Affiliate Sign-up page, we see:3. Email Marketing - One of the most popular ways for affiliates to promote the site and make sales. Our site is run on a dedicated bulk friendly server so it is ok to send opt in emails. Well, at least they specify "opt in" emails, and not opt-out, double-opt-in, double-tripple-we-know-you-really-meant-it-opt-in, you're-third-cousin-once-removed-accidentally-signed-up-so-we-know-you'll-want-this-too-opt-in, or you-have-an-email-address-and-we-found-it-so-too-bad-opt-in.
Merlyn Posted October 27, 2005 Posted October 27, 2005 I looked at that also. they are very spam friendly and at first I was thinking ErPlease was just them but it seem from some public sightings that ErPlease is just another spammer that wants to get the Spamcop reports for listwashing.
Recommended Posts
Archived
This topic is now archived and is closed to further replies.