Jump to content

YUM This is Fresh SPAM comment


cre8tvnrg

Recommended Posts

Hi,

I have posted many a source code to SpamCop however todays had an interesting message in it. I copied the portion I found iteresting, here it is:

Tracking message source: 81.63.76.26:

Routing details for 81.63.76.26

[refresh/show] Cached whois for 81.63.76.26 : abuse[at]bluewin.ch

Using abuse net on abuse[at]bluewin.ch

abuse net bluewin.ch = abuse[at]bluewin.ch

Using best contacts abuse[at]bluewin.ch

Yum, this spam is fresh!

81.63.76.26 not listed in dnsbl.njabl.org

81.63.76.26 not listed in dnsbl.njabl.org

81.63.76.26 not listed in cbl.abuseat.org

81.63.76.26 not listed in dnsbl.sorbs.net

81.63.76.26 not listed in relays.ordb.org.

81.63.76.26 not listed in plus.bondedsender.org

81.63.76.26 not listed in query.bondedsender.org

––––––––––––––––

I had never seen the comment 'Yum, this spam is fresh!'

I am assuming SpamCop is confirming it is NEW, and IS spam - I wasn't sure but expected it was so I reported it and reported it to PayPal as well -

Has anyone else received the "Yum" message? I am correct in what I think?

Thanks!

:)

Link to comment
Share on other sites

Yum, this spam is fresh! means that you have reported it shortly after it was received, I believe. which is good because if it is the start of spam run, the IP address can be blocked more quickly. It does NOT confirm that it really is spam. Only the reporter can confirm that it is spam.

Got a giggle out of me the first time I saw it.

Miss Betsy

Link to comment
Share on other sites

Yeah... I have to admit it got a giggle out of me too! I usually just browse the code decipher what I can and make a comment and hit send. When I saw that I had to blink! Love the sense of humor!

By the way - I never get replies confirming that my spam report has been effective in successfully blocking or catching a Spammer... is that asking too much - How do I know my reports are effective. Right now I just paste the source code into the field on SpamCop and press submit, that's the last I hear of it.

Thank for any info!

Link to comment
Share on other sites

By the way - I never get replies confirming that my spam report has been effective in successfully blocking or catching a Spammer

I don't know what kind of account you are using. The default is to NOT receive auto acknowledgments - which is what one usually gets. For the ones who don't care, it doesn't matter anyway.

However, for most spam, the report generally just goes to "feed" the blocklist. You can check the IP address you reported against the blocklist to see if there are any results. some people do; I never have. However, the blocklist is not in real time so that "your" report may not show up immediately.

Most ISP's get a lot of spamcop reports if they get any so it is not really worthwhile to answer each one even if they do cancel the spammer or close the vulnerability.

If you frequent the web forum (or newsgroups), you will see various people wanting to know how to be "unblocked" That's evidence enough for me.

Once in a great while you will get an answer to your report. It is easy to wonder what in the world this is! However, it is only polite to answer. If you are unsure if they just want your email address to listwash, then don't answer from your regular email address. You can ask here what other people think of the response and how to answer it. (you would probably forget whatever instructions I give you before it happens because it happens very rarely nowadays. ISP's are pretty much divided into whitehats and blackhats now).

HTH

Miss Betsy

Link to comment
Share on other sites

I was wondering why spamfighters like spamcop and spamnet do not share their lists. Or at least have all spamfilters forward the spam to a common database. I remember testing a spam filter program which was supposed to forward marked e-mail to spamcop. However it never worked right, it used it's own parsing system which was not recognized as valid by spamcop. It may be more efficient in the end to find a unified system so everybody gets the benefits equally. :blink:

Link to comment
Share on other sites

to know I am the first to report it too

no one said "Yum ..." meant you were "first to report" Again, the "Yum" simply shows that you reported it with two hours of receipt (as depicted from the first valid time stamp, usually from your own ISP) ... The actual report had special verbiage in the Subject line to indicate that it was a possible spam run in progress, suggesting that a quick response from that ISP could terminate the run quickly.

spamcop and spamnet do not share their lists

You've not done enough research, apparently. They don't work the same, don't look for the same thing, and the end purpose of each is different. There's no way to merge non-existent common database data.

find a unified system so everybody gets the benefits equally

thus making getting around the "one system" a hell of a lot easier by the spammers.

Link to comment
Share on other sites

The various listing services each have their own criteria for listing. And they usually want to make sure that the listings are true to their charter.

This usually means that they will either test for a specific set of vulnerabilities, or only accept requests for listing from trusted users. In some cases the "trusted users" are spamtraps that are only known to them.

Spamcop.net submitts I.P. addresses that it has not seen before for open relay testing, that can cause them to be listed in other DNSbls. It used to submit them for open proxy testing, but no longer does.

There are many people trying to build or sell content filters that try to analyze spam, but from my personal observations, most spam can be stopped by using the conservative DNSbls, and local block lists.

The larger the population that shares a content filter algorithm, the less effective that content filter will be, unless all it does is look up the I.P. addresses for URLs in the spam.

Most of the resf of the spam could be detected by looking up the URL referenced in the spam, and see if the I.P. is in a range that the mail server would not accept e-mail from. And not all e-mail would need that check, the check could be flaged by having a bad rDNS, or by having the source I.P. show up in a more aggressive DNSbl.

A group is working on adding this capability to SpamAssasin.

What this will let through is basically Nigerian 419 scams, and pump and dump scams from undiscovered open proxies, or I.P. ranges controlled by spammers.

-John

Personal Opinion Only

Link to comment
Share on other sites

Thanks, I am new at this, still learning, not that I have a lot of time on my hands but I really think more people should get involved in this figh. I thought there is even a push for anti-spam laws. I still have no clue why spammers are out there in the first place. I have been using internet for longer than I can remember, I was aware of hackers, identity theft and the like. I can see a purpose for their crimes, but spam does nothing but cloggs the system, so to me the intent seems purely distructive. As hard as it is to fight them, I was hoping someone could share their insights into the spammer minds. :(

Link to comment
Share on other sites

Interesting, if there are indeed IP ranges controlled by spammers that are identifyable, then you'd think they are eventually turned to the block lists, and become useless. That is another thing that puzzles me, what makes them so resourceful when they don't seem to gain anything from this, other then an emulation of denyal of service attack. :(

Link to comment
Share on other sites

Hi,

I have posted many a source code to SpamCop however todays had an interesting message in it. I copied the portion I found iteresting, here it is:

Tracking message source: 81.63.76.26:

Routing details for 81.63.76.26

[refresh/show] Cached whois for 81.63.76.26 : abuse[at]bluewin.ch

Using abuse net on abuse[at]bluewin.ch

abuse net bluewin.ch = abuse[at]bluewin.ch

Using best contacts abuse[at]bluewin.ch

Yum, this spam is fresh!

81.63.76.26 not listed in dnsbl.njabl.org

81.63.76.26 not listed in dnsbl.njabl.org

81.63.76.26 not listed in cbl.abuseat.org

81.63.76.26 not listed in dnsbl.sorbs.net

81.63.76.26 not listed in relays.ordb.org.

81.63.76.26 not listed in plus.bondedsender.org

81.63.76.26 not listed in query.bondedsender.org

––––––––––––––––

I had never seen the comment 'Yum, this spam is fresh!'

I am assuming SpamCop is confirming it is NEW, and IS spam - I wasn't sure but expected it was so I reported it and reported it to PayPal as well -

Has anyone else received the "Yum" message? I am correct in what I think?

Thanks!

:)

...All the reports I have ever submitted within 72 hours have included that "Yum ..." message!

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...