Spammers encoding "to" in "from", and using Spam reports to verify delivery

[starrychloe]

I believe spammers are encoding the "to" email address in the "from" field, and when they receive a spam Cop report saying a particular user was spamming, they use the from field to decode/lookup who it was sent to, thereby verifying whether or not the email address was valid or not. The spammers control their own domain, and so receive the spam reports directly and can parse them. I've noticed that the more spam I report, the more I receive. An example of an email "from" address is "ydomxluutrj[at]gulfoncology.org". Obviously this is not a real address, but is encoded with MY address (possibly using a DB lookup table or transcoded). What can be done about this?

[agsteele]

An example of an email "from" address is "ydomxluutrj[at]gulfoncology.org". Obviously this is not a real address, but is encoded with MY address (possibly using a DB lookup table or transcoded).

You make a strong assertion but do you have any evidence to support this? I'm not saying that this isn't being done but, to be honest, I'm doubtful.

But if you are concerned then you could switch your reporting to 'mole' mode and no reports get sent back at all. Just a block list score added.

I've just taken a look at my spam received and see an example of the type of message you refer to:

Addressed to: vawb5wjgft[at]panalpina.com

The source IP reports go to: abuse[at]tpnet.pl

The report is sent to a legitimate ISP in Poland although they do have a major problem with spam leaving their network. So the report would not go back to the spammer in any case.

If there was a website referenced in the Email then a report might go back to the host of the website but I use Quick Reporting which does not send web site reports since I consider these to of little value and largely ineffective in getting spammer sites removed.

So you could also use Quick Reporting if you remain concerned. But read the health warning about Quick Reporting to avoid reporting yourself

Andrew

[Wazoo]

The source IP reports go to: abuse[at]tpnet.pl

The report is sent to a legitimate ISP in Poland although they do have a major problem with spam leaving their network. So the report would not go back to the spammer in any case.

on the other hand, the stories, accusations, allegations, rumours, etc. about who actually owns/runs/manages tpnet.pl are legion .... see also yambo ....

[Telarin]

One should also note that spam reports do not go back to the "owner of the email domain" from which it was sent. In fact, the vast majority (99.99% probably) of spam uses forged or non-existant domains for the from address. Reports are routed to the registered owner of the IP address, and in the case of reassigned IPs, is generally only routed to the "upstream" owner, and smaller (8 IPs or less) blocks are usually ignored in favor of the larger block that they are contained within.

Yes, if you send spam reports, you get more spam... Of course, if you DON'T send spam reports, you also get more spam... This leads me to believe that sending spam reports is NOT the cause of receiving more spam. Perhaps you have more than annecdotal evidence to the contrary?

[Lking]

... I've noticed that the more spam I report, the more I receive. ... What can be done about this?

Check the archives and you will fined several long threads on this "the more I report the more I get" topic.

I have been away from the web for 9 weeks starting 23 May. (OK I did have dial-up but didn't report any spam) When I got back the daily level of spam had not changed. The last time this idea came up I and others ran tests to check the theory. Check spam charts for my results over time. I did not report any spam during the month of October in the charts.

At the time those supporting a direct link between reporting and spam volume were reporting daily effect, stop reporting, less spam the next day. My data, reporting or not, reflects the general increase in spam during the same period.

JMHO but I think you give spammers to much credit. If you or I (thinking users of the web) were to spam "we" would not think that sending 15 or more copies of the same spam/day would be effective. It should be a tip off that its spam. Yet, we get hundreds of the same spam day after day. = How many of the "You have been sent an eCard by a mate/friend/..." spam have you click on? I know you were fooled by the change to "A mate/friend/... have sent an ecard" =

My point is spammers have learned that the more they send (at almost no cost) the more resposes they get. So why should they bother to scrub their mailing list? That takes time, money and effort. It would be much more effective to get the SpamCop email list (an other common thread) and purge those names from their data base. If they don't send to us, we won't report them, they won't get blocked, and they won't have to keep moving. Besides, if there is anyone in the world that WON'T click on spam it should be members of this forum! = there I go again thinking, not a spammer thing =

Lou