efa Posted March 2, 2007 Share Posted March 2, 2007 Hi, I receive most spam from the same Internet Service Provider. They are chinanet, cablecom.ch, ip-tel.de, end few other. For every spam mail, I report to their abuse[at]email.tld, but ofter I got a lot more email immediately after the complaint. How can a "single user" damage those providers? Can Spamcop add some new functions to help this pourpose? Link to comment Share on other sites More sharing options...
turetzsr Posted March 2, 2007 Share Posted March 2, 2007 Hi, I receive most spam from the same Internet Service Provider. They are chinanet, cablecom.ch, ip-tel.de, end few other. For every spam mail, I report to their abuse[at]email.tld, but ofter I got a lot more email immediately after the complaint. How can a "single user" damage those providers? ...Simple answer: nothing, unless you have lots of time and money to spare tracking them down and affecting appropriate legal harassment.Can Spamcop add some new functions to help this pourpose?...Any suggestions? Bearing in mind that SpamCop's principal purposes are: Identify the source of the spam Populate the SpamCop blacklist based on certain rules involving the frequency of spam from the source (IP address) vs total e-mail seen from that source Link to comment Share on other sites More sharing options...
dra007 Posted March 3, 2007 Share Posted March 3, 2007 You need to use more than SpamCop to put a dent into their business.. Why not try http://www.knujon.com/ Link to comment Share on other sites More sharing options...
efa Posted March 3, 2007 Author Share Posted March 3, 2007 in particular I receive spam most from that domains: cablecom.ch (magicsun.net) tpnet.pl t-ipnet.de chello.pl cnc-noc.net comcast.net bluewin.ch telecomitalia.it wanadoo.fr auna.es rr.com cert.br gaoland.net btbroadband.com ttnet.net.tr telefonica.es Link to comment Share on other sites More sharing options...
efa Posted March 3, 2007 Author Share Posted March 3, 2007 You need to use more than SpamCop to put a dent into their business.. Why not try http://www.knujon.com/ I looked for what "knujon" can do for me, but this website is near empy. They say to send junk mail to them, but what they do then? Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 3, 2007 Share Posted March 3, 2007 There is information provided by posters in this topic post about knujon. Somewhere else said that they go after the businesses - whatever that means. Responsible ISPs do not allow spammers. Irresponsible ISPs do allow spammers or do not do anything about infected computers. Therefore, the end user/consumer of email services needs to be aware of how content filters and blocklists work so that they can choose the combination that works best for them. IMHO, it is a waste of time to try to 'damage' spammers. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted March 3, 2007 Share Posted March 3, 2007 They say to send junk mail to them, but what they do then? They shut down >17,000 spamadvertized domains since starting a few month ago. I have 12 reported domains pending shutdown. SpamCop is particularly deficient at affecting those domains and now days simple IP of origin reporting can just be of innocent hijacked computers in a wide network of botnets with several potential replacements. The bottom line is that fighting spammers has to go on all fronts and most of us do not have the time and resources to do it, so we basically need services like these two anti-spam players. Link to comment Share on other sites More sharing options...
kamaraju Posted March 5, 2007 Share Posted March 5, 2007 They shut down >17,000 spamadvertized domains since starting a few month ago. I have 12 reported domains pending shutdown. SpamCop is particularly deficient at affecting those domains and now days simple IP of origin reporting can just be of innocent hijacked computers in a wide network of botnets with several potential replacements. The bottom line is that fighting spammers has to go on all fronts and most of us do not have the time and resources to do it, so we basically need services like these two anti-spam players. Their website says that they started since March 2005. Their statistics are indeed very impressive. May I ask, How many junk mail sites did you manage to shutdown through knujon dra007? Also could you (dra007) please tell when you started reporting email to knujon? thanks raju Link to comment Share on other sites More sharing options...
dra007 Posted March 5, 2007 Share Posted March 5, 2007 /snp May I ask, How many junk mail sites did you manage to shutdown through knujon dra007? Also could you (dra007) please tell when you started reporting email to knujon? thanks raju Welcome, I started less than 3 weeks ago, I am showing 12 Pending suspensions, but they only update every 2 weeks or so, so that information may not be current. What is good is that they take the time to report to all kind of law enforcement agencies and forensically determine who is behind the spam. That type of research I am not prepared to spend time and do it on my own. Dr A. Link to comment Share on other sites More sharing options...
efa Posted March 5, 2007 Author Share Posted March 5, 2007 I cannot understand what they do receiving spam mail forwarded to 'coldrain'. How they can shut down the spammer provider? Link to comment Share on other sites More sharing options...
dra007 Posted March 5, 2007 Share Posted March 5, 2007 you misunderstood, they shut down the website advertising spam...when the provider is responsive, of course. But they give them a type of evidence that is persuasive, and I suspect they have other means to pressure them. Link to comment Share on other sites More sharing options...
efa Posted March 6, 2007 Author Share Posted March 6, 2007 you misunderstood, they shut down the webside advertising spam... so they get shutdown the web site that are spamvertized by the spam coming from every email server? Link to comment Share on other sites More sharing options...
dra007 Posted March 6, 2007 Share Posted March 6, 2007 Unless images, most spam e-mail contain a web-site link which advertises and sells a product, say viagra. For the most part such products are either fake, or illegally sold (since they would require a real pharmacy and a prescription), other times the entire web-site is a sham designed to take your money and give you nothing in return. Some type of crime is involved in practically every spam e-mail. That is why spammers take such much trouble to hide their activities and are difficult to track down. They also count on the fact that for every million spams they send there will be an idiot to fall for it and click on their link. When caught spammers are prosecuted, that is why a job like knujon's is necessary, they take the time and invest resources to track spammers down and report their activities to law enforcement agencies, which most of us do for the occasional spam when parsing with SpamCop manually anyhow. Knujon does it for me with every single spam e-mail and thus saves me a lot of time.. Link to comment Share on other sites More sharing options...
efa Posted March 6, 2007 Author Share Posted March 6, 2007 ok, now I understand why they do not need the complete header of the spam. "Knujon" is not interested where come from the spam, but only to what the spam speak about. On the other side "Spamcop" is interested mainly from where the spam come from. The two services work well toghether. But my problem, as reported on the thread title and in my first post, is that I receive a lot of different spam, and 99% of that come from the same (about) 10 domain. For every spam I'm asking to the abuse[at]provider to shut down the spammer, but they do not do that. In other word, the provider "is" the spammer. I want to damage the provider/domain itself as they spam me. Is there some thing that an end user like me can do to damage a limited number (10) of domain? Link to comment Share on other sites More sharing options...
dra007 Posted March 6, 2007 Share Posted March 6, 2007 The reasons providers don't respond is 1) they don't care about being listed, they like to make a profit from hosting spammers; 2) your complaints trace to <<innocent>> users on their network whose computer was hijacked by spammers and is used to send spam without their owner's knowledge. There are so many hijacked PCs, a large provider simply cannot clean their entire network of a million users (e.g. comcast). Providers can only discontinue users if they break policies, not for being used unknowingly. If you do a search here you'll find a lot of discussion on black hat ISPs. Link to comment Share on other sites More sharing options...
rconner Posted March 7, 2007 Share Posted March 7, 2007 But my problem, as reported on the thread title and in my first post, is that I receive a lot of different spam, and 99% of that come from the same (about) 10 domain. For every spam I'm asking to the abuse[at]provider to shut down the spammer, but they do not do that. In other word, the provider "is" the spammer. All of the outfits on your list are large retail ISPs from around the world. The reason you get spam from these domains is that they have customers who have allowed their computers to be turned into spam-mailing machines, probably through some sort of malware. These customers do not know this is happening. We would all like for these companies to take steps (some of them very simple ones) to stop these 'botnet' computers, but (1) the problem is unimaginably large, and (2) the companies seem to have other priorities besides securing their customers' machines against being used as spam relays. I want to damage the provider/domain itself as they spam me. Is there some thing that an end user like me can do to damage a limited number (10) of domain? Well, 'damage' is a pretty all-embracing term. What kind of damage do you want to do? If you are talking about some kind of network-based attack, I'd advise against it. Even if you could mount an effective attack against such large companies, it would probably be easily traced to you and you would get in big trouble for it. In the process, you might be harming innocent customers of these firms. In any case, I suspect that this forum isn't the place for you to get much advice of this nature. If you are talking about legal action, then that's OK, but you'd better hire some good lawyers and be prepared to wait for a long time for any good to come of it. -- rick Link to comment Share on other sites More sharing options...
efa Posted March 7, 2007 Author Share Posted March 7, 2007 that cracker ... they like to crack customer PC of that 10 provider only, just to spam. And all other 4 Gig provider? How they can keep out the cracker? Unbelivable, sorry! I think that those 10 provider, are the only that do very few to keep out the cracker/spammer. Link to comment Share on other sites More sharing options...
efa Posted March 7, 2007 Author Share Posted March 7, 2007 more: a user that let his computer be hijacked by spammers IS punishible as I do not respect the rules of the provider (forbid spamming) At least a provider must close immediately the "innocent" customer account to stop the illegal action. Then the customer clear his PC Then learn how to keep out the cracker (Window Ipdate, Firewall, Antivirus, pass to Mozilla, use Linux, and so on). Then reopern an account on a provider. Link to comment Share on other sites More sharing options...
Miss Betsy Posted March 7, 2007 Share Posted March 7, 2007 You are correct that users who allow their computer to be hijacked are not 'innocent' They may not know that the computer is hijacked, but that makes them ignorant, not innocent. The reason that internet service providers don't make them clean up their computers is economic. It costs money to get a customer to understand. They also lose money if they shut them down. And, for server admins who can block those IP addresses, the problem is solved. No one has a problem. The customer doesn't get his computer turned off. The internet service doesn't spend any money. Since only spam comes from those computers, no one's email is blocked. The server admin who does the blocking never sees the spam (and neither do his customers). The only way to 'damage' the service provider is to block the email servers so that his customers do not get email and complain. The 'sending' end is the only place to stop spam. Unfortunately, too many server admins work for those who think that blocking 'innocent' people is wrong especially if they want the real email. They make the server admin use some other kind of filter to protect them from spam. Miss Betsy Link to comment Share on other sites More sharing options...
dra007 Posted March 15, 2007 Share Posted March 15, 2007 Some good news for those incredulous about knujon reporting... of some 300 sites I have reported so far 27 are pending suspention and 5 were suspended. I typically get a few hundreds (1-300) spam e-mails a day so some of these sites have been reported >30 times to both SpamCop and Knujon, I rearly mis reporting any spam I get... so despite combining 2 separate reportings, it is still frustratingly slow to close down these imbecils...that term applies to the ISPs that are irresponsible hosting the spammers and uresponsive to our constant requests to stop.... Site Instances First Time Last Time Status 49mag.com 1 3/10/2007 3/10/2007 Suspension Pending 8t1logica.com 1 3/11/2007 3/11/2007 Suspended aeacqwhinese.com 1 2/23/2007 2/23/2007 Suspension Pending apowerdrill.com 1 3/4/2007 3/4/2007 Suspension Pending avoidlesssos.com 4 2/24/2007 2/27/2007 Suspension Pending bluehornet.com 1 3/4/2007 3/4/2007 Suspended bobbecklaw.com 1 3/10/2007 3/10/2007 Suspension Pending buenaspect.com 1 3/12/2007 3/12/2007 Suspended canbfuntodate.com 13 2/20/2007 2/22/2007 Suspension Pending ceasarrare.com 11 2/27/2007 3/7/2007 Suspension Pending chekdutyall.com 2 2/24/2007 2/25/2007 Suspension Pending domainsymbol.com 1 3/10/2007 3/10/2007 Suspension Pending dustsalvable.com 1 2/21/2007 2/21/2007 Suspension Pending fermeryhe.com 1 2/21/2007 2/21/2007 Suspension Pending fgesy.com 1 2/20/2007 2/20/2007 Suspension Pending fowostensibly.com 1 2/22/2007 2/22/2007 Suspension Pending greattablet.com 1 3/5/2007 3/5/2007 Suspension Pending hooknupforfun.com 65 2/22/2007 3/7/2007 Suspension Pending hukld.com 3 2/24/2007 2/26/2007 Suspension Pending isodromegi.com 1 2/21/2007 2/21/2007 Suspension Pending leovilla.com 1 3/11/2007 3/11/2007 Suspension Pending moperotes.com 4 2/21/2007 2/22/2007 Suspension Pending murksomesya.com 2 2/25/2007 2/25/2007 Suspension Pending nicabnttiinng.com 1 2/23/2007 2/23/2007 Suspension Pending ordrbnypeepz.com 2 2/26/2007 2/26/2007 Suspension Pending pebrinegn.com 1 2/23/2007 2/23/2007 Suspension Pending potwalloppersos.com 7 2/26/2007 2/27/2007 Suspension Pending pragamondo.com 1 3/12/2007 3/12/2007 Suspended pretensionssya.com 4 2/27/2007 3/10/2007 Suspension Pending radoterrure.com 6 2/24/2007 2/27/2007 Suspension Pending seearborical.com 5 2/25/2007 2/27/2007 Suspension Pending serabstractedness.com 1 2/21/2007 2/21/2007 Suspension Pending taolaaa.com 2 2/24/2007 2/24/2007 Suspension Pending thebatrack.com 1 3/11/2007 3/11/2007 Suspended tolnewz.com 1 2/22/2007 2/22/2007 Suspension Pending topilljudged.com 3 2/21/2007 2/21/2007 Suspension Pending werpainting.com 2 2/28/2007 2/28/2007 Suspension Pending It is interesting that some sites were shut down after a single report.. Link to comment Share on other sites More sharing options...
mshalperin Posted March 17, 2007 Share Posted March 17, 2007 It is interesting that some sites were shut down after a single report.. It's likely that there were reports of these sites from other users. The KnuJon reports only shows the number reported by you. Link to comment Share on other sites More sharing options...
elind Posted April 1, 2007 Share Posted April 1, 2007 The reasons providers don't respond is 1) they don't care about being listed, they like to make a profit from hosting spammers; 2) your complaints trace to <<innocent>> users on their network whose computer was hijacked by spammers and is used to send spam without their owner's knowledge. There are so many hijacked PCs, a large provider simply cannot clean their entire network of a million users (e.g. comcast). Providers can only discontinue users if they break policies, not for being used unknowingly. If you do a search here you'll find a lot of discussion on black hat ISPs. Just one note of some interest. I once made a mistake and reported a spam wrongly. Basically a copy of a spam that identified my PC as the source. I use Road Runner (rr.com). I received a message from them saying that my PC was possibly infected and sending spam. After checking everything and finding nothing, I suspected what had happened and asked them to copy me on the spam, which which they did, confirming what had happened. The point is, while I don't normally receive much spam tracing to rr.com, the one time I did report, wrongly, such spam they did followup, which I know because I was the source and the reporter at the same time. Perhaps though, they do no more than send out such notices. I could repeat the process and see how many reports it would take to get taken off their service, but I don't think I will. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.