Jump to content

Naive suggestion, maybe?


Copywriter

Recommended Posts

Forgive me (technically naive Spamcop user) if this is daft, but...

... Spamcop's battle, to report spam to the spam carriers in the hope that ISPs will crack down somehow on spam-generating criminals, seems to be one without real hope of short or mid-term success.

If you accept the above statement, then read on.

The objective of almost all spammers (9 out of 10 maybe: pump and dump scams are about the only exceptions I see regularly) is to sell real or imagined goods or services. The delivery mechanism for that is almost always a website. Without websites the spammers would not make money, hence spamming would wither and die.

Is there a way to close down spamvertised websites? Those that I have parsed and who-is'ed over the last week or two seem to be hosted by organisations that appear (mostly) to be legitimate web hosts. If they were notifed by a sufficient number of complainants that they were hosting spamvertised sites, would they close them down? If they didn't close them down, is there a web authority that could take sanctions against them (ICANN?).

Having read what Spamcop has to say about not prioritising parsing and reporting of webhosts, as opposed to spam carrying ISPs, I wonder if there is another service we could resort to, which would target the website, rather than the traffic, and thus have a better chance of attacking spammers' revenues.

Or am I way off beam?

Link to comment
Share on other sites

I am also non-technically fluent. However, from what I understand, even if spammer websites are shut down, the spammer can register dozens more and still operate ahead of being shut down.

ICANN will not get involved in the 'policing' of the Internet. Any kind of rules regarding the 'type' of website are too easily corrupted into 'censorship'

The internet is run completely on netiquette - the voluntary cooperation of those who use it to follow certain protocols. It is unique in the modern world that force is not useful on the internet.

IMHO, the reason that spamcop concentrates on the source of email is because blocklists are the natural way to control spam on the internet. After all, if no one received a spam email, the spammer would have to rely on some other way to get people to access his website.

On the internet, saying that you will not accept email from known spam sources, is the etiquette equivalent of Miss Manners 'cut direct' or even using your answering machine as a butler to say 'not at home'. There is no force; it is their choice to continue to support spammers - either directly by giving them access or indirectly by allowing trojanned computers or to not allow those things to happen. The *sender* of the email is the only one who can control spam - if not an ISP, then by choosing an ISP who is competent and responsible.

There are blocklists built on reported spamvertized sites that people do use to keep spam out. If you can use blocklists, then you might investigate that.

Miss Betsy

Link to comment
Share on other sites

Or am I way off beam?

38916[/snapback]

I think you may be off beam... ;)

Where reporters allow their reports to go to hosts of spamvertised websites, then the ISPs concerned are receiving the reports already.

The problem is persuading the ISPs to actually take action despite the volume of reports they receive.

I suppose someone could work on producing a website blocking list but I'd anticipate a great deal more legal action to arise from such an approach.

Andrew

Link to comment
Share on other sites

II suppose someone could work on producing a website blocking list but I'd anticipate a great deal more legal action to arise from such an approach.

Website blocking lists happen all the time with tools like NetNanny and such. They have already fought the legal battle, if there was one. Besides, if the user was the one installing it and/or running it, then there is nothing a blocked website could do. As the sysadmin, its my network, I'm the superuser for the net, and I'll block whatever I want.

We don't use NetNanny or anything with secret lists, but blocking a spammers website would be a good thing to do. I'd at least put up a popup warning that the user is visiting a spammers website to let them know not to buy.

Link to comment
Share on other sites

I for one have given up on reporting websites manually through SpamCop...I have been doing that for too long without any tangible positive outcome. The websites are obviously hosted by clueless ISPs who are happy to host spammers. I am sending the spam to Blue Security, they go after the websites in various ways including reporting criminal activities to the appropriate agencies. That doesn't stop the the spam flow but it is my way of giving those bastards as much grief as possible!

Link to comment
Share on other sites

Website blocking lists happen all the time with tools like NetNanny and such.  They have already fought the legal battle, if there was one.  Besides, if the user was the one installing it and/or running it, then there is nothing a blocked website could do.  As the sysadmin, its my network, I'm the superuser for the net, and I'll block whatever I want.

38935[/snapback]

I may have misled you... I wasn't suggesting that an individual or even a private network could not block spammers websites if so desired. That's little different to an individual choosing not to click on a specific link.

It would, I suggest, be very different for an ISP to install some form of blocklist which selectively blocked access to sites.

Of course it could be done. There are governments that restrict access to websites from outside their country on the basis of content and whether it is perceived as good for the nation.

I for one have given up on reporting websites manually through SpamCop...I have been doing that for too long without any tangible positive outcome. The websites are obviously hosted by clueless ISPs who are happy to host spammers.

I agree that reporting spamvertised URLs is largely a waste of time. Too many are entirely innocent bystanders - I recall at one point CNN and the BBC were regularly included in spammers' junk. The guilty were largely based on servers of their own or with ISPs that were incompetent, unwilling or too snowed under to tackle the problem.

I'd be interested to know whether you feel the Blue Security outfit you refer to is any more effective. But that's a conversation for the Lounge I'm sure <_<

Andrew

Link to comment
Share on other sites

Yet another "rotating DNS / web-host" being documented in http://forum.spamcop.net/forums/index.php?showtopic=5740 ... by the time a complaint gets sent, received, read, the web-page is long gone .....

There is a FAQ "here" about the SURBL use of some SpamCop reporting data.

Some major spammers register Domains by the hundreds, knowing that most will only live for hours. Some are hosted on ISP hosts that either turn a blind eye or charge "special" rates for the 'trouble' caused by this hosting.

No, there is no "world authority" involved in this situation. What needs to happen is to have clueless idiots simply stop reading the spam and sending their money, but ... this seems impossible.

Link to comment
Share on other sites

I am sending the spam to Blue Security, they go after the websites in various ways including reporting criminal activities to the appropriate agencies. That doesn't stop the the spam flow but it is my way of giving those bastards as much grief as possible!

38936[/snapback]

I just checked out that site and it looks like it's good for legit mailing lists, but I don't see how this will help with spammers that harvested you address. If anything, I think this as detrimental as manually opting out on their site, because it shows them the address is valid.

Link to comment
Share on other sites

Actually they use encrypted add for opting out so it never mekes it to the spammers... The spammers if they so wish buy a program which compares their list to the encrypted list, since there are 70,000 names on that list there is no way you can be targetted..But it is somewhat true this is some kind of listwash, and I haven't seen any reduction in spam, on the contrary. However the only consolation is that the spam websites get reported to several agencies...

Report all the spam you receive to Blue Security and allow your Blue Frog to post opt out complaints at spam sites.

Aggregated reports- Blue Security reports spammers to organizations such as the FDA, SEC, Interpol and more.

Link to comment
Share on other sites

However the only consolation is that the spam websites get reported to several agencies...

38965[/snapback]

See that's the thing... I signed up and forwarded several messages in attachment form through SCMail AND individually as I receive them from my 'held' folder, but when I log into Blue's member page, I don't see in "Statistics" that my mail even registers, let alone gets routed to anyone.

Where is the check and balance, so I can see my time and efforts? I'd like to see what this extra work is doing. Any ideas as to where I'd look?

Link to comment
Share on other sites

Is there a way to close down spamvertised websites? Those that I have parsed and who-is'ed over the last week or two seem to be hosted by organisations that appear (mostly) to be legitimate web hosts. If they were notifed by a sufficient number of complainants that they were hosting spamvertised sites, would they close them down? If they didn't close them down, is there a web authority that could take sanctions against them (ICANN?).

38916[/snapback]

I've asked myself the same question many times and have come to the conclusion that it is a waste of time reporting spamvertized or even downright criminal sites to the website host - most spammer chosen hosts (China, Russia, Korea etc), are simply not interested in taking action or are flooded by complaints, mainly the former, I think, resulting in the latter.....

However the registrars are a different matter, (at present!). Where registrars would only in the past occasionally take action on false whois data, I find that there seems now to be a 'new attitude' ™ among registrars, (promoted by the ICANN registration scheme, perhaps??), that seems to have empowered a significant number of them to implement new TOS that empower them to take action purely on reports of spam and/or criminal activity, (although false whois data helps!), especially the criminal activity ones....

As a single example, who hasn't had the Honda-handle money laundering scammer spams? After being flooded by these using Honda-Worldwide.biz I designed a pro-forma, (polite & informative are the watchwords here - you are after their co-operation after all), registrar report to the registrar, (in this case publicdomainregistry), soliciting their help under their TOS and within eight hours the current scammer site was down and I'd had a thank you & 'confirmation of action' report from pdr:

We have received your complaint for spam from ecolifecompany.biz. We are extremely strict and proactive with regards to our terms of usage. Pursuant to our terms of service we have suspended ecolifecompany.biz. We have also sent warnings to the customer, all the contacts and any associated reseller about this domain.

Thank you for contacting our abuse department.

Regards,

PublicDomainRegistry Abuse Team

This doesn't stop the scammers of course, a few days later they re-appeared with a slightly different site honda-equipment.net - similarly shut down within hours, then they re-appeared transmogrified to EcoLife-Company.biz, once again splatted within a couple of hours, then a week later the latest incarnation was ecolifecompany.biz - splatted very quickly as indicated above, (PDR are getting better at this.... :) ). Fortunately these scammers conform to the rules of spammer stupidity by using obvious false whois data and painfully obviously crooked websites....

The thing is, it can be done, (I've had similar success with other registrars), and I do not accept the defeatist argument that "it is pointless closing the sites down as the spammers only create more" - you can easily say the same about website host reporting. I believe in making life as hard as possible for the scammer and spammer - generally it is perfectly possible with the right approach to a cooperative registrar to get a site, (especially one engaged in obvious criminal activity & with false whois data), squashed within hours, helped by spammer stupidity.

The problem is, of course, if everyone started reporting spamvertized websites to the registrars I suspect their new-found present cooperation might quickly evaporate... I tend to do it sparingly only on the obvious criminal fraud ones or if I start getting large numbers from one particular spammer.

Link to comment
Share on other sites

However the registrars are a different matter, (at present!). Where registrars would only in the past occasionally take action on false whois data, I find that there seems now to be a 'new attitude' ™ among registrars, (promoted by the ICANN registration scheme, perhaps??), that seems to have empowered a significant number of them to implement new TOS that empower them to take action purely on reports of spam and/or criminal activity, (although false whois data helps!), especially the criminal activity ones....

38988[/snapback]

How do you determine the correct registrar to report to and how do you document false whois data?

Link to comment
Share on other sites

How do you determine the correct registrar to report to and how do you document false whois data?

38999[/snapback]

I use dnsstuff to derive the domain whois data and if you are lucky the spammer makes it easy with bogus registrant whois data, for instance on the honda-handle/ecolife scams the whois data included UK addresses which I could easily determine were bogus by a UK local look-up, along with non-uk phone codes for the address and invalid postal codes. However, most of the Registrars I've reported to in the last year will take action purely on spam under new TOS's. Needless to say, as with hosts, some are superb, like publicdomainregistry - all credit to them, & others are not so good.

The registrar is listed in the whois data for the relevant website listing, & under ICANN registration terms a registrar contact email address should be listed in the Internic registrar alphabetical listing, although these addresses are not always the best or correct abuse reporting addresses.

Link to comment
Share on other sites

I use dnsstuff to derive the domain whois data and if you are lucky the spammer makes it easy with bogus registrant whois data, for instance on the honda-handle/ecolife scams the whois data included UK addresses which I could easily determine were bogus by a UK local look-up, along

The registrar is listed in the whois data for the relevant website listing, & under ICANN registration terms a registrar contact email address should be listed in the Internic registrar alphabetical listing, although these addresses are not always the best or correct abuse reporting addresses.

39011[/snapback]

Thanks. I've sent a few reports to registrars listed by DNS Stuff whois, but I never was confident that the data there was accurate or current - never got any responses. I've never seen obviously fake registration data (to my eye anyway) - none that was "local" to me and that wouldn't require a great deal more detective work than it was worth.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...