Multiple daily spams from bezeqint.net -- help?

[geofan49]

I get 5 or more similar spams per day from bezeqint.net, originating from several new, different email addresses each day, but an IP address for bezeqint.net is always involved.

This spam is coming in via several internal company mailing lists or aliases. The spammers may have queried the mail server to harvest these addresses some time ago. This has been going on daily for many, many months.

The spams contain no way to unsubscribe, no links, not even a valid email address. The originators are often from yahoo, hotmail, or other free email addresses or obscure ISPs. Sometimes headers are forged. Their purpose seems to be publishing stock tips. WHY would anyone be interested in anonymous (and suspicious) stock tips? Why do the spamers persist?

It appears that the spammer makes a business of signing up for free email addresses, and sending out their volumes of spam. Then they quit using the addresses, and repeat that HIT-AND-RUN procedure several times a day, with new originating email addresses.

The originating mail usually comes from:

88.155.177.23 or other IP addresses that all get reported to: abuse[at]bezeqint.net, an ISP loacated in Israel?

There are always several new, different email originator addresses each day, but abuse[at]bezeqint.net is always on the reporting list in SPAMCOP.

For about two weeks now, I have reported this spam on SPAMCOP.net, about once a day, for one or two of the originating email addresses, but to no avail. I have marked it as spam in GMAIL, also to no avail. Still getting five or six similar spams per day.

Should I continue to report these to SPAMCOP.NET?

How often? Daily?

How many per day? (There are different originators, but bezeqint.net is always in the mix.) Should I report daily for each different originating address, or just once per day for bezeqint?

What does it take to shut off this kind of spam?

[Wazoo]

Why the focus on the From: addresses? No one around here really pays that much attention to that line as it's pretty well known that even if the address is 'valid' it probably wasn't sent by that person.

Every valid report counts as part of the math model for a SpamCopDNSBL listing .. whether the receiving ISP takes any action or not .... What I believe I'm hearing you say is that you are not using any tools that would take advantage of any/all of your (and other people's) reporting actions.

I recently posted a link about 'stock' spams in the Lounge area ... a researcher states that it does still work ... bottom line, stupid prople are everywhere ....

[geofan49]

...Every valid report counts as part of the math model for a SpamCopDNSBL listing .. whether the receiving ISP takes any action or not .... What I believe I'm hearing you say is that you are not using any tools that would take advantage of any/all of your (and other people's) reporting actions.

Does Yahoo or Gmail use the SPAMCOP database?

Does reporting daily for two weeks do any good, or does the IP addr still get forgiven every 24 hours?

[Wazoo]

Does Yahoo or Gmail use the SPAMCOP database?

Technically, how would anyone 'here' know the answer to that? One would give to imaging that as often as their output servers end up on the SpamCopDNSBL and that 'they' say it's all SpamCop.net's fault .. it would seem a bit odd if they were ....

On the other hand, POP/Forward stuff to another account using the SpamCopDNSBL, either at the ISP or something like SpamAssassin / SpamPal on your own system ...????

Does reporting daily for two weeks do any good, or does the IP addr still get forgiven every 24 hours?

Missing so much of the data found in the FAQ, actually asking a bit of a bad question .... focus on a specific IP address for instance and work with / research that .... read what data is provided in the SpamCop FAQ, the most 'complete' form of that thing is found right here ...

[turetzsr]

<snip>

The spams contain no way to unsubscribe, no links, not even a valid email address.

<snip>

...Most fortunate for their spam victims! Trying to unsubscribe, click on a link, or send to an e-mail address one gets from a spam is a good way of ( a ) cluing in the spam community to the fact that one's e-mail address is valid and the addressee actually opens the spam, ( b ) spamming yourself, as the e-mail address in the spam may be an innocent bystander or both ( a ) and ( b ).

WHY would anyone be interested in anonymous (and suspicious) stock tips? Why do the spamers persist?

<snip>

...See information on Pump and Dump schemes.

For about two weeks now, I have reported this spam on SPAMCOP.net, about once a day, for one or two of the originating email addresses, but to no avail. I have marked it as spam in GMAIL, also to no avail. Still getting five or six similar spams per day.

...Quite likely, if you check the SpamCop parser output (with "Show technical data" account preference set to on) you'll see different IP addresses as the source. Either that, or the IP address is the source of so much e-mail that the spam volume is not sufficient to get it listed in the SpamCop blacklist. Or you (or your provider) aren't using the SCBL to filter spam. See SpamCop FAQ item What Is on the List? for more information on what gets an IP address listed.

Should I continue to report these to SPAMCOP.NET?

How often? Daily?

How many per day? (There are different originators, but bezeqint.net is always in the mix.) Should I report daily for each different originating address, or just once per day for bezeqint?

...All you wish, as many as you have the time and inclination to report. The more reports, the more likely the IP addresses that are the spam sources are to get added to the SpamCop blacklist, per the aforementioned SpamCop FAQ article What Is on the List?

What does it take to shut off this kind of spam?

...The administrators of the provider(s) responsible must care enough about being good network citizens that they determine and shut down the cause of the spam going out through their machine(s).

[geofan49]

It wasn't clear to me if it was OK to report each spam each day, if they originated from the same ISP.

Thanks for the explanations.

What is the SpamCop Blocking List (SCBL)?

...With only two reports against an IP address, the SCBL will list the IP address for a maximum of 12 hours after the most recent reported mail was sent.

The SCBL will not list an IP address if there are no reports against it within 24 hours...

Seems like submitting at least THREE per day could help... but depends on how much volume of non-spam gets sent from that same IP addr to determine if it gets on the SCBL or not.

Reporting spam to SpamCop is not as effective as I had expected it would be. It did seem like I was getting some revenge by reportingl that spam, but probably not, unless a lot of others are reporting it also.

After googling bezeqint spam abuse it seems like abuse reports to them do not get attention.

[Miss Betsy]

Reporting spam to SpamCop is not as effective as I had expected it would be. It did seem like I was getting some revenge by reportingl that spam, but probably not, unless a lot of others are reporting it also.

Reporting spam to spamcop is effective in two ways - one if you use the spamcop blocklist for filtering spam and two it does alert some admins to problems with their systems. Even the best of us make mistakes, for instance, like forgetting to turn off relaying when re-installing. A spamcop report alerts them to fix their mistake before they send enough spam to get on other blocklists since spamcop is aggressive. And it also 'educates' server admins who don't keep up with current 'netiquette' - like misdirected bounces.

For individuals who neither run servers nor use the spamcop email service, it only gives one a feeling that one is doing 'something' about spam. Every spam you submit contributes to the blocklist. Rarely, you actually help a server admin. The use of blocklists first got ISPs to use TOS's and AUPs and got them to find ways to prevent spammers so that spammers had to go to using trojans. In a while there won't be any responsible admin who will use email bounces to the return path.

<soapbox> If more people used blocklists, then few ordinary users would have problems with spam. The problem is that ISPs won't use blocklists because they think ordinary people can't understand why their email can't be delivered. So, all Comcast customers are supporting one of the biggest spewers of spam because Comcast won't do anything about the trojanned computers on their system. Since the trojans don't typically use mail servers, other admins block all of comcast except for the mail servers and there is no incentive for Comcast to change. <soapbox>

Miss Betsy

[dent]

SHUT DOWN SERVERS TO SHUT DOWN spam???

I use a program called dc++ and bezeqint.net have their IP all over all the spam/malware bots that enter to spread corrupted malware files. These bots connect from a whole IP range owned by bezeqint.net or a whole IP range owned by fdcservers in chicago (same owners? USA and Israel = same sh** these days).

Hackers are really pissed off and bezeqint continue sending/allowing spam and malware they might risk some terrible attacks on their servers.

As far as I see their whole site is down right now and I would guess thats just the start.

Off course I am against all kinds of attacks or similar myself but I must say they ask for it...

[elvey]

SHUT DOWN SERVERS TO SHUT DOWN spam???

As far as I see their whole site is down right now and I would guess thats just the start.

Off course I am against all kinds of attacks or similar myself but I must say they ask for it...

I know I'm reviving an old thread...

Seems like much bezeqint IP space is totally unreachable from my quadrant of the galaxy (comcast).

http://www.robtex.com/as/as8551.html#bgp shows a whole lot of 'MISSING'

Client fring.com, srv.co.il, and much of 82.80.0.0/20 are unreachable.

Traceroute shows I can't get outside of comcast's network on my way there; normally it would be comcast-level3-bezeqint.

Tests are http://www.dotcom-monitor.com/task_hot_test.asp?id=1 show that fring is consistently unreachable from Florida, Colorado, and Sydney

Or maybe there's something on my current network; I haven't seen this 'till just now:

Google

Sorry...

We're sorry...

... but your computer or network may be sending automated queries. To protect our users, we can't process your request right now.

See Google Help for more information.

[elvey]

Seems like much bezeqint IP space is totally unreachable from my quadrant of the galaxy (comcast).

Next day: Seems to be back up.

Moderator Edit: fixed Quoting Tags, deleted unnecessary duplication in the Quoted material.

[petzl]

88.155.177.23 or other IP addresses that all get reported to: abuse[at]bezeqint.net, an ISP loacated in Israel?

What does it take to shut off this kind of spam?

88.155.177.23

the "cach" or "refresh/show" needed updating/clicking. If you note a lot of reports going to same abuse desk, it often means that abuse address has changed click the "refresh/show" and it will tell SpamCop of new reporting/abuse address

[PNMS]

88.155.177.23

the "cach" or "refresh/show" needed updating/clicking. If you note a lot of reports going to same abuse desk, it often means that abuse address has changed click the "refresh/show" and it will tell SpamCop of new reporting/abuse address

More recent activity from bezeqint.net. I'm getting 2 or 3 spam emails from them. One of them:

http://www.spamcop.net/sc?id=z5943211205zd...2b7d698fd5a964z

[Farelf]

Yes, bezeqint.net is large and quite ineffectual in controlling the (supposed) rogue users, robots and hackers spamming from their network.

Here is but a sample of their performance:

http://www.senderbase.org/lookup/domain/?s...ng=bezeqint.net

Note that many servers there are listed in the CBL. The source in your (fairly sophisticated) example is/was also listed in the CBL as indicated in the parse. The CBL gives detailed information and advice about compromised connections via the listed IP addresses. With SpamCop reports and CBL data (and other) that network has no excuse for their failure to exert control yet they feature large as a spam source for about as long as anyone can remember. Unfortunately there are many more like them, or even worse. As the song goes, "That is the way of the world."

Just keep submitting reports in the hope that those will at least contribute towards listings in the SCbl and through that and other anti-spam measures help keep some of the spam out of (some) people's inboxes some of the time. Actually an awful lot of spam gets blocked these days, one way or another, unseen by human eyes.