ob1db Posted January 4, 2008 Posted January 4, 2008 I am puzzled. I am seeing MANY failures lately when I paste G-Mail messages in SC. It gets the source of the spam and frequently catches sites in the signature, but utterly fails on the offending sites. When I parse the site alone, I get a "discarded as fake" error message. This website is one of MANY lately that the parser is saying won't resolve: http://www.spamcop.net/sc?id=z1597006130ze...779680bf88a715z However, I can parse this site using www.ahbl.org/lookup and I get tankheadsonline.info is 219.129.219.244 Which DOES parse! Parsing input: 219.129.219.244 No recent reports, no history available Routing details for 219.129.219.244 Using smaller IP block (/ 29 vs. / 13 ) Removing 3 larger (> / 29 ) route(s) from cache [refresh/show] Cached whois for 219.129.219.244 : ipuser[at]gddc.com.cn Using last resort contacts ipuser[at]gddc.com.cn What is going on? Anyone else seeing this? David ---------- Forwarded message ---------- From: Esparza Tomlin <esparzatomlin4320[at]hotmail.com> Date: Jan 4, 2008 2:05 PM Subject: Horny soccer fan getting nailed To: twilightmonkey[at]hotmail.com, chrischarlebois[at]www.com, rfrijlink1964[at]msn.com, cohollowe[at]aol.com, shaley[at]orange.net, bwsmouf005[at]aol.com, puffyluvr[at]gmail.com, silverloop13[at]home.com, sousawr[at]camcomp.com, justin[at]kellnet.com Bhaer is to look at his be splendid!" "I shall eat boys. This lady, who had escaped hxxp://tankheadsonline.info offered to do gasped Mr. Bangs, ________________________________ Watch “Cause Effect,†a show about real people making a real difference. Learn more [Moderator edit - live link disabled. May be unreachable even so why on earth give a spammer a free ride??]
Telarin Posted January 4, 2008 Posted January 4, 2008 Usual responses... Reporting of spamvertised sites is not the primary goal of spamcop, and thus not a lot of resources are devoted to it, that being said, there are many things that can cause resolution of sites to fail at spamcop even though your browser can resolve them... Most notably, if the site takes a long time to resolve, spamcop will give up on it quickly. The argument being that "waiting" for DNS resolution would slow down the processing of email. Of course, that would mean that the spamcop parser is a single threaded piece of software, which I kind of doubt, but its always possible. Other possibility is that the spammer controls the DNS server in question and is intentionally blocking request from spamcop. This seems to be happening more and more frequently, especially with site run by the big spam gangs.
Farelf Posted January 5, 2008 Posted January 5, 2008 That site's DNS is not kosher. you found a = 219.129.219.244. Right now I find a = ns1 = ns2 = 212.58.114.80 (IBERIAPAC AS Telenet AS ISP operations in Georgia Tbilisi) and I predict this will move on again before long. SC presumably cannot keep up with this, misconfigured records etc (and, as Will points out, secondary part of the SC effort only). WHOIS - http://www.robtex.com/whois/tankheadsonline.info.html Domain ID:D23110134-LRMS Domain Name:TANKHEADSONLINE.INFO Created On:03-Jan-2008 13:50:30 UTC Last Updated On:03-Jan-2008 13:50:31 UTC Expiration Date:03-Jan-2009 13:50:30 UTC Sponsoring Registrar:Blog.com Digital Communications Inc. (R315-LRMS) Status:CLIENT TRANSFER PROHIBITED Status:TRANSFER PROHIBITED Registrant ID:DI_7486293 Registrant Name:Terrance Kim etc... Also admin, billing and tech. And, oops, the site is reachable at the moment. PLEASE do not post live links to spamvertized sites. What were you thinking? [Edit - removed contact detail shown, see the lookup for that]
ob1db Posted January 7, 2008 Author Posted January 7, 2008 What do you mean "PLEASE do not post live links to spamvertized sites."? Why is that an issue on these boards? How else would I reference the problem site? Moderator Edit: The entire unrelated quoted maaterial removed from this post, as per the suggested guidance offered in many places, such as the Forum FAQ here.
StevenUnderwood Posted January 7, 2008 Posted January 7, 2008 What do you mean "PLEASE do not post live links to spamvertized sites."? Why is that an issue on these boards? How else would I reference the problem site? By posting a TrackingURL as is requested in several places. With that we can see the original spam (with your wemail address protected). It is an issue because some innocent people come here and do not know not to click on any link they find AND these forums are picked up by the various search engines, allowing the spammers free advertizing.
Farelf Posted January 7, 2008 Posted January 7, 2008 ...It is an issue because some innocent people come here and do not know not to click on any link they find AND these forums are picked up by the various search engines, allowing the spammers free advertizing. ...Prezactly, on all counts - but (for ob1db and general reference) if it is not appropriate/possible to paste a Tracking URL then another way is to munge the link so it doesn't work as a link - (say) by changing http to hxxp, or whatever. Incidentally, if you look at the bottom of the index (front) page of these forums you will see the search engines listed amongst the "user(s) active ...". Actually, though only one instance of each is shown, I believe there will be a substantial number of them from each service at any time, beavering away to immortalize and disseminate your every utterance the instant it issues (more or less).
Recommended Posts
Archived
This topic is now archived and is closed to further replies.