Jump to content

Shall I stop repeatedly reporting this open proxy?


Binky
 Share

Recommended Posts

Hi, folks:

(I did a thorough search of the forum trying to see whether this topic's been addressed. If it has, I obviously didn't use the correct search terms. Please excuse me if I'm asking something that's been asked 4096 times before.)

The vast majority of spam I report ends up going to the same place; it's in regards to 122.2.36.197, which is an open proxy, and the emails go off to people with Filipino-sounding names in Poland. I've been reporting it several times a day for more than a year, and it's obviously a waste of my time and system resources doing this. Shall I merely click "Cancel" and be done with it? Every time I see another of these reports, my heart sinks. So much for my trying to get this blight of the net closed. (sigh)

Thanks for your advice,

PS: SpamCop rocks, but I guess that goes without saying here!

Edited by Binky
Link to comment
Share on other sites

Merlyn:

What makes you think it is an open proxy?

Uh, because the report says it is:

122.2.36.197 not listed in dnsbl.njabl.org

122.2.36.197 not listed in dnsbl.njabl.org

122.2.36.197 listed in cbl.abuseat.org ( 127.0.0.2 )

122.2.36.197 is an open proxy

122.2.36.197 not listed in accredit.habeas.com

122.2.36.197 not listed in plus.bondedsender.org

122.2.36.197 not listed in iadb.isipp.com

I'm misreading?

Looks more like a compromised machine along with more than 4,000 more compromised machines

Glurgh!

Link to comment
Share on other sites

Shall I merely click "Cancel" and be done with it?
I would recommend that you keep banging away with the reports. 122.2.36.197 has been on our list recently, which means it's easier to put it back on our list. Your reports could do exactly that.

We can't force the owners of that IP to take action, but at least we can put it on our blocking list.

- Don D'Minion - SpamCop Admin -

.

Link to comment
Share on other sites

Hi, Don:

I would recommend that you keep banging away with the reports. 122.2.36.197 has been on our list recently, which means it's easier to put it back on our list. Your reports could do exactly that.

That's *zactly* what I needed to hear! I'll keep banging away at it, then. I just needed to know that all these reports aren't fruitless, that they're not going into the ether and wasting time and resources. Cool! Thanks! I'll start counting the days 'til I quit having to look at the stupid things anymore.

I appreciate the encouragement!

Link to comment
Share on other sites

(I did a thorough search of the forum trying to see whether this topic's been addressed. If it has, I obviously didn't use the correct search terms. Please excuse me if I'm asking something that's been asked 4096 times before.)

We've all been there, wishing everyone used the same terminology to describe the actual subject being searche for. However, though this subject has come up many times within the Forum, the actual data you'd be looking for qould be found in the SpamCop FAQ and/or the SpamCop WIki ..... following the links at the top of this very page;

SpamCop FAQ

jump/scroll down the the section devoted to the SpamCop Blocking List Service

What is on the list?

and the alternate source;

SpamCop Wiki Home Page

What is SpamCop.net?

Follow the links to the Blocking List Service

Link to comment
Share on other sites

  • 5 months later...

Hi, folks:

Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time; this has been going on for 1.5-two years, but I was urged to keep at it. Looking back, this has cost me a HUGE mountain of time, with nothing to show for it (ie, the things not only never stop, but they seem to get WORSE. Below, you'll see a second set of addresses that has been added since I posted my plea asked whether I was making a difference). The mails coming from these IP addresses are of a net marketing nature ("Blast Your Ads to 45 Million CraigsList Users!" "Google AdWords Puts $3,000+ Profit into YOUR PayPal Account!!!" "Thousands Of Visitor Visited My Website Daily!!" "$$$ all-new BLOGGER BLASTER $$$") so I can spot them without having to open them to forward them to SpamCop anymore. And that's what I'm gonna do from now on: I'm not forwarding them to SpamCop anymore. It's done me no good forwarding these hundreds and hundreds (thousands?) of things. Just look at these recent examples:

122.2.19.146

122.2.20.143

122.2.20.236

122.2.20.236

122.2.20.254

122.2.21.32

122.2.22.127

122.2.22.67

122.2.22.67

122.2.225.232

122.2.225.51

122.2.226.181

122.2.226.23

122.2.229.107

122.2.23.13

122.2.23.13

122.2.23.16

122.2.23.16

122.2.230.217

122.2.230.99

122.2.239.242

122.2.27.4

122.2.28.35

122.2.29.109

122.2.29.12

122.2.30.144

122.55.178.171

124.106.120.56

124.106.120.56

124.106.151.220

124.106.196.46

124.106.197.100

124.106.197.144

124.107.145.176

58.69.180.203

58.69.180.203

58.69.79.45

58.69.79.45

Reports for the above are going to:

nbsibal[at]pldt.com.ph(Notes)

himarcelino[at]pldt.com.ph(Notes)

sssaliendra[at]pldt.com.ph(Notes)

nvtopacio[at]pldt.com.ph(Notes)

119.93.43.167

119.93.43.167

119.95.105.8

122.2.238.77

122.52.60.14

122.52.60.14

122.55.176.248

122.55.178.171

122.55.178.205

122.55.178.211

122.55.178.211

122.55.180.161

122.55.181.168

122.55.181.201

122.55.182.248

122.55.183.149

122.55.183.149

122.55.184.139

122.55.184.7

122.55.185.200

122.55.185.208

122.55.187.15

122.55.187.15

122.55.187.243

122.55.187.243

122.55.188.100

122.55.188.158 (repeatedly)

122.55.188.85

122.55.188.85

122.55.189.42

122.55.190.186

122.55.190.205

122.55.190.205

122.55.190.205

122.55.190.205

122.55.190.207

122.55.190.251

122.55.191.247

Reports for the above are going to:

nctabernilla[at]pldt.com.ph

vrortiz[at]pldt.com.ph

rrdelavega[at]pldt.com.ph

wasison[at]pldt.com.ph

pwalbino[at]pldt.com.ph

ssmiguel[at]pldt.com.ph

riresurreccion[at]pldt.com.ph

lbsoriano[at]pldt.com.ph

jcgonzales[at]pldt.com.ph

atmaniaul[at]pldt.com.ph

royir143[at]hotmail.com

They all come from the same IP addresses, and the reports go to the same email addresses, and nothing is changing.

I've tried. I've tried in a big way. I've been a trouper for a long, long time. I have honeypots on all of my sites, as well as files to poison crawlers harvesting for email lists, but I just can't keep spending time filing reports for open relays that aren't ever gonna stop spamming me. I'm sorry. I give up.

I'll keep on with the other ones; the reports seem to help (and sometimes I get apologies). But this monster's too much.

Binky

Link to comment
Share on other sites

Do you use the SpamCop blocking list to filter your incoming messages? If not, then reporting to SpamCop is basically a good faith gesture. Because of the way spammers are now operating, rarely do the reports get to the ISP's of the spammers themselves. Those that do, usually already know they are hosting spammers and have decided it is better for their bottom line to do so.

When did you stop reporting some of these?

IP - Last report

122.2.19.146-Submitted: Tuesday, September 30, 2008 14:02:19 -0400:

122.2.20.143-Submitted: Saturday, September 27, 2008 01:45:52 -0400:

122.2.20.236-Submitted: Friday, September 26, 2008 21:50:31 -0400:

119.93.43.167-Submitted: Tuesday, October 07, 2008 00:47:10 -0400:

119.95.105.8-Submitted: Thursday, September 25, 2008 01:09:20 -0400:

These show most of their servers are listed on at least one blocklist.

http://www.senderbase.org/senderbase_queri...ng=122.2.238.77

http://www.senderbase.org/senderbase_queri...ng=122.2.19.146

Link to comment
Share on other sites

Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time;

As this is a continuation of that previous discussion, this 'new' Topic has been merged into that previous Topic/Discussion.

They all come from the same IP addresses, and the reports go to the same email addresses, and nothing is changing.

The whole premise of the SpamCop.net Reporting process is depenant upon the response and actions of the recipient ISP/Host. The SpamCopDNSBL is dependant upon user Reporting, but of course, any personal benefit from that has to be personally implemented/comfigured.

but I just can't keep spending time filing reports for open relays that aren't ever gonna stop spamming me. I'm sorry. I give up.

Hmmm, nothing said about any attempts at going upstream on any of these. One thought is the 'large' list of IP Addresses provided. Has there been any follow-up to see if they have actually been handled or not? There is another somewhat current Discussion that has a user complaining about no action taken by the ISP .. yet the SenderBase statistics show that all (e-mail) traffic had in fact stopped for the IP Address originally complained about.

Link to comment
Share on other sites

Hi, folks:

Some time ago I wrote here complaining that I keep reporting IP addresses that my reports say are open relays, and the reports go off to the same damned people all the time; this has been going on for 1.5-two years, but I was urged to keep at it. Looking back, this has cost me a HUGE mountain of time, with nothing to show for it

<snip>

...And we thank you for having helped keep the SpamCop blacklist updated! If you no longer have the inclination to continue, IMHO you've earned the right to stop.

...If your question is what reason you might have to continue, I guess the answer is the same as it was when you first raised your inquiry.

Link to comment
Share on other sites

StevenUnderwood:

Do you use the SpamCop blocking list to filter your incoming messages?

No, I don't, because I'm just forwarding Gmail to SpamCop, not running SpamCop on a server.

When did you stop reporting some of these?

Yesterday. I can spot their messages easily, because they're net marketing messages, as opposed to the 419 scams, the cheap Rolexes, and the lonely Russian girls.

These show most of their servers are listed on at least one blocklist

Must they be on a certain number of blocklists before they're blocked for everyone, or must each of us block them ourselves? (sigh)

Wazoo:

nothing said about any attempts at going upstream on any of these

Ah! In all my frustration, I neglected to mention this: all my traceroutes end in interminable "* * * " which I kind of expected, and besides, all of these IP addresses are registered to people in the Filippines; my hopes are terribly low that anyone will give a crap about any of this anyway.

Has there been any follow-up to see if they have actually been handled or not?

Are you asking whether I've written to them to ask whether they've dealt with my reports? Uh, no. Does that ever work?

There is another somewhat current Discussion that has a user complaining about no action taken by the ISP .. yet the SenderBase statistics show that all (e-mail) traffic had in fact stopped for the IP Address originally complained about.

As I pointed out for one of the addresses above (122.55.188.158), the email didn't stop for it. I only went back two months to gather the addresses for this list. That was all I could do before flames shot out my ears!

turetzsr:

we thank you for having helped keep the SpamCop blacklist updated!

Thanks, Steve! I'll happily keep on reporting *other* kinds of spam, but this Filippino stuff has worn me out! I'm happy to keep on fighting spam and scammers, but I know when to quit banging my head on the wall! It's all lumpy now!

Link to comment
Share on other sites

No, I don't, because I'm just forwarding Gmail to SpamCop, not running SpamCop on a server.

SpamCop is not a program that is run... it is a list used to compare known spam sources to the source of your current message. It can be used on an end user machine if you are not using only the gmail web interface. It could also be used if you were using a spamcop email account and popping your gmail to spamcop.

Yesterday. I can spot their messages easily, because they're net marketing messages, as opposed to the 419 scams, the cheap Rolexes, and the lonely Russian girls.
The reason I asked is that the most recent reports were almost a month old for all those IP addresses indicating perhaps you are not actually reporting them, only submitting them for reporting (i.e. not finishing the process).

Must they be on a certain number of blocklists before they're blocked for everyone, or must each of us block them ourselves? (sigh)
Either you or your mail administrator would need to implement the blocklists that are most beneficial for you. If you are not using blocklists, your chances of seeing any reduction in spam are very remote.
Link to comment
Share on other sites

StevenUnderwood:

It can be used on an end user machine if you are not using only the gmail web interface

I'm quite confused; even assuming there were a way to configure it to work with Apple Mail, my goal all along has been to make these f---tards stop. That's why I've kept at this quixotic quest as long as I have, hoping that I'd tire them with the reports!

The reason I asked is that the most recent reports were almost a month old for all those IP addresses indicating perhaps you are not actually reporting them, only submitting them for reporting (i.e. not finishing the process)

Oh, I've finished the process, alright! Reports have been sent dated:

Today (accidentally!)

10/28 (2)

(found out my cat was dying; didn't care much during this time span)

10/11

10/8 (4)

10/7 (6)

10/6 (2)

10/5 (2)

10/4 (4)

10/3 (3)

... and my eyes are beginning to glaze over again.

Either you or your mail administrator would need to implement the blocklists that are most beneficial for you. If you are not using blocklists, your chances of seeing any reduction in spam are very remote.

And I don't suppose I'll be able to convince Google to implement this. (sigh) I just want someone to shut these bastards down. They suck ass.

Link to comment
Share on other sites

Unfortunately, the only way to stop them is to ignore them (or in internet terms, block them). If they get no return from the spamming, then they will stop spamming. Unfortunately, also, there are enough people who are ignorant enough or gullible enough to keep them in business.

Blocking email worked to get many ISPs to monitor their customers and prevented them from sending spam through their email servers. So the spammers turned to bots. Many ISPs don't care about the bots because they don't interfere with legitimate email traffic since the bots use other means to get their email out there.

So, as has been said before, the best way to stop spammers is to add them to blocklists, of which spamcop is one, that many ISPs use to filter incoming email to reduce spam. End users can use products or services like Mailwasher or spamcop email service and choose which blocklists to use. ISPs can't generally use country blocklists because someone may have a legitimate email correspondent in the Phillippines, for instance. But an end user who does not have any Filipino correspondents can use a blocklist that blocks all email from Phillippines.

Reports are only useful for the very few server admins that have made a mistake or somehow let spam out of their system. They are happy to get them because the sooner they know, the sooner they can fix the problem.

Sometimes, you can results from reporting to the people from which the offending system gets its connectivity (that's going 'upstream').

If it is taking too much of your time to report all of them, just report 5 or 10 a day. Other people are reporting them also so that they are probably on the spamcop blocklist.

If you, or your ISP, are not using any blocklists, then you do not benefit, though other people do.

You can also make up fittingly horrible things you would do to the spammers. Sometimes that helps lessen frustration levels. But on the internet, you cannot force anyone to do anything. You can't force them to stop sending, but if you use blocklists, they can't force you to even see their spew.

Miss Betsy

Link to comment
Share on other sites

Ah! In all my frustration, I neglected to mention this: all my traceroutes end in interminable "* * * " which I kind of expected, and besides, all of these IP addresses are registered to people in the Filippines; my hopes are terribly low that anyone will give a crap about any of this anyway.

'end result' could be that they block ICMP echo stuff, so ping/traceroute don't return anything. The system could be off-line. On and on, many reason exist for those results.

Are you asking whether I've written to them to ask whether they've dealt with my reports? Uh, no. Does that ever work?

As I pointed out for one of the addresses above (122.55.188.158), the email didn't stop for it.

Not what I meant at all, though that appeoach could be useful. What I actually meant was just as I suggested earlier in this Topic .... look at http://www.senderbase.org/senderbase_queri...=122.55.188.158 .. note that traffic has in fact stopped being seen from that IP Address. The suggestion there would be that someone did in fact "do something" about your complaints.

Volume Statistics for this IP

Magnitude Vol Change vs. Last Month

Last day ...... 0.0 .. N/A

Last month .. 3.2

If the numbers you list in your last 'completed' reports are supposed to be Reported spam .... geeze .... I wish my spam load was that low. I'd have to also make an assumption that you never visited the link I referenced in a very early post in this Topic that explained "what is on the SpamCopDNSBL" ..... wlse you'd realize that "3" reports is not going to add that IP Address to the SpamCopDNSBL .... as in the above example, last month's traffic was to the tune of 2,500+ e-mails. Not a good ratio involved there, even if all three of your reports were against that specific IP Address.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

×
×
  • Create New...