Exodus = BlackHat?

[mrmaxx]

I'm a domain admin here at work and I'm reporting a bunch of spam for one of our users (opening his mail in MY outlook and using SpamDeputy) and I've noticed that about 60%+ of his spam comes from Exodus IP's and is spamvertising sites HOSTED by Exodus.

My question is, since Exodus refuses munged reports, should I go ahead and send them un-munged reports, or are they "blackhat" enough to just pass the information on down to their spammy clients? If they are, I am not going to bother reporting spam to them, just gonna go ahead and let it hit the SCBL in the future...

[Spambo]

I'm a domain admin here at work and I'm reporting a bunch of spam for one of our users (opening his mail in MY outlook and using SpamDeputy) and I've noticed that about 60%+ of his spam comes from Exodus IP's and is spamvertising sites HOSTED by Exodus.

My question is, since Exodus refuses munged reports, should I go ahead and send them un-munged reports, or are they "blackhat" enough to just pass the information on down to their spammy clients? If they are, I am not going to bother reporting spam to them, just gonna go ahead and let it hit the SCBL in the future...

Consider Exodus to be blackhat, and it is likely that they will pass the info on to their spammers.

As an option to sending unmunged reports you could still send munged reports from a "throw-away" account (such as a Yahoo or Hotmail account created specifically for the purpose of sending munged spam reports).

[mrmaxx]

Consider Exodus to be blackhat, and it is likely that they will pass the info on to their spammers.

As an option to sending unmunged reports you could still send munged reports from a "throw-away" account (such as a Yahoo or Hotmail account created specifically for the purpose of sending munged spam reports).

What about above.net? I don't really care who gets my spamcop.net email address. I'm more worried about my work email address getting hit by spammers, the way my user's email address is.

When reporting spam for my user, I've noticed I get a fair number (8-10 / day) for above.net, which also refuses munged reports. I don't mind sending unmunged reports where the ISP is less likely to pass along the personally-identifiable information, but if they're just going to pass the spam complaint on to the spammer, there's no sense senidng reports to them.

[Spambo]

What about above.net?

Ditto. In fact above.net probably has a worse reputation.

IMO the only valid reason for an abuse department to need an unmunged report is if ALL of the reports they've received about a particular incident have been munged.

[mrmaxx]

What about above.net?

Ditto. In fact above.net probably has a worse reputation.

IMO the only valid reason for an abuse department to need an unmunged report is if ALL of the reports they've received about a particular incident have been munged.

Bummer! Guess you're probably going to say the same thing about swbell. *sigh* It's almost getting so that there's no sense reporting spam if all the links are going to require unmunged reports! It's not there yet, but it looks like most of the "major" ISPs are going that route

[turetzsr]

What about above.net?

Ditto. In fact above.net probably has a worse reputation.

IMO the only valid reason for an abuse department to need an unmunged report is if ALL of the reports they've received about a particular incident have been munged.

<snip>

*sigh* It's almost getting so that there's no sense reporting spam if all the links are going to require unmunged reports!

<snip>

...Sure there is -- to keep them on the blocklist!

[mrmaxx]

<snip>

*sigh* It's almost getting so that there's no sense reporting spam if all the links are going to require unmunged reports!

<snip>

...Sure there is -- to keep them on the blocklist!

Well, I didn't *really* mean there was no sense reporting 'em... simply expressing frustration at ISPs who protect their spammy customers!

[turetzsr]

<snip>

*sigh* It's almost getting so that there's no sense reporting spam if all the links are going to require unmunged reports!

<snip>

...Sure there is -- to keep them on the blocklist! 

Well, I didn't *really* mean there was no sense reporting 'em... simply expressing frustration at ISPs who protect their spammy customers!

...Er, I'd prefer to give them the benefit of the doubt and assume they're taking the position that mungeing is tantamount to submitting an anonymous report and that anonymous reports may be unreliable.

[Spambo]

...Er, I'd prefer to give them the benefit of the doubt and assume they're taking the position that mungeing is tantamount to submitting an anonymous report and that anonymous reports may be unreliable. 

I wish I could believe that. Unfortunately IME mrmaxx's assessment is accurate.

[Miss Betsy]

Although they won't accept unmunged reports from spamcop, you can send munged reports from another source to see what happens.

I did that for a while. Munged the spam and sent it from another address (throwaway). Worked well for a while and then someone did send it on to the spammer and I got a spam within minutes of reporting.

I always put "I will sign an affidavit that, to the best of my knowledge and belief, I have neither requested email from this source nor on this subject" That's what they will need (an affidavit) if they do anything so it is no longer anonymous if they request the affidavit. No one ever has taken me up on it.

But I finally decided that it is a total waste of time once your email address is compromised. If the spammer gets it, there is a 50-50 chance that he will ignore it or sell it to someone else as a live address if he listwashes.

So either send unmunged reports all the time or just send it to the bl.

My $.02 USD

Miss Betsy