Spam reports for IP 62.149.13.146 faked!

[SergeiUa]

Moderator edit: this post has been munged to protect sensitive data. A complete copy of the orginal post has been placed in a protected fourm for safe keeping. Link for admin use only

Dear sirs, I turn to you with question - What I have to do, if my IP blocked fifth time by faked spamreport with faked headings!

We do travel email services and send hot offers of touroperator to subscribed for it travel companies emails. So it is not spam, because it is requsted emails by subscribers. Please, we hope for your help. Next I wil place last reports:

Received: from sc-smtp1-bulkmx.soma.ironport.com (sc-smtp1-bulkmx.soma.ironport.com [204.15.82.123])
by colocall.net with ESMTP id k64J.....88743
for <abuse[at]colocall.net>; Tue, 4 Jul 2006 22:34:49 +0300 (EEST)
(envelope-from 1825715.....a17b14[at]bounces.spamcop.net)
Received: from sc-app6.ironport.com (HELO sc-app6.soma.ironport.com) ([204.15.82.25])
  by sc-smtp1-bulkmx.soma.ironport.com with SMTP; 04 Jul 2006 12:34:37 -0700
Received: from [218.11.207.244] by spamcop.net
with HTTP; Tue, 04 Jul 2006 19:34:38 GMT
From: Qwerty <18257....98[at]reports.spamcop.net>
To: abuse[at]colocall.net
Subject: [SpamCop (62.149.13.146) id:182....5498]=?windows-1251?B?IMjZxcwgz8......yNbTICwg0vPw9uj/I..
Precedence: list
Message-ID: <rid_18....15498[at]msgid.spamcop.net>
Date: Tue, 04 Jul 2006 17:33:25 +0300
X-SpamCop-sourceip: 62.149.13.146
X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322)
via [url="http://www.spamcop.net/"]http://www.spamcop.net/[/url] v1.582

[ SpamCop V1.582 ]
This message is brief for your comfort.  Please use links below for details.

Email from 62.149.13.146 / Tue, 04 Jul 2006 17:33:25 +0300
[url="http://www.spamcop.net/w3m?i=z182571549.......544da9076c88d70374e6fz"]http://www.spamcop.net/w3m?i=z1825715498zc.......8d70374e6fz[/url]

[ Additional comments from recipient ]
> spam
[ Offending message ]
Return-Path: <egzotik-owner[at]golden-domes.kiev.ua>
Received: from golden-domes.kiev.ua ([62.149.13.146]) by
          krisha.com.ua ([193.254.220.146]) with ESMTP id
          J1VVC600.50N; Tue, 4 Jul 2006 17:36:20 +0300 
Received: from sympa by golden-domes.kiev.ua with local (Exim 4.62 (FreeBSD))
(envelope-from <egzotik-owner[at]golden-domes.kiev.ua>)
id 1Fxm2e-000HT0-Pu; Tue, 04 Jul 2006 17:36:00 +0300
X-Sympa-To: egzotik[at]golden-domes.kiev.ua
Received: from golden-domes.kiev.ua ([62.149.13.146] helo=Computer01)
by golden-domes.kiev.ua with esmtpa (Exim 4.62 (FreeBSD))
(envelope-from <htm[at]golden-domes.kiev.ua>)
id 1Fxm09-000Gaa-Kl
for x; Tue, 04 Jul 2006 17:33:25 +0300
Message-ID: <01d9______________________a8c0[at]Computer01>
From: "SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
To: "Egzotik" <x>
Subject: =?windows-1251?B?IMjZxcwgz87P09LXyNbTICwg0vPw9uj/IC0iz9PSxdjF0dLC08nSxSDR?=
=?windows-1251?B?IM3AzMgi?=
Date: Tue, 4 Jul 2006 17:33:31 +0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Validation-by: htm[at]golden-domes.kiev.ua
Reply-To: egzotik[at]golden-domes.kiev.ua,"SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
X-Loop: egzotik[at]golden-domes.kiev.ua
X-Sequence: 25
Errors-to: egzotik-owner[at]golden-domes.kiev.ua
Precedence: list
X-no-archive: yes
List-Id: <egzotik.golden-domes.kiev.ua>
List-Archive: <http://golden-domes.kiev.ua/sympa/arc/egzotik>
List-Help: <mailto:sympa[at]golden-domes.kiev.ua?subject=help>
List-Owner: <mailto:egzotik-request[at]golden-domes.kiev.ua>
List-Post: <mailto:egzotik[at]golden-domes.kiev.ua>
List-Subscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=subscribe%20egzotik>
List-Unsubscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=unsubscribe%20egzotik>
Content-Type: text/html;
charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Sender: Sympa Owner <sympa[at]golden-domes.kiev.ua>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- PG1haWxAcHNuLmNvbS51YT4=3D --><HTML><HEAD><TITLE>=D1=E5=E9=F8=E5=EB=FB=
! (=CF=F0=EE=EC=E5=ED=E0=E4)</TITLE>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dwindows-125=
1">
<STYLE>BODY {


________________________________

----- Forwarded message from Qwerty <1....862395[at]reports.spamcop.net> -----

Received: from sc-smtp3-bulkmx.soma.ironport.com (sc-smtp3-bulkmx.soma.ironport.com [204.15.82.124])
by colocall.net with ESMTP id k65IC....72794
for <abuse[at]colocall.net>; Wed, 5 Jul 2006 21:12:19 +0300 (EEST)
(envelope-from 18.....2395.c2cae4bf[at]bounces.spamcop.net)
Received: from sc-app2.ironport.com (HELO sc-app2.soma.ironport.com) ([204.15.82.21])
  by sc-smtp3-bulkmx.soma.ironport.com with SMTP; 05 Jul 2006 11:12:09 -0700
Received: from [218.11.207.244] by spamcop.net
with HTTP; Wed, 05 Jul 2006 18:12:09 GMT
From: Qwerty <18....62395[at]reports.spamcop.net>
To: abuse[at]colocall.net
Subject: [SpamCop (62.149.13.146) id:182....2395]ÂÀÊÀÍÑÈÈ. ÈÑÏÀÒÓÐ
Precedence: list
Message-ID: <rid_182...2395[at]msgid.spamcop.net>
Date: Wed, 5 Jul 2006 10:55:19 +0300 
X-SpamCop-sourceip: 62.149.13.146
X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
via [url="http://www.spamcop.net/"]http://www.spamcop.net/[/url] v1.582

[ SpamCop V1.582 ]
This message is brief for your comfort.  Please use links below for details.

Email from 62.149.13.146 / Wed, 5 Jul 2006 10:55:19 +0300 
[url="http://www.spamcop.net/w3m?i=z1826862........e4bf04235eabee47b4394f393f5fz"]http://www.spamcop.net/w3m?i=z1826862395zc.....b4394f393f5fz[/url]

[ Additional comments from recipient ]
> spam
[ Offending message ]
Return-Path: <egzotik-owner[at]golden-domes.kiev.ua>
Received: from golden-domes.kiev.ua ([62.149.13.146]) by
          krisha.com.ua ([193.254.220.146]) with ESMTP id
          J1X7G300.BS7; Wed, 5 Jul 2006 10:55:19 +0300 
Received: from sympa by golden-domes.kiev.ua with local (Exim 4.62 (FreeBSD))
(envelope-from <egzotik-owner[at]golden-domes.kiev.ua>)
id 1Fy2GF-000349-D8; Wed, 05 Jul 2006 10:55:07 +0300
X-Sympa-To: egzotik[at]golden-domes.kiev.ua
Received: from golden-domes.kiev.ua ([62.149.13.146] helo=Computer01)
by golden-domes.kiev.ua with esmtpa (Exim 4.62 (FreeBSD))
(envelope-from <htm[at]golden-domes.kiev.ua>)
id 1Fy28C-00028M-25
for x; Wed, 05 Jul 2006 10:46:48 +0300
Message-ID: <0395______________________a8c0[at]Computer01>
From: "SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
To: "Egzotik" <x>
Subject: =?koi8-r?B?9+Hr4e7z6ekuIOnz8OH09fI=?=
Date: Wed, 5 Jul 2006 10:46:56 +0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Validation-by: htm[at]golden-domes.kiev.ua
Reply-To: egzotik[at]golden-domes.kiev.ua,"SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
X-Loop: egzotik[at]golden-domes.kiev.ua
X-Sequence: 27
Errors-to: egzotik-owner[at]golden-domes.kiev.ua
Precedence: list
X-no-archive: yes
List-Id: <egzotik.golden-domes.kiev.ua>
List-Archive: <http://golden-domes.kiev.ua/sympa/arc/egzotik>
List-Help: <mailto:sympa[at]golden-domes.kiev.ua?subject=help>
List-Owner: <mailto:egzotik-request[at]golden-domes.kiev.ua>
List-Post: <mailto:egzotik[at]golden-domes.kiev.ua>
List-Subscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=subscribe%20egzotik>
List-Unsubscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=unsubscribe%20egzotik>
Content-Type: text/html;
charset="koi8-r"
Content-Transfer-Encoding: quoted-printable
Sender: Sympa Owner <sympa[at]golden-domes.kiev.ua>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML xmlns:o =3D "urn:schemas-microsoft-com:office:office"><HEAD>
<META http-equiv=3DContent-Type content=3D"text/html; charset=3Dkoi8-r">
<META content=3D"MSHTML 6.00.2800.1106" name=3DGENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY bgColor=3D#0000ff background=3Dcid:09d601c6914a$f367a060$0b00a8c0[at]kvc=
11>
<DIV> </DIV>

____________________________________________

----- Forwarded message from Qwerty <18......5858[at]reports.spamcop.net> -----

Received: from sc-smtp3-bulkmx.soma.ironport.com (sc-smtp3-bulkmx.soma.ironport.com [204.15.82.124])
by colocall.net with ESMTP id k674F0....069
for <abuse[at]colocall.net>; Fri, 7 Jul 2006 07:15:04 +0300 (EEST)
(envelope-from 1.....858.84e0679d[at]bounces.spamcop.net)
Received: from sc-app5.ironport.com (HELO sc-app5.soma.ironport.com) ([204.15.82.24])
  by sc-smtp3-bulkmx.soma.ironport.com with SMTP; 06 Jul 2006 21:14:54 -0700
Received: from [218.11.207.244] by spamcop.net
with HTTP; Fri, 07 Jul 2006 04:14:55 GMT
From: Qwerty <182....858[at]reports.spamcop.net>
To: abuse[at]colocall.net
Subject: [SpamCop (62.149.13.146) id:1.....5858]=?windows-1251?B?1e7w4uDy6P8u8eLu5OrgLiDs5fHyIC7t4..
Precedence: list
Message-ID: <rid_18.....5858[at]msgid.spamcop.net>
Date: Thu, 06 Jul 2006 16:28:21 +0300
X-SpamCop-sourceip: 62.149.13.146
X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
via [url="http://www.spamcop.net/"]http://www.spamcop.net/[/url] v1.582

[ SpamCop V1.582 ]
This message is brief for your comfort.  Please use links below for details.

Email from 62.149.13.146 / Thu, 06 Jul 2006 16:28:21 +0300
[url="http://www.spamcop.net/w3m?i=z182855585........9dd1cd2185f87f473a42aa1393z"]http://www.spamcop.net/w3m?i=z1828555858z8..........2aa1393z[/url]

[ Additional comments from recipient ]
> spam
[ Offending message ]
Received: by mail.com (mbox x)
 (with Cubic Circle's cucipop (v1.31 1998/05/13) Thu Jul  6 16:31:43 2006)
X-From_: beach-owner[at]golden-domes.kiev.ua Thu Jul  6 16:29:03 2006
Return-Path: <beach-owner[at]golden-domes.kiev.ua>
Received: from golden-domes.kiev.ua (golden-domes.kiev.ua [62.149.13.146])
     by mail.com (8.13.1/8.13.1) with ESMTP id k66DVMO7087351;
     Thu, 6 Jul 2006 16:29:03 +0300 (EEST)
     (envelope-from beach-owner[at]golden-domes.kiev.ua)
Received: from sympa by golden-domes.kiev.ua with local (Exim 4.62 (FreeBSD))
     (envelope-from <beach-owner[at]golden-domes.kiev.ua>)
     id 1FyTwe-000P4R-J6; Thu, 06 Jul 2006 16:29:44 +0300
X-Sympa-To: x
Received: from golden-domes.kiev.ua ([62.149.13.146] helo=Computer01)
     by golden-domes.kiev.ua with esmtpa (Exim 4.62 (FreeBSD))
     (envelope-from <htm[at]golden-domes.kiev.ua>)
     id 1FyTwH-000P3d-3K
     for x; Thu, 06 Jul 2006 16:28:21 +0300
Message-ID: <1a69______________________a8c0[at]Computer01>
From: "SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
To: "beach" <x>
Subject: =?windows-1251?B?1e7w4uDy6P8u8eLu5OrgLiDs5fHyIC7t4C4g6P7r/C4g4i4g4+Dw4O3y?=
     =?windows-1251?B?6PDu4uDt7fv1LiDu8uXr//X+LiAiVG91ciBMYW5kIg==?=
Date: Thu, 6 Jul 2006 16:28:31 +0300
MIME-Version: 1.0
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2800.1106
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1106
X-Validation-by: htm[at]golden-domes.kiev.ua
Reply-To: x,
        "SUSANIN EXPRESS" <htm[at]golden-domes.kiev.ua>
X-Loop: x
X-Sequence: 63
Errors-to: beach-owner[at]golden-domes.kiev.ua
Precedence: list
X-no-archive: yes
List-Id: <beach.golden-domes.kiev.ua>
List-Archive: <http://golden-domes.kiev.ua/sympa/arc/beach>
List-Help: <mailto:sympa[at]golden-domes.kiev.ua?subject=help>
List-Owner: <mailto:beach-request[at]golden-domes.kiev.ua>
List-Post: <mailto:x>
List-Subscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=subscribe%20beach>
List-Unsubscribe: <mailto:sympa[at]golden-domes.kiev.ua?subject=unsubscribe%20beach>
Content-Type: text/html;
     charset="windows-1251"
Content-Transfer-Encoding: quoted-printable
Sender: Sympa Owner <sympa[at]golden-domes.kiev.ua>
X-Virus-Scanned: ClamAV 0.86.2/1586/Wed Jul  5 22:19:47 2006 on mail.com
X-Virus-Status: Clean


This is a multi-part message in MIME format.

------=_NextPart_000_0C0F_01C6A11B.2D1CAA00
Content-Type: text/plain;
 charset="windows-1251"
Content-Transfer-Encoding: base64

Moderator notes continued:

Above post has been edited to protect sensitibve links. Full copy has been saved for admin use

Admin may wish to further edit or remove main body of post for security reasons.

Note also place into a codebox to shorten post.

[Farelf]

First things first - you/someone should immediately take out those links to network administrator response pages - the ones with spamcop.net/w3m? in them. Any passer-by could start using those things. Just put in the link to the tracking url instead - post in the link from "Show how SpamCop traced this message" instead - like http://www.spamcop.net/sc?id=z991258309zad...b4fb9cf8bfa775z

With those links in place you do not need to paste in the "offending message". Hopefully someone can address your request for help but fix the post now.

[dbiel]

Post number 1 has been edited for security reason.

This type of post really should not be posted in the forums

The admin receiving the message should click on the link in the original message that looks like the following:

[ SpamCop V1.582 ]

This message is brief for your comfort. Please use links below for details.

Email from 62.149.13.146 / Tue, 04 Jul 2006 17:33:25 +0300

http://www.spamcop.net/w3m?i=z1825715498zc...76c88d70374e6fz

Note this link has also been munged for security reasons

Clicking on that original link will take you to the SpamCop admin site which can much better assist you with your problem.

Thank you for taking the time to respond, but we regrettably must redirect you for both security reasons and to be able to provide official support as these forum are actually designed for more user to user support.

[Miss Betsy]

Dear sirs, I turn to you with question - What I have to do, if my IP blocked fifth time by faked spamreport with faked headings!

We do travel email services and send hot offers of touroperator to subscribed for it travel companies emails. So it is not spam, because it is requsted emails by subscribers. Please, we hope for your help. Next I wil place last reports:

Are you sure that emails are requested by subscribers? You need to have confirmed subscription. The subscriber signs up. You send an email to him. Your email asks him to reply if he wants to subscribe. If he does not answer, you do not send him any more email. If he does reply to your confirmation email, you add him to your list. Then, if you get a spamcop report, you can show spamcop that this person subscribed. You also need to stop sending emails to email addresses that have bounced.

If you do not confirm subscribers by asking them if they want to subscribe, you could be sending emails to people who did not ask for them. You cannot buy lists.

Miss Betsy

[turetzsr]

<snip>

Are you sure that emails are requested by subscribers? You need to have confirmed subscription.

<snip>

...For more information, please check the "SpamCop FAQ" (link near the top left of each of the SpamCop Forum pages) hyperlink labeled "Am I running mailing lists responsibly? Updated!"

[kamaraju]

I would like to add that besides getting confirmation from users who want to subscribe, you should also make the process of unsubscription easy. For example, I know one of my friends has subscribed to a calling card company's newletter by responding to their challenge email. After sometime he got bored with it and wanted to unsubscribe. But there were no instructions as to how to unsubscribe from their lists. We checked the headers of their emails and even there we could not find any unsubscription info. So he finally decided to send it to spam.

raju

[StevenUnderwood]

One last thing, the reports are not fake, they are real reports. The reporter believes this is spam.

If you believe the person requested this email traffic, follow the first link on any report and report this action to the deputies. Reporting messages you requested is against spamcop's rules and is punishable by up to having the account revoked. However, you will need to prove the owner of the address actually made the request. As mentioned here already, that usually consists of a confirmation email the requester returns to you agreeing to accept the messages.