gerryj Posted March 8, 2007 Share Posted March 8, 2007 Hello, i have been using Mailwasher and Spamcop for just a few weeks and haven't seen much change in my spam. I just noticed that for the first time i am receiving spam (well, unsolicited email) from chinanet. The tracking URL is http://www.spamcop.net/sc?id=z1245453250z9...66e1f7f1bd7c9az I didn't ask for spam reports to be sent on for this one. (1) What mainly concerns me is that my account username appears in the report. This is because my ISP does some junk mail checking and sticks it in the location where i find it using Mailwasher. When i refer it to Spamcop, that info is there to be seen in the report. (search on "lctk" at the tracking url). (2) The report appears to be sending a message to http://ns.chinanet.cn.net/ actually anti-spam[at]ns.chinanet.cn.net However, the domain returns: (113) No route to host Maybe it's just down but i tried three times over 24 hours, so i have to wonder about the "send to" line in the spam report. (3) A concern is that the reports can be accessed by spammers, and they will find user names simply by scanning for whatever they or others have used as forgeries in the past, or something similar. How might that be, and is there a way of pre-editing a report to ensure that such information is not passed to Spamcop, or sent on in reports? (4) In a way i do not want to ask what motivates spammers to "get even", but rather, are there any cracks in what we are trying to achieve that they can use against us by using spamcop (forums) itself. regards gerryj Link to comment Share on other sites More sharing options...
dbiel Posted March 8, 2007 Share Posted March 8, 2007 One very dangerous situation you open up (and is easy to do if you are unaware of it) is that posting a Tracking URL that has not been reported or canceled leaves it open for anyone to click on it and send what ever reports they want under your name and account.. Please remember to cancel all reports that you do not want to submit prior to posting the URL The following related topic may be of interest: FAQ Entry: Insufficient Munging? Link to comment Share on other sites More sharing options...
gerryj Posted March 14, 2007 Author Share Posted March 14, 2007 dbiel: I believe you cancelled the tracking link on my behalf, thankyou. i have another query, as to whether a report should be sent in a case like the following or should be cancelled: ISP does not wish to receive reports..(see below). What's the recommendation (i cancelled it this time)? In a recent case the details showed: Received: from D5RP6G81 (pool-141-150-39-107.mad.east.verizon.net [141.150.39.107]) by mail9.tpgi.com.au (envelope-from takingprofitsin2006[at]yahoo.com) (8.13.6/8.13.6) with SMTP id l2E4A9pt012668 for <x>; Wed, 14 Mar 2007 15:10:15 +1100 Tracking message source: 141.150.39.107: Routing details for 141.150.39.107 [refresh/show] Cached whois for 141.150.39.107 : abuse[at]verizon.net Using abuse net on abuse[at]verizon.net abuse net verizon.net = abuse[at]verizon.net Using best contacts abuse[at]verizon.net Message is 1 hours old 141.150.39.107 not listed in dnsbl.njabl.org 141.150.39.107 not listed in dnsbl.njabl.org 141.150.39.107 not listed in cbl.abuseat.org 141.150.39.107 listed in dnsbl.sorbs.net ( 127.0.0.10 ) 141.150.39.107 not listed in accredit.habeas.com 141.150.39.107 not listed in plus.bondedsender.org 141.150.39.107 not listed in iadb.isipp.com Finding links in message body Parsing text part Resolving link obfuscation <https://www.takingprofits.com/amember/signup.php> <http://www.takingprofits.com> Host www.takingprofits.com (checking ip) = 209.200.233.199 host 209.200.233.199 = adary.lunarpages.com (cached) Host www.takingprofits.com (checking ip) = 209.200.233.199 host 209.200.233.199 = adary.lunarpages.com (cached) Tracking link: <http://www.takingprofits.com/> [report history] ISP does not wish to receive report regarding <http://www.takingprofits.com/> Resolves to 209.200.233.199 Routing details for 209.200.233.199 [refresh/show] Cached whois for 209.200.233.199 : hostmaster[at]lunarpages.com Using abuse net on hostmaster[at]lunarpages.com abuse net lunarpages.com = abuse[at]lunarpages.com Using best contacts abuse[at]lunarpages.com ISP does not wish to receive reports regarding <http://www.takingprofits.com/> - no date available PS: who is the ISP: - verizon or lunarpages? [Edit - links pulled] Link to comment Share on other sites More sharing options...
Farelf Posted March 14, 2007 Share Posted March 14, 2007 ...i have another query, as to whether a report should be sent in a case like the following or should be cancelled: ISP does not wish to receive reports..(see below). ... What's the recommendation (i cancelled it this time)?...ISP does not wish to receive reports regarding <http://www.takingprofits.com/> - no date available PS: who is the ISP: - verizon or lunarpages? No, don't cancel because of that message - the SC system will withhold the report for you and the miscreants will still have a strike registered against them. If you cancel, that strike doesn't get registered. The ISP referred to in that case is lunarpages, nothing to do with the spamsource (verizon). There is a separate "spamvertizement" BL which feeds off the SC system and cancelling would withhold possible registration with that one too. Not too late, if you still have the spam reparse it and send report(s), if you wish to. Even of you cancel a report you can copy the tracking URL and paste it in your posts to save pasting the detail here by the way - you probably wanted to highlight the bits you were talking about so that's okay but we could have followed your inquiry with just the "tracker". That has the advantage of leaving the spamvertized links out of the forum pages. Why do the spammers work - to put that link in front of the unsuspecting public - for him? (I always say/ask). Much to learn but not to worry - we all have to start at the beginning. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.