epgeek Posted November 21, 2006 Share Posted November 21, 2006 How galling that an ISP refuses to hear about subscribers who are blatant spammers?? This morning I was reporting a spammer/phishing crook via spam cop and I saw this note in the spam cop analysis: "ISP does not wish to receive reports regarding http://www.freelotto.com/ - no date available http://www.freelotto.com/ has been appealed previously." These "overseas" lotto's are an old and tired scam, and the fact that the ISP does not want to hear about it seems criminally irresponsible. Where is the cavalry when you need them? If the ISP's look the other way when real crimes are being committed then the problem will only escalate to chaos. Why should the good guys be concerned about vigilante attacks on the bad guys when it is obvious that there is no law on the Internet. Or here is a novel idea, perhaps the government budget that is wasted on do nothing projects like spam[at]uce.com and enforcement[at]sec.gov should be funneled to the good guys at spam Cop who do make a difference with their Blocking Lists.! Link to comment Share on other sites More sharing options...
Wazoo Posted November 21, 2006 Share Posted November 21, 2006 How galling that an ISP refuses to hear about subscribers who are blatant spammers?? This morning I was reporting a spammer/phishing crook via spam cop and I saw this note in the spam cop analysis: "ISP does not wish to receive reports regarding http://www.freelotto.com/ - no date available http://www.freelotto.com/ has been appealed previously." Tracking URL? These "overseas" lotto's are an old and tired scam, Overseas? whois -h whois.opensrs.net freelotto.com ... Registrant: PlasmaNet, Inc 420 Lexington Ave Suite 2435 New York, NY 10170 US Domain name: FREELOTTO.COM Administrative Contact: Registrar, Domain domreg[at]freelotto.com 420 Lexington Ave Suite 2435 New York, NY 10170 US 212-931-6760 Technical Contact: Registrar, Domain domreg[at]freelotto.com 420 Lexington Ave Suite 2435 New York, NY 10170 US +1.2129316760 Registrar of Record: TUCOWS, INC. Record last updated on 28-Sep-2006. Record expires on 04-Nov-2011. Record created on 23-Oct-1996. Domain servers in listed order: UDNS1.ULTRADNS.NET 204.69.234.1 UDNS2.ULTRADNS.NET 204.74.101.1 Domain status: clientDeleteProhibited clientTransferProhibited clientUpdateProhibited 11/21/06 09:04:51 Slow traceroute freelotto.com Trace freelotto.com (64.14.48.101) ... 11/21/06 09:08:20 IP block 64.14.48.101 Trying 64.14.48.101 at ARIN Trying 64.14.48 at ARIN OrgName: Savvis OrgID: SAVVI-2 Address: 3300 Regency Parkway City: Cary StateProv: NC PostalCode: 27511 Country: US OrgAbuseHandle: ABUSE11-ARIN OrgAbuseName: Abuse OrgAbusePhone: +1-877-393-7878 OrgAbuseEmail: abuse[at]savvis.net OrgNOCHandle: NOC99-ARIN OrgNOCName: SAVVIS Support Center OrgNOCPhone: + 1-888-638-6771 OrgNOCEmail: ipnoc[at]savvis.net Or here is a novel idea, perhaps the government budget that is wasted on do nothing projects like spam[at]uce.com and enforcement[at]sec.gov Not sure that I can agree with that at all ... should be funneled to the good guys at spam Cop who do make a difference with their Blocking Lists.! Not that this volunteer would turn down any donations <g> Link to comment Share on other sites More sharing options...
epgeek Posted November 21, 2006 Author Share Posted November 21, 2006 Here is the tracking URL analysis for the sender: Microsoft Mail Internet Headers Version 2.0 Received: from sina.com ([88.20.27.196]) by ep_adminsvr_6.ep.local with Microsoft SMTPSVC(6.0.3790.1830); Tue, 21 Nov 2006 06:59:03 -0600 From: THE FREE LOTTO COMPANY <vtdbvakdgj[at]ibm.com> To: wvanandel <wvanandel[at]exploration.org> Subject: AWARD NOTIFICATIONS X-Priority: 3 X-MSMail-Priority: Normal Reply-To: THE FREE LOTTO COMPANY <vtdbvakdgj[at]ibm.com> mime-version: 1.0 content-type: multipart/mixed; boundary="qzsoft_directmail_seperator" Return-Path: ogfchhsxtb[at]sina.com Message-ID: <EP_ADMINSVR_6kIN4Mm00000711[at]ep_adminsvr_6.ep.local> X-OriginalArrivalTime: 21 Nov 2006 12:59:04.0123 (UTC) FILETIME=[D26B60B0:01C70D6C] Date: 21 Nov 2006 06:59:04 -0600 --qzsoft_directmail_seperator Content-Type: text/plain; charset="DEFAULT" Content-Transfer-Encoding: base64 --qzsoft_directmail_seperator-- When I checked the sender IP with whois I get our old sloppy friend: telefonica.es The sender name was an obvious phoney: THE FREE LOTTO COMPANY [vtdbvakdgj[at]ibm.com] ...I am sure that IBM is not sponsoring this lotto. It was the telefonica.es that made me call this an overseas scam, and also the message itself referenced the European lotto company. This is such an obvious scam that any ISP that doesn't take steps to stop it is almost as guilty as the perp. Link to comment Share on other sites More sharing options...
Wazoo Posted November 21, 2006 Share Posted November 21, 2006 Tracking URL Where's the reference to FREELOTTO.COM ??? Link to comment Share on other sites More sharing options...
epgeek Posted November 21, 2006 Author Share Posted November 21, 2006 The reference to freelotto.com is in the email header and in the body of the spam as: WINNING NOTIFICATION THE FREE LOTTO COMPANY Free lotto Headquarters: Customer Service/Award Dept. www.freelotto.com Ref No:FI/550/05ES Bacth No:6677-05734 Link to comment Share on other sites More sharing options...
StevenUnderwood Posted November 21, 2006 Share Posted November 21, 2006 The reference to freelotto.com is in the email header and in the body of the spam as: WINNING NOTIFICATION THE FREE LOTTO COMPANY Well to be fair the reference in the headers is to: "THE FREE LOTTO COMPANY" in a section that is easily forged. We can not see the body because you still have not provided a TrackingURL for this spam. Link to comment Share on other sites More sharing options...
turetzsr Posted November 21, 2006 Share Posted November 21, 2006 Well to be fair the reference in the headers is to: "THE FREE LOTTO COMPANY" in a section that is easily forged. <snip> ...In other words, it could be a "Joe Job." Link to comment Share on other sites More sharing options...
epgeek Posted November 22, 2006 Author Share Posted November 22, 2006 Is this what you need in order to verify the above: http://members.spamcop.net/mcgi?action=get...rtid=2028664623 Link to comment Share on other sites More sharing options...
Wazoo Posted November 22, 2006 Share Posted November 22, 2006 Is this what you need in order to verify the above: http://members.spamcop.net/mcgi?action=get...rtid=2028664623 No .... I provided a link to the description/defnition of Tracking URL ..... You have provided a Report-ID number/link .... see Getting a Tracking URL from a Report ID .. This time, really look at the data provided instead of floating on by the links/help offered ... There is no issue on "verifying" anything ... the previous remarks were based on data not provided, seen, etc. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.