The spammer is his own isp

[goodnessgraceness]

I get a good number of spams every day from Dan Forootan's EZ Publishing under the names of EZPubs, streamsend, smartblast, and others. When I whois the ultimate sender in the header by checking with Arin, they all list this guy. If the mails claim anything, they claim that I have opted in, when I most certainly have not. Tucows is the nameserver, but complaining to them seems pointless. How does the system handle an isp who is actually the spammer?

[Farelf]

SC notifications are a courtesy which presumably he would ignore or decline. The main thrust of SC reporting is to list IP addresses that exceed the algorithmic limit of reports within a timeframe and that is unaffected. The benefit to you, in keeping his spam out of your inbox, is only achieved if that limit is exceeded and if you use the SCbl for filtering. The listing status of specific IPs may be checked at the SpamCop Blocking List. Is this the information you were after?

It is no loss for you to use the unsubscribe links for such spam (with clear ownership - though many say "don't unsubscribe from anything to which you never subscibed," that is self-defeating in such a case IMO) and some say to go further with unsubscibing and telephone, write, etc. if those requests are not honoured within a reasonable time.

This needs to be moved to a more appropriate area but I see another user here so will wait.

[edit] Moved from SpamCop Discussion > Discussions & Observations > How to use .... Instructions, Tutorials > SpamCop Forum

PM in process, link left.

[goodnessgraceness]

Actually, it is somewhat of a help. Since he is his own isp, and I'm already in his system anyway, trying the unsubscribe link really couldn't hurt. However, what I guess I was getting at in a somewhat roundabout fashion, is that since he is his own isp, he runs a range of IP addressess, and not just one. Does SC, or can SC, block an entire isp? It would seem helpful against isp's that exist solely to spam, but counterproductive when there are innocent service subscribers of a rotten isp who would then be blocked.

[Farelf]

...Does SC, or can SC, block an entire isp? It would seem helpful against isp's that exist solely to spam, but counterproductive when there are innocent service subscribers of a rotten isp who would then be blocked.

Agree with your logic but no, the SC modus op. is to act on source IP adress (singular). Blocklists which escalated to larger and larger slices of the internet were not generally well regarded because of the innocents caught up in it all, as you mention (SPEWS and APEWS operated that way IIUC). There may be other BLs which take on the purely spam/blackhat ISPs, hopefully someone more knowledgeable can step in and elaborate if that is the case.

[Telarin]

There is also the possibility of complaining to his upstream provider. If you provide one of the IP addresses in question, or a tracking URL, myself or someone else here would be happy to help you figure out who that might be.

[Merlyn]

72.19.192.0 - 72.19.255.255 has been firewalled on all of our servers for many months now. We had them in the local blocklist but they did't understand the message that we did not want their spam so off they went to the firewall. Haven't heard a peep from them since.

[Farelf]

72.19.192.0 - 72.19.255.255 has been firewalled on all of our servers for many months now. We had them in the local blocklist but they did't understand the message that we did not want their spam so off they went to the firewall. Haven't heard a peep from them since.

Noting that - the 72.19.192.0/18 block (Online CIDR Calculator) - is associated with/used by ezpublishing.com and registrant Dan Foortan - http://www.robtex.com/dns/ezpublishing.com.html - and with streamsend.com, (ref also http://www.rhyolite.com/ - using Rhyolite Software Unwelcome Mail Domains - ref Group 532. I see no connection with Tim Knox's ezpubs.com/digitalgraphiti.com (67.63.199.0/24) but then I am easily confused. There's a whole raft of domains closely associated with ezpubs.com, which robtex will list on call. And I don't see the connection (with any of them) and smartblast.com (Registrant SupplierSpecials.com - Michael Ryan). It could be we would be looking at three different sets of "upstream"

KMCTELCOM-DIA KMC Telecom, Inc. 67.63.199.0/24

O1 Communications Colo 72.19.192.0/18

Cbeyond Communications (outwards mail), Rackspace Managed Hosting and Internap Network Services (DNS) for smartblast.com

Can someone check those? Dunno what I'm doing really (I'm used to that but bystanders may become alarmed).