Jump to content

Volatile abuse reporting address!


DeadSpam
 Share

Recommended Posts

Has anyone noticed that the abuse reporting addresses of some of the spam websites change every few seconds? Consider for example http://www.todrx.com for which the reporting address changes from abuse[at]keyweb.de to abuse[at]infobox.ru to abuse[at]leaseweb.com to mostow[at]sl.ru, alexdu[at]sl.ru, etc. So are the abuse reporting addresses bogus? Are they alternating because the spammer is maintaining several mirrors and updating the DNS info constantly? What gives????

Link to comment
Share on other sites

Has anyone noticed that the abuse reporting addresses of some of the spam websites change every few seconds? Consider for example http://www.todrx.com for which the reporting address changes from abuse[at]keyweb.de to abuse[at]infobox.ru to abuse[at]leaseweb.com to mostow[at]sl.ru, alexdu[at]sl.ru, etc. So are the abuse reporting addresses bogus? Are they alternating because the spammer is maintaining several mirrors and updating the DNS info constantly? What gives????

If you control your own name servers, then you can change the address of your website as often as you like. Such as every two minutes, say. Then, you make sure to use a very small TTL value on the lookups, so that visitors' local name servers will almost never use cached addresses. So, if one were to look up such a site multiple times, one might well find it to have migrated to several IPs with a different abuse contact for each.

-- rick

Link to comment
Share on other sites

Many thanks for the responses from rconner and Miss Betsy

Please keep reporting this website is run by ROSKO which are professional spam gang

Aside from alerting the ISP you are also helping to alert crime authorities.

Just taking out one spammer stops billions of spams being sent

I know SpamCop parsing often rejects URL because they are slow to connect to, but if you have the time use

http://samspade.org/ Include IP with URL in SpamCops "notes" box to send to reporting address

As always go over my signature to check one's own computers security

Edited by petzl
Link to comment
Share on other sites

As always go over my signature to check one's own computers security

Please excuse the slight OT diversion, but as you mention security, have you seen this new kid on on block of free software? - prevx The reviews and blogs [google prevx] look very interesting indeed. Usual no business interest disclaimer....
Link to comment
Share on other sites

Please keep reporting this website is run by ROSKO which are professional spam gang

Just to clarify, ROSKO isn't actually the name of an online spam sending gang. It's a database put together by SpamHaus of the most prolific spammers, which is an acronym for "Registry of Known spam Operations"

ROSKO FAQ

ROSKO Top 10

(Note: I had to use an archived version of SpamHaus's website from April 2006 because theirs was currently offline at the time I attempted to check it. They are frequently targets of DoS attacks.)

The other information petzl posted is correct though, SpamHaus does pass on all information from the ROSKO list to law enforcement.

Edited by jongrose
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...