Lking Posted November 5, 2005 Share Posted November 5, 2005 I got the following very nice, but incorrect, response to a spam report I submitted. Hello SpamCop user, Our network did not send the email message in question, but we host the website that was adverstised. This message was sent from a bank organization. There was no attempt to disguise the identity of the sender. There was an unsubscribe link included in the email message. The email appears to have been sent from a legitimate organization for legitimate purposes and in an ethical fashion. Our definition of spam is at http://www.SpamRejection.com/whatisspam.htm Everyone has their own definition it seems, however, we believe that ethical email is not spam. If you disagree, please discuss this further with the sender of the email: David Neff ( mailto: dneff[at]bankloans.com ) Mortgage Division of SandHills Bank, SC. FDIC Please let me know if I may assist you further. Thank you. Matt Rainoff Integrated Data Processing, Inc. -- Please use the link below to review the report in question: http://www.spamcop.net/mcgi?action=showhistory;slice=reportid;val=1548140846 Their link to "whatisspam" is selfserving. My response to David was also nice, this time, and along the lines of the gov def in the "can spam" act and that we did not, do not, and WILL NOT have a relationship with them. (Sounds like a Clenton quotation about repations with 'that woman' ). Link to comment Share on other sites More sharing options...
Jeff G. Posted November 5, 2005 Share Posted November 5, 2005 That is not a Tracking URL. Also, please ask Matt Rainoff how the email to you was targeted, and to produce your reply to the confirmation message. Link to comment Share on other sites More sharing options...
Lking Posted November 5, 2005 Author Share Posted November 5, 2005 Jeff, good question. He did respond to the spam report. cut from the header of his message: Thread-Topic: Spamcop report id:1548140846 thread-index: AcXiHw+MCrz54vkzSISvGop5LNSxDQ== From: "Matthew J. Rainoff" <matt[at]idp.net> To: <1548140846[at]reports.spamcop.net> Cc: <dneff[at]bankloans.com>, <pallman[at]bankloans.com> Content-Transfer-Encoding: 8bit As for his reference where did he get that? As for the URL I don't know how to recover it. I didn't save the original message or URL from the report. The id # does point to some information about the report, but I can't figure out how to get back to the URL. But from the id and then <Report History> I see there have been 2 additional reports to pcmatt[at]idp.net this am from others. Link to comment Share on other sites More sharing options...
Jeff G. Posted November 5, 2005 Share Posted November 5, 2005 I'm not sure exactly what you mean by "his reference" in "As for his reference where did he get that?". Please see Getting a Tracking URL from a Report ID, as referenced in the FAQ. Thanks! Link to comment Share on other sites More sharing options...
dbiel Posted November 5, 2005 Share Posted November 5, 2005 Edit: I need to learn to write faster. This was started before the previous two replies were posted. Jeff, http://www.spamcop.net/mcgi?action=showhis...;val=1548140846 looks like a valid report reference that would be sent the "Administrator of network hosting website referenced in spam" I would disagree with Lking reference to "incorrect" I got the following very nice, but incorrect, response to a spam report I submitted. I found the referenced link to a spam definition to actually be quite good, not "selfserving" The email received by Lking probably did not comply with every point, failing any one point makes the message spam. It is also true that too many of us end up reporting "spam" that is not actually spam. We forgot that the party sending the message actually had a right to send it because of something we did in the past (sign up for a sweepstake, request information, have an established relationship with, etc.) The definition of spam is well worth the time needed to read it and gives good food for thought and if applied as stated would define most "spam" as being spam as well as a lot of "legitimate" as spam as well for failing to comply with every point made. spam Defined link to spam Rejection Service by Integrated Data Processing, Inc. Link to comment Share on other sites More sharing options...
Jeff G. Posted November 5, 2005 Share Posted November 5, 2005 Jeff, http://www.spamcop.net/mcgi?action=showhis...;val=1548140846 looks like a valid report reference that would be sent the "Administrator of network hosting website referenced in spam"35545[/snapback] Yes, but for practical purposes, such URLs are only useful for producing Tracking URLs by logged-in Reporters and logged-in Report Recipients specific to those particular Reports - third parties like you and I only see URL trackers and unlinked Report ID Numbers. Link to comment Share on other sites More sharing options...
Lking Posted November 5, 2005 Author Share Posted November 5, 2005 OK let me try to clear up as many of the questions/miss understandings as I can. (What is that old saw 'I know you think you understand what I said, but I don't think you understand what I meant'). Jeff I am sorry to say again No one read the FAQ. Thanks for the guidance the URL is: http://www.spamcop.net/sc?id=z823462561z7d...2958b9458cb02cz dbiel You can discuss the definition of spam all day if you wish. But, the definition referenced by "Rainoff" quoted in #1 of this thread opens everyone with an email address to receiving email from anyone and everyone who wishes to sent mail. It is "selfserving" because his definition lets him send spam like the example pointed to by the URL above. Also I note that from his addy <matt[at]idp.net> he may work for "Integrated Data Processing, Inc." which offers "spam Filtering Service". There was an unsubscribe link included in the email message. There have been more than one threat here about opt-out links in spam. Enough said. It is also true that too many of us end up reporting "spam" that is not actually spam. You can generalize if you wish. However, in this case, as I said in #1, I have not, do not have a relationship with this bank. You may "sign up for a sweepstake, request information, have an established relationship with, etc." as you imply that I have, but I really get off on the insinuation. If you are under 45 years old, I probably wrote my first computer program for $ before you were born. Back to the issue at hand. It is regrettable that I don't have the original message. With that we could address whether the spam was sent to and address harvested from WHOIS, scanning a web page, playing with tables and my ISP or domain, etc. or sent to an addy I really use. Link to comment Share on other sites More sharing options...
Jeff G. Posted November 5, 2005 Share Posted November 5, 2005 I see http://www.spamcop.net/sc?id=z823462561z7d...;action=display as a munged view of the original message - you may see it as unmunged if you login to www.spamcop.net. Link to comment Share on other sites More sharing options...
Lking Posted November 6, 2005 Author Share Posted November 6, 2005 Jeff, Now that is strange. Why would the db store a munged copy when I have "Leave spam copies intact" checked under the spam munging options. But in any case the copy I see logged in or not is munged. Oh well. dbiel I have counted to 10 twice and feel much better now, thank you. I did get on a rant didn't I? No hard feelings I hope. Link to comment Share on other sites More sharing options...
dbiel Posted November 6, 2005 Share Posted November 6, 2005 No hard feelings. As you probably realized when you reread it, that the comments were not directed to you but to all of the rest of us who might read your post in the future. And so I continue in that same thought. The email appears to have been sent from a legitimate organization for legitimate purposes and in an ethical fashion. Our definition of spam is at http://www.SpamRejection.com/whatisspam.htm The key word here is appears. So lets look at their definition of spam:Ethical emails are targeted well towards their audience. Unethical emails are mass mailings sent out blindly to a large number of people. These are emails that are sent to thousands, tens of thousands, even millions of people, hoping against hope that a few dozen will be stupid or greedy enough to respond. These emails are untargeted and will not pertain to the majority of the recipients. Since the majority of the people reading the message (usually upwards of 99%) will simply delete it immediately, this makes the mailing unethical. Looking at the email you received, it seems to me that this part of the definition was not followed, making the message you received spam. Then adding your claim that you did not "sign up" for this type of message, the following part of the definition has not been followed: Ethical mass mailings are double-opt-in. This means after a person signs up for the mailing list, he receives a confirmation message. He must either reply to this message or click a link to activate the mailings to him. Any other form of opt-in is UNETHICAL as it allows people to be subscribed by others or by accident. Yet the message itself does "appear" to meet the requirements of the definition, but that alone is not enough to clearly state wether or not the message is spam. Therefor the response you received was not "incorrect" it simply did not fully address your issue, that the message you received was spam even though it might appear to be otherwise. Link to comment Share on other sites More sharing options...
Wazoo Posted November 6, 2005 Share Posted November 6, 2005 I had a huge posting all done up on following up the leads involved with this particular spam. All was great until I hit the "Submit" button .... Coincidentally, this was just a bit prior to the Forum crashing .... I'll try to recreate what I had before ... and try again .... You are receiving this message as an opt-in subscriber to Smptserve.com or one of our marketing partners. whois -h whois.omnis.com smptserve.com ... Domain Name Owner: Harrisman, John 27 Russel Ave Edgewater, nj 07020 US Administrative Contact: Harrisman, John [JH-996] 27 Russel Ave Edgewater, nj 07020, US Phone: 201-777-9021 Email: bx135[at]hotmail.com Technical Contact: Harrisman, John [JH-996] 27 Russel Ave Edgewater, nj 07020, US Phone: 201-777-9021 Email: bx135[at]hotmail.com Billing Contact: Harrisman, John [JH-996] 27 Russel Ave Edgewater, nj 07020, US Phone: 201-777-9021 Email: bx135[at]hotmail.com Record Information: Domain Record Created: October 29, 2005 00:00 Domain Record Updated: October 30, 2005 18:10 Domain Record Expires: October 29, 2006 00:00 DNS Information: Name Server: dom1.omnis.com Name Server: dom2.omnis.com Just how many "marketing partners might this outfit actually have, noting the shiny registration date ...???? 11/05/05 22:13:51 Slow traceroute Smptserve.com Trace Smptserve.com (216.239.128.70) ... 154.54.1.10 RTT: 74ms TTL: 0 (p2-0.ca01.lax04.atlas.cogentco.com bogus rDNS: host not found [authoritative]) 38.232.82.22 RTT: 80ms TTL: 0 (OmnisNetwork.demarc.psi.net bogus rDNS: host not found [authoritative]) 216.239.131.102 RTT: 76ms TTL: 0 (brdr.firewall.omnis.com ok) * 216.239.131.106 RTT: 83ms TTL: 0 (core.router.omnis.com ok) 216.239.131.250 RTT: 79ms TTL: 0 (fw.omnisnetwork.router.omnis.com ok) * * * failed * * * failed 11/05/05 22:15:54 Browsing http:// Smptserve.com/ Fetching http:// Smptserve.com/ ... <TITLE>Omnis Network - Affordable Web Hosting and Domain Names</TITLE> <META NAME="DESCRIPTION" CONTENT="Web hosting - Affordable web hosting and cheap web hosting. Our wide range of Affordable Web Hosting and Virtual Hosting packages can take care of your site, BIG or small. Cheap web hosting and Virtual hosting."> <META NAME="KEYWORDS" CONTENT="web hosting, affordable web hosting, cheap web hosting, virtual hosting"> Hmmm, domain is parked, so kind of hard to guess whether the e-mail address provided for opting-out would really work or not ... the lack of an actual web-page also seems to make one wonder about all those marketing partners ...??? The difference between the address seen in the WHOIS data vice the address listed in the spam "could" be explained by home/office in different locations, but ....???? whois -h whois.networksolutions.com bankloans.com ... Registrant: Stacy, H. David 4419 Baldwin Avenue Little River, SC 29566 US Domain Name: BANKLOANS.COM Administrative Contact: Stacy, H. David pcmatt[at]idp.net 4419 Baldwin Avenue Little River, SC 29566 US 843-267-6789 Technical Contact: Rainoff, Matthew pcmatt[at]IDP.NET 3905 RAILROAD AVE STE 103LL FAIRFAX, VA 22030-3933 US 703-591-7118 fax: 703-273-5724 Record expires on 16-Apr-2010. Record created on 15-Apr-1997. Database last updated on 5-Nov-2005 23:21:19 EST. Domain servers in listed order: NS1.IDP.NET 65.166.65.5 NS2.IDP.NET 65.166.65.6 Unusual situation in that two different people in two different states are tapping into the same e-mail address, which at first glance would seem to have nothing to do with a bank ...???? How many times have you seen someone pay so far in advance on a Domain name in recent history? 11/05/05 22:25:39 Slow traceroute www. bankloans.com Trace www.bankloans.com (65.166.65.102) ... 144.232.12.149 RTT: 60ms TTL: 0 (sl-bb21-atl-15-0.sprintlink.net ok) 144.232.20.177 RTT: 62ms TTL: 0 (sl-bb21-rly-8-0.sprintlink.net ok) 144.232.25.222 RTT: 150ms TTL: 0 (sl-gw13-dc-0-0.sprintlink.net ok) 144.228.5.158 RTT: 65ms TTL: 0 (sl-idp-4-2.sprintlink.net ok) * * * failed * * * failed 11/05/05 22:31:22 Browsing http: //www. bankloans.com/ Fetching http: //www. bankloans.com/ ... < !-- saved from url=(0057)http:// bankloans. mortgagewebcenter.com/Default.asp?bhcp=1 -- > Too funny, apparently this code was just too good to not use again on this web-page <g> < html>< head>< title>Sandhills Bank On-line Mortgage Center< /title> That's what it says here n the headers of the page, but as one slides down the code, one keeps stumbling over the word "Cobrander" .. apparently, the web-page actually delivered to one's browser is based on just who 'sent' you the 'invite' ..... (Yep, that sounds exactly like what the bank downtown would do alright ....) http://www.senderbase.org/?searchBy=ipaddr...ng=66.33.61.213 .. interestingly enough at present shows this IP as being SpamCopBL listed (apparently just coming off the list) but ... there's a whole bunch of 'missing' data on this SenderBase page .... Anyway, based on all of the above, I would most certainly have that icky feeling that I had been spammed by someone ... and the answer provided above as a response from a "professional" I would call total garbage .. especially based on the above results. There could be absolutely no doubt in anyone's mind that Lking positively, absolutely, just ain't no other way that it could have happened .. went to that non-existent web-site and placed his information into the non-existent blank spots on that non-existent web-page, no doubt also demanding in the non-existent "Comments:' field that he be spammed in the future by any other "marketing partners" that may be interested in an "opportunity" .... Lking should be ashamed <g> Link to comment Share on other sites More sharing options...
Farelf Posted November 6, 2005 Share Posted November 6, 2005 Hmmm, domain is parked, so kind of hard to guess whether the e-mail address provided for opting-out would really work or not ... 35569[/snapback] Well ... If you no longer wish to receive further offers, please send an email with discontinue to: <a href="mailto:support[at]smptserve.com?subject=Discontinue"> support[at]smptserve.com</a><br> - it is of course functional since http://www.dnsstuff.com/tools/mail.ch?doma...40smptserve.com currently returns: Trying to connect to all mailservers: mail.smptserve.com. - 66.33.61.227 [successful connect: Got a good response [250 2.1.5 support[at]smptserve.com ]] ... and from what has been posted above, an excellent reason for Lking's disinclination to touch it with the proverbial 40 foot bargepole. Link to comment Share on other sites More sharing options...
Lking Posted November 6, 2005 Author Share Posted November 6, 2005 Looking at the report history for bankloans.com I see there were 4 reports including mine early today (08:48, 10:10, 11:57, and 12:59 -0500). That won't get them listed for long. Link to comment Share on other sites More sharing options...
Jeff G. Posted November 6, 2005 Share Posted November 6, 2005 I have gotten the following positive result: From: "50Webs Support" <support[at]50webs.com> Sent: Sunday 2005/11/06 06:43 Subject: Re: Fw: Know your options ... > The abuse is accepted, > > URL http://xq417.50webs.com/ is down user account is blocked. > > Regards > 50Webs Link to comment Share on other sites More sharing options...
Lking Posted November 6, 2005 Author Share Posted November 6, 2005 A little(?) effort work Jeff! Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.