concern about username in report

[gerryj]

Hello,

i have been using Mailwasher and Spamcop for just a few weeks and haven't seen much change in my spam. I just noticed that for the first time i am receiving spam (well, unsolicited email) from chinanet.

The tracking URL is

http://www.spamcop.net/sc?id=z1245453250z9...66e1f7f1bd7c9az

I didn't ask for spam reports to be sent on for this one.

(1)

What mainly concerns me is that my account username appears in the report. This is because my ISP does some junk mail checking and sticks it in the location where i find it using Mailwasher. When i refer it to Spamcop, that info is there to be seen in the report. (search on "lctk" at the tracking url).

(2)

The report appears to be sending a message to

http://ns.chinanet.cn.net/ actually anti-spam[at]ns.chinanet.cn.net

However, the domain returns: (113) No route to host

Maybe it's just down but i tried three times over 24 hours, so i have to wonder about the "send to" line in the spam report.

(3)

A concern is that the reports can be accessed by spammers, and they will find user names simply by scanning for whatever they or others have used as forgeries in the past, or something similar.

How might that be, and is there a way of pre-editing a report to ensure that such information is not passed to Spamcop, or sent on in reports?

(4)

In a way i do not want to ask what motivates spammers to "get even", but rather, are there any cracks in what we are trying to achieve that they can use against us by using spamcop (forums) itself.

regards

gerryj

[dbiel]

One very dangerous situation you open up (and is easy to do if you are unaware of it) is that posting a Tracking URL that has not been reported or canceled leaves it open for anyone to click on it and send what ever reports they want under your name and account.. Please remember to cancel all reports that you do not want to submit prior to posting the URL

The following related topic may be of interest: FAQ Entry: Insufficient Munging?

[gerryj]

dbiel:

I believe you cancelled the tracking link on my behalf, thankyou.

i have another query, as to whether a report should be sent in a case like the following or should be cancelled:

ISP does not wish to receive reports..(see below).

What's the recommendation (i cancelled it this time)?

In a recent case the details showed:

Received: from D5RP6G81 (pool-141-150-39-107.mad.east.verizon.net [141.150.39.107]) by mail9.tpgi.com.au (envelope-from takingprofitsin2006[at]yahoo.com) (8.13.6/8.13.6) with SMTP id l2E4A9pt012668 for <x>; Wed, 14 Mar 2007 15:10:15 +1100

Tracking message source: 141.150.39.107:

Routing details for 141.150.39.107

[refresh/show] Cached whois for 141.150.39.107 : abuse[at]verizon.net

Using abuse net on abuse[at]verizon.net

abuse net verizon.net = abuse[at]verizon.net

Using best contacts abuse[at]verizon.net

Message is 1 hours old

141.150.39.107 not listed in dnsbl.njabl.org

141.150.39.107 not listed in dnsbl.njabl.org

141.150.39.107 not listed in cbl.abuseat.org

141.150.39.107 listed in dnsbl.sorbs.net ( 127.0.0.10 )

141.150.39.107 not listed in accredit.habeas.com

141.150.39.107 not listed in plus.bondedsender.org

141.150.39.107 not listed in iadb.isipp.com

Finding links in message body

Parsing text part

Resolving link obfuscation

<https://www.takingprofits.com/amember/signup.php>

<http://www.takingprofits.com>

Host www.takingprofits.com (checking ip) = 209.200.233.199

host 209.200.233.199 = adary.lunarpages.com (cached)

Host www.takingprofits.com (checking ip) = 209.200.233.199

host 209.200.233.199 = adary.lunarpages.com (cached)

Tracking link: <http://www.takingprofits.com/>

[report history]

ISP does not wish to receive report regarding <http://www.takingprofits.com/>

Resolves to 209.200.233.199

Routing details for 209.200.233.199

[refresh/show] Cached whois for 209.200.233.199 : hostmaster[at]lunarpages.com

Using abuse net on hostmaster[at]lunarpages.com

abuse net lunarpages.com = abuse[at]lunarpages.com

Using best contacts abuse[at]lunarpages.com

ISP does not wish to receive reports regarding <http://www.takingprofits.com/> - no date available

PS: who is the ISP: - verizon or lunarpages?

[Edit - links pulled]

[Farelf]

...i have another query, as to whether a report should be sent in a case like the following or should be cancelled:

ISP does not wish to receive reports..(see below). ...

What's the recommendation (i cancelled it this time)?...ISP does not wish to receive reports regarding <http://www.takingprofits.com/> - no date available

PS: who is the ISP: - verizon or lunarpages?

No, don't cancel because of that message - the SC system will withhold the report for you and the miscreants will still have a strike registered against them. If you cancel, that strike doesn't get registered. The ISP referred to in that case is lunarpages, nothing to do with the spamsource (verizon). There is a separate "spamvertizement" BL which feeds off the SC system and cancelling would withhold possible registration with that one too. Not too late, if you still have the spam reparse it and send report(s), if you wish to.

Even of you cancel a report you can copy the tracking URL and paste it in your posts to save pasting the detail here by the way - you probably wanted to highlight the bits you were talking about so that's okay but we could have followed your inquiry with just the "tracker". That has the advantage of leaving the spamvertized links out of the forum pages. Why do the spammers work - to put that link in front of the unsuspecting public - for him? (I always say/ask).

Much to learn but not to worry - we all have to start at the beginning.