Binky Posted May 23, 2008 Share Posted May 23, 2008 Hi, folks: (I did a thorough search of the forum trying to see whether this topic's been addressed. If it has, I obviously didn't use the correct search terms. Please excuse me if I'm asking something that's been asked 4096 times before.) The vast majority of spam I report ends up going to the same place; it's in regards to 122.2.36.197, which is an open proxy, and the emails go off to people with Filipino-sounding names in Poland. I've been reporting it several times a day for more than a year, and it's obviously a waste of my time and system resources doing this. Shall I merely click "Cancel" and be done with it? Every time I see another of these reports, my heart sinks. So much for my trying to get this blight of the net closed. (sigh) Thanks for your advice, PS: SpamCop rocks, but I guess that goes without saying here! Link to comment Share on other sites More sharing options...
Merlyn Posted May 23, 2008 Share Posted May 23, 2008 What makes you think it is an open proxy? Looks more like a compromised machine along with more than 4,000 more compromised machines using IPG-AS-AP Philippine Long Distance Telephone Company/AS9299 Link to comment Share on other sites More sharing options...
Binky Posted May 23, 2008 Author Share Posted May 23, 2008 Merlyn: What makes you think it is an open proxy? Uh, because the report says it is: 122.2.36.197 not listed in dnsbl.njabl.org 122.2.36.197 not listed in dnsbl.njabl.org 122.2.36.197 listed in cbl.abuseat.org ( 127.0.0.2 ) 122.2.36.197 is an open proxy 122.2.36.197 not listed in accredit.habeas.com 122.2.36.197 not listed in plus.bondedsender.org 122.2.36.197 not listed in iadb.isipp.com I'm misreading? Looks more like a compromised machine along with more than 4,000 more compromised machines Glurgh! Link to comment Share on other sites More sharing options...
Merlyn Posted May 23, 2008 Share Posted May 23, 2008 Thanks Link to comment Share on other sites More sharing options...
SpamCopAdmin Posted May 23, 2008 Share Posted May 23, 2008 Shall I merely click "Cancel" and be done with it?I would recommend that you keep banging away with the reports. 122.2.36.197 has been on our list recently, which means it's easier to put it back on our list. Your reports could do exactly that. We can't force the owners of that IP to take action, but at least we can put it on our blocking list. - Don D'Minion - SpamCop Admin - . Link to comment Share on other sites More sharing options...
Binky Posted May 24, 2008 Author Share Posted May 24, 2008 Hi, Don: I would recommend that you keep banging away with the reports. 122.2.36.197 has been on our list recently, which means it's easier to put it back on our list. Your reports could do exactly that. That's *zactly* what I needed to hear! I'll keep banging away at it, then. I just needed to know that all these reports aren't fruitless, that they're not going into the ether and wasting time and resources. Cool! Thanks! I'll start counting the days 'til I quit having to look at the stupid things anymore. I appreciate the encouragement! Link to comment Share on other sites More sharing options...
Wazoo Posted May 24, 2008 Share Posted May 24, 2008 (I did a thorough search of the forum trying to see whether this topic's been addressed. If it has, I obviously didn't use the correct search terms. Please excuse me if I'm asking something that's been asked 4096 times before.) We've all been there, wishing everyone used the same terminology to describe the actual subject being searche for. However, though this subject has come up many times within the Forum, the actual data you'd be looking for qould be found in the SpamCop FAQ and/or the SpamCop WIki ..... following the links at the top of this very page; SpamCop FAQ jump/scroll down the the section devoted to the SpamCop Blocking List Service What is on the list? and the alternate source; SpamCop Wiki Home Page What is SpamCop.net? Follow the links to the Blocking List Service Link to comment Share on other sites More sharing options...
Binky Posted October 28, 2008 Author Share Posted October 28, 2008 Hi, folks: Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time; this has been going on for 1.5-two years, but I was urged to keep at it. Looking back, this has cost me a HUGE mountain of time, with nothing to show for it (ie, the things not only never stop, but they seem to get WORSE. Below, you'll see a second set of addresses that has been added since I posted my plea asked whether I was making a difference). The mails coming from these IP addresses are of a net marketing nature ("Blast Your Ads to 45 Million CraigsList Users!" "Google AdWords Puts $3,000+ Profit into YOUR PayPal Account!!!" "Thousands Of Visitor Visited My Website Daily!!" "$$$ all-new BLOGGER BLASTER $$$") so I can spot them without having to open them to forward them to SpamCop anymore. And that's what I'm gonna do from now on: I'm not forwarding them to SpamCop anymore. It's done me no good forwarding these hundreds and hundreds (thousands?) of things. Just look at these recent examples: 122.2.19.146 122.2.20.143 122.2.20.236 122.2.20.236 122.2.20.254 122.2.21.32 122.2.22.127 122.2.22.67 122.2.22.67 122.2.225.232 122.2.225.51 122.2.226.181 122.2.226.23 122.2.229.107 122.2.23.13 122.2.23.13 122.2.23.16 122.2.23.16 122.2.230.217 122.2.230.99 122.2.239.242 122.2.27.4 122.2.28.35 122.2.29.109 122.2.29.12 122.2.30.144 122.55.178.171 124.106.120.56 124.106.120.56 124.106.151.220 124.106.196.46 124.106.197.100 124.106.197.144 124.107.145.176 58.69.180.203 58.69.180.203 58.69.79.45 58.69.79.45 Reports for the above are going to: nbsibal[at]pldt.com.ph(Notes) himarcelino[at]pldt.com.ph(Notes) sssaliendra[at]pldt.com.ph(Notes) nvtopacio[at]pldt.com.ph(Notes) 119.93.43.167 119.93.43.167 119.95.105.8 122.2.238.77 122.52.60.14 122.52.60.14 122.55.176.248 122.55.178.171 122.55.178.205 122.55.178.211 122.55.178.211 122.55.180.161 122.55.181.168 122.55.181.201 122.55.182.248 122.55.183.149 122.55.183.149 122.55.184.139 122.55.184.7 122.55.185.200 122.55.185.208 122.55.187.15 122.55.187.15 122.55.187.243 122.55.187.243 122.55.188.100 122.55.188.158 (repeatedly) 122.55.188.85 122.55.188.85 122.55.189.42 122.55.190.186 122.55.190.205 122.55.190.205 122.55.190.205 122.55.190.205 122.55.190.207 122.55.190.251 122.55.191.247 Reports for the above are going to: nctabernilla[at]pldt.com.ph vrortiz[at]pldt.com.ph rrdelavega[at]pldt.com.ph wasison[at]pldt.com.ph pwalbino[at]pldt.com.ph ssmiguel[at]pldt.com.ph riresurreccion[at]pldt.com.ph lbsoriano[at]pldt.com.ph jcgonzales[at]pldt.com.ph atmaniaul[at]pldt.com.ph royir143[at]hotmail.com They all come from the same IP addresses, and the reports go to the same email addresses, and nothing is changing. I've tried. I've tried in a big way. I've been a trouper for a long, long time. I have honeypots on all of my sites, as well as files to poison crawlers harvesting for email lists, but I just can't keep spending time filing reports for open relays that aren't ever gonna stop spamming me. I'm sorry. I give up. I'll keep on with the other ones; the reports seem to help (and sometimes I get apologies). But this monster's too much. Binky Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 28, 2008 Share Posted October 28, 2008 Do you use the SpamCop blocking list to filter your incoming messages? If not, then reporting to SpamCop is basically a good faith gesture. Because of the way spammers are now operating, rarely do the reports get to the ISP's of the spammers themselves. Those that do, usually already know they are hosting spammers and have decided it is better for their bottom line to do so. When did you stop reporting some of these? IP - Last report 122.2.19.146-Submitted: Tuesday, September 30, 2008 14:02:19 -0400: 122.2.20.143-Submitted: Saturday, September 27, 2008 01:45:52 -0400: 122.2.20.236-Submitted: Friday, September 26, 2008 21:50:31 -0400: 119.93.43.167-Submitted: Tuesday, October 07, 2008 00:47:10 -0400: 119.95.105.8-Submitted: Thursday, September 25, 2008 01:09:20 -0400: These show most of their servers are listed on at least one blocklist. http://www.senderbase.org/senderbase_queri...ng=122.2.238.77 http://www.senderbase.org/senderbase_queri...ng=122.2.19.146 Link to comment Share on other sites More sharing options...
Wazoo Posted October 28, 2008 Share Posted October 28, 2008 Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time; As this is a continuation of that previous discussion, this 'new' Topic has been merged into that previous Topic/Discussion. They all come from the same IP addresses, and the reports go to the same email addresses, and nothing is changing. The whole premise of the SpamCop.net Reporting process is depenant upon the response and actions of the recipient ISP/Host. The SpamCopDNSBL is dependant upon user Reporting, but of course, any personal benefit from that has to be personally implemented/comfigured. but I just can't keep spending time filing reports for open relays that aren't ever gonna stop spamming me. I'm sorry. I give up. Hmmm, nothing said about any attempts at going upstream on any of these. One thought is the 'large' list of IP Addresses provided. Has there been any follow-up to see if they have actually been handled or not? There is another somewhat current Discussion that has a user complaining about no action taken by the ISP .. yet the SenderBase statistics show that all (e-mail) traffic had in fact stopped for the IP Address originally complained about. Link to comment Share on other sites More sharing options...
turetzsr Posted October 28, 2008 Share Posted October 28, 2008 Hi, folks: Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time; this has been going on for 1.5-two years, but I was urged to keep at it. Looking back, this has cost me a HUGE mountain of time, with nothing to show for it <snip> ...And we thank you for having helped keep the SpamCop blacklist updated! If you no longer have the inclination to continue, IMHO you've earned the right to stop. ...If your question is what reason you might have to continue, I guess the answer is the same as it was when you first raised your inquiry. Link to comment Share on other sites More sharing options...
Binky Posted October 29, 2008 Author Share Posted October 29, 2008 StevenUnderwood: Do you use the SpamCop blocking list to filter your incoming messages? No, I don't, because I'm just forwarding Gmail to SpamCop, not running SpamCop on a server. When did you stop reporting some of these? Yesterday. I can spot their messages easily, because they're net marketing messages, as opposed to the 419 scams, the cheap Rolexes, and the lonely Russian girls. These show most of their servers are listed on at least one blocklist Must they be on a certain number of blocklists before they're blocked for everyone, or must each of us block them ourselves? (sigh) Wazoo: nothing said about any attempts at going upstream on any of these Ah! In all my frustration, I neglected to mention this: all my traceroutes end in interminable "* * * " which I kind of expected, and besides, all of these IP addresses are registered to people in the Filippines; my hopes are terribly low that anyone will give a crap about any of this anyway. Has there been any follow-up to see if they have actually been handled or not? Are you asking whether I've written to them to ask whether they've dealt with my reports? Uh, no. Does that ever work? There is another somewhat current Discussion that has a user complaining about no action taken by the ISP .. yet the SenderBase statistics show that all (e-mail) traffic had in fact stopped for the IP Address originally complained about. As I pointed out for one of the addresses above (122.55.188.158), the email didn't stop for it. I only went back two months to gather the addresses for this list. That was all I could do before flames shot out my ears! turetzsr: we thank you for having helped keep the SpamCop blacklist updated! Thanks, Steve! I'll happily keep on reporting *other* kinds of spam, but this Filippino stuff has worn me out! I'm happy to keep on fighting spam and scammers, but I know when to quit banging my head on the wall! It's all lumpy now! Link to comment Share on other sites More sharing options...
StevenUnderwood Posted October 29, 2008 Share Posted October 29, 2008 No, I don't, because I'm just forwarding Gmail to SpamCop, not running SpamCop on a server. SpamCop is not a program that is run... it is a list used to compare known spam sources to the source of your current message. It can be used on an end user machine if you are not using only the gmail web interface. It could also be used if you were using a spamcop email account and popping your gmail to spamcop. Yesterday. I can spot their messages easily, because they're net marketing messages, as opposed to the 419 scams, the cheap Rolexes, and the lonely Russian girls.The reason I asked is that the most recent reports were almost a month old for all those IP addresses indicating perhaps you are not actually reporting them, only submitting them for reporting (i.e. not finishing the process). Must they be on a certain number of blocklists before they're blocked for everyone, or must each of us block them ourselves? (sigh)Either you or your mail administrator would need to implement the blocklists that are most beneficial for you. If you are not using blocklists, your chances of seeing any reduction in spam are very remote. Link to comment Share on other sites More sharing options...
Binky Posted October 30, 2008 Author Share Posted October 30, 2008 StevenUnderwood: It can be used on an end user machine if you are not using only the gmail web interface I'm quite confused; even assuming there were a way to configure it to work with Apple Mail, my goal all along has been to make these f---tards stop. That's why I've kept at this quixotic quest as long as I have, hoping that I'd tire them with the reports! The reason I asked is that the most recent reports were almost a month old for all those IP addresses indicating perhaps you are not actually reporting them, only submitting them for reporting (i.e. not finishing the process) Oh, I've finished the process, alright! Reports have been sent dated: Today (accidentally!) 10/28 (2) (found out my cat was dying; didn't care much during this time span) 10/11 10/8 (4) 10/7 (6) 10/6 (2) 10/5 (2) 10/4 (4) 10/3 (3) ... and my eyes are beginning to glaze over again. Either you or your mail administrator would need to implement the blocklists that are most beneficial for you. If you are not using blocklists, your chances of seeing any reduction in spam are very remote. And I don't suppose I'll be able to convince Google to implement this. (sigh) I just want someone to shut these bastards down. They suck ass. Link to comment Share on other sites More sharing options...
Miss Betsy Posted October 30, 2008 Share Posted October 30, 2008 Unfortunately, the only way to stop them is to ignore them (or in internet terms, block them). If they get no return from the spamming, then they will stop spamming. Unfortunately, also, there are enough people who are ignorant enough or gullible enough to keep them in business. Blocking email worked to get many ISPs to monitor their customers and prevented them from sending spam through their email servers. So the spammers turned to bots. Many ISPs don't care about the bots because they don't interfere with legitimate email traffic since the bots use other means to get their email out there. So, as has been said before, the best way to stop spammers is to add them to blocklists, of which spamcop is one, that many ISPs use to filter incoming email to reduce spam. End users can use products or services like Mailwasher or spamcop email service and choose which blocklists to use. ISPs can't generally use country blocklists because someone may have a legitimate email correspondent in the Phillippines, for instance. But an end user who does not have any Filipino correspondents can use a blocklist that blocks all email from Phillippines. Reports are only useful for the very few server admins that have made a mistake or somehow let spam out of their system. They are happy to get them because the sooner they know, the sooner they can fix the problem. Sometimes, you can results from reporting to the people from which the offending system gets its connectivity (that's going 'upstream'). If it is taking too much of your time to report all of them, just report 5 or 10 a day. Other people are reporting them also so that they are probably on the spamcop blocklist. If you, or your ISP, are not using any blocklists, then you do not benefit, though other people do. You can also make up fittingly horrible things you would do to the spammers. Sometimes that helps lessen frustration levels. But on the internet, you cannot force anyone to do anything. You can't force them to stop sending, but if you use blocklists, they can't force you to even see their spew. Miss Betsy Link to comment Share on other sites More sharing options...
Wazoo Posted October 30, 2008 Share Posted October 30, 2008 Ah! In all my frustration, I neglected to mention this: all my traceroutes end in interminable "* * * " which I kind of expected, and besides, all of these IP addresses are registered to people in the Filippines; my hopes are terribly low that anyone will give a crap about any of this anyway. 'end result' could be that they block ICMP echo stuff, so ping/traceroute don't return anything. The system could be off-line. On and on, many reason exist for those results. Are you asking whether I've written to them to ask whether they've dealt with my reports? Uh, no. Does that ever work? As I pointed out for one of the addresses above (122.55.188.158), the email didn't stop for it. Not what I meant at all, though that appeoach could be useful. What I actually meant was just as I suggested earlier in this Topic .... look at http://www.senderbase.org/senderbase_queri...=122.55.188.158 .. note that traffic has in fact stopped being seen from that IP Address. The suggestion there would be that someone did in fact "do something" about your complaints. Volume Statistics for this IP Magnitude Vol Change vs. Last Month Last day ...... 0.0 .. N/A Last month .. 3.2 If the numbers you list in your last 'completed' reports are supposed to be Reported spam .... geeze .... I wish my spam load was that low. I'd have to also make an assumption that you never visited the link I referenced in a very early post in this Topic that explained "what is on the SpamCopDNSBL" ..... wlse you'd realize that "3" reports is not going to add that IP Address to the SpamCopDNSBL .... as in the above example, last month's traffic was to the tune of 2,500+ e-mails. Not a good ratio involved there, even if all three of your reports were against that specific IP Address. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.