Jump to content

The spammer is his own isp


goodnessgraceness

Recommended Posts

I get a good number of spams every day from Dan Forootan's EZ Publishing under the names of EZPubs, streamsend, smartblast, and others. When I whois the ultimate sender in the header by checking with Arin, they all list this guy. If the mails claim anything, they claim that I have opted in, when I most certainly have not. Tucows is the nameserver, but complaining to them seems pointless. How does the system handle an isp who is actually the spammer?

Link to comment
Share on other sites

SC notifications are a courtesy which presumably he would ignore or decline. The main thrust of SC reporting is to list IP addresses that exceed the algorithmic limit of reports within a timeframe and that is unaffected. The benefit to you, in keeping his spam out of your inbox, is only achieved if that limit is exceeded and if you use the SCbl for filtering. The listing status of specific IPs may be checked at the SpamCop Blocking List. Is this the information you were after?

It is no loss for you to use the unsubscribe links for such spam (with clear ownership - though many say "don't unsubscribe from anything to which you never subscibed," that is self-defeating in such a case IMO) and some say to go further with unsubscibing and telephone, write, etc. if those requests are not honoured within a reasonable time.

This needs to be moved to a more appropriate area but I see another user here so will wait.

[edit] Moved from SpamCop Discussion > Discussions & Observations > How to use .... Instructions, Tutorials > SpamCop Forum

PM in process, link left.

Link to comment
Share on other sites

Actually, it is somewhat of a help. Since he is his own isp, and I'm already in his system anyway, trying the unsubscribe link really couldn't hurt. However, what I guess I was getting at in a somewhat roundabout fashion, is that since he is his own isp, he runs a range of IP addressess, and not just one. Does SC, or can SC, block an entire isp? It would seem helpful against isp's that exist solely to spam, but counterproductive when there are innocent service subscribers of a rotten isp who would then be blocked.

Link to comment
Share on other sites

...Does SC, or can SC, block an entire isp? It would seem helpful against isp's that exist solely to spam, but counterproductive when there are innocent service subscribers of a rotten isp who would then be blocked.
Agree with your logic but no, the SC modus op. is to act on source IP adress (singular). Blocklists which escalated to larger and larger slices of the internet were not generally well regarded because of the innocents caught up in it all, as you mention (SPEWS and APEWS operated that way IIUC). There may be other BLs which take on the purely spam/blackhat ISPs, hopefully someone more knowledgeable can step in and elaborate if that is the case.
Link to comment
Share on other sites

72.19.192.0 - 72.19.255.255 has been firewalled on all of our servers for many months now. We had them in the local blocklist but they did't understand the message that we did not want their spam so off they went to the firewall. Haven't heard a peep from them since.

Link to comment
Share on other sites

72.19.192.0 - 72.19.255.255 has been firewalled on all of our servers for many months now. We had them in the local blocklist but they did't understand the message that we did not want their spam so off they went to the firewall. Haven't heard a peep from them since.
Noting that - the 72.19.192.0/18 block (Online CIDR Calculator) - is associated with/used by ezpublishing.com and registrant Dan Foortan - http://www.robtex.com/dns/ezpublishing.com.html - and with streamsend.com, (ref also http://www.rhyolite.com/ - using Rhyolite Software Unwelcome Mail Domains - ref Group 532. I see no connection with Tim Knox's ezpubs.com/digitalgraphiti.com (67.63.199.0/24) but then I am easily confused. There's a whole raft of domains closely associated with ezpubs.com, which robtex will list on call. And I don't see the connection (with any of them) and smartblast.com (Registrant SupplierSpecials.com - Michael Ryan). It could be we would be looking at three different sets of "upstream"

KMCTELCOM-DIA KMC Telecom, Inc. 67.63.199.0/24

O1 Communications Colo 72.19.192.0/18

Cbeyond Communications (outwards mail), Rackspace Managed Hosting and Internap Network Services (DNS) for smartblast.com

Can someone check those? Dunno what I'm doing really (I'm used to that but bystanders may become alarmed).

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...