Lking Posted March 4, 2007 Share Posted March 4, 2007 Reporting of a "Alert Regarding Your Paypal Account" phishing trip worked just fine. But of course the host doesn't care and has a false or closed complaint email so the 550 bounced back through SC to me. The original message was received at Mon, 5 Mar 2007 04:06:20 +0800 from [172.26.16.23] ----- The following addresses had permanent fatal errors ----- <antispam[at]antispam.chtd.com.tw> (reason: 550 Host unknown) ----- Transcript of session follows ----- 550 5.1.2 <antispam[at]antispam.chtd.com.tw>... Host unknown (Name server: antispam.chtd.com.tw: host not found) Tracking URL So does SC need/want help updating their list of reporting addresses? If so how? Lou Link to comment Share on other sites More sharing options...
Wazoo Posted March 4, 2007 Share Posted March 4, 2007 So does SC need/want help updating their list of reporting addresses? If so how? One source of data is at SpamCop Newsgroups ..... specifically the 'routing' newsgroup .. though noting that the complaints are that it desn't really seem like the Deputies have much time allowed to get in there and respond, though some issues do get handled .... On the other hand, looking at your Tracking URL, it isn't clear where this address came from at present .... it's not listed in the parse results showing now .... Reports regarding this spam have already been sent: Re: 125.224.197.162 (Administrator of network where email originates) Reportid: 2180372751 To: spam[at]ms1.hinet.net If reported today, reports would be sent to: Re: 125.224.197.162 (Administrator of network where email originates) spam[at]ms1.hinet.net Re: http://203.101.90.140/www.paypal.com/webscr_cmd... (Administrator of network hosting website referenced in spam) techsupport[at]bhartibroadband.com postmaster[at]bhartibroadband.com even after a refresh .... Removing old cache entries. Tracking details Routing details for 125.224.197.162 [refresh/show] Cached whois for 125.224.197.162 : network-adm[at]hinet.net network-center[at]hinet.net Using abuse net on network-adm[at]hinet.net abuse net hinet.net = spam[at]ms1.hinet.net Using best contacts spam[at]ms1.hinet.net Removing old cache entries. Tracking details Routing details for 203.101.90.140 [refresh/show] Cached whois for 203.101.90.140 : techsupport[at]bharti.com Using abuse net on techsupport[at]bharti.com abuse net bharti.com = postmaster[at]bharti.com, helpdesk.network[at]bharti.com Using best contacts postmaster[at]bharti.com helpdesk.network[at]bharti.com 03/04/07 15:38:38 Slow traceroute antispam.chtd.com.tw Trace antispam.chtd.com.tw failed, no such host 03/04/07 15:38:10 Slow traceroute chtd.com.tw Trace chtd.com.tw failed, no such host Link to comment Share on other sites More sharing options...
Lking Posted March 4, 2007 Author Share Posted March 4, 2007 On the other hand, looking at your Tracking URL, it isn't clear where this address came from at present .... it's not listed in the parse results showing now .... Yes Waz, I noticed that also when I was posting. However, when dubble checking that is the correct tracking URL. Header from the tracking URL Message-ID: <6Vg7________L-lb[at]cpanel.error> From: "paypal_notify[at]12901.com" <paypal_notify[at]12901.com> To: <x> Subject: Alert Regarding Your Paypal Account Date: Sun, 04 Mar 2007 04:48:46 -0800 MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="--WUVITZ13743" and from the 550 message Message-ID: 6Vg75I-tCYBqL-lb[at]cpanel.error From: `paypal_notify[at]12901.com` paypal_notify[at]12901.com To: <xx> Subject: Alert Regarding Your Paypal Account Date: Sun, 04 Mar 2007 04:48:46 -0800 MIME-Version: 1.0 Content-Type: multipart/alter What can I say? Lou Link to comment Share on other sites More sharing options...
Wazoo Posted March 5, 2007 Share Posted March 5, 2007 Newsgroup traffic later in the day on the same subject, same problem .... http://zeta.cesmail.net/pipermail/scspamco...hread.html#1749 [scspamcop] Getting Bounce Messages Generated from Spamcop Reports Link to comment Share on other sites More sharing options...
Lking Posted March 5, 2007 Author Share Posted March 5, 2007 Wazoo, Thanks for the reference. We will see if anyone follows up on this. Now we are noticing some dropped quick/submit reports. they don't show up in the "past reports" but in one case I know it got out and past my ISP. Quick scenario, sent a "quick" report on some SW spam with a CC: to Microsoft and also sent a "Submit" on some Pump&dump spam that I wanted to send a copy to Pinksheet (see other threads). I was waiting for the "Submit" to show up ---- then I got the canned response for MS in response to the CC:, but nothing in the past reports. Then a later quick report showed up in the past reports list. I think the stock spam got blocked by my ISP but I know the SW spam report got out to MS but seems to have gotten lost on the way to or by SC. This is the first time I've seen this happen with a trail. Lou Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.