Joe Jobbed Yet Again

[JoeJobbed]

The last time this happened we spent 3 years trying unsuccessfully to get off various blacklists, and even after getting off them being put back on them repeatedly. I wasted hundreds of dollars signing up for the "Bonded Sender" program which turned out to be a total joke.

Now we've been Joe Jobbed again. I just got an email a few minutes ago from "Me" for a viagra selling canadian pharmacy.

The IP's all trace back to ICANN and ARIN and other undefined locations.

Now what? Since the internet is so insanely disorganized when it comes to this, I have no way of globally contacting everyone.

Where do I at least let SPAMCOP know that we aren't the sender, so I dont have to come here a year from now and be accused of spamming people like last time?

[StevenUnderwood]

The last time this happened we spent 3 years trying unsuccessfully to get off various blacklists, and even after getting off them being put back on them repeatedly. I wasted hundreds of dollars signing up for the "Bonded Sender" program which turned out to be a total joke.

Never unsubscribe to something you did not subscribe to. Report or delete... most unsubscribes simply confirm it is an address that is monitored.

Where do I at least let SPAMCOP know that we aren't the sender, so I dont have to come here a year from now and be accused of spamming people like last time?

SpamCop does not look at the sender address... only the IP of the source. If spamcop is/was resolving the messages to your IP, then someone or something behind that IP is/was likely spamming.

Provide the IP on the spamcop reports, and we can likely explain better.

[Lking]

SpamCop does not look at the sender address... only the IP of the source. If spamcop is/was resolving the messages to your IP, then someone or something behind that IP is/was likely spamming.

Steven, I think you are reading to much into the OP.

I see nothing in the OP about a (current) SC report. All I see is he has received "a" spam with his address forged in the FROM: block of the header. He has traced the IP address back to "ICANN and ARIN and other undefined locations." How does one email came from "... and other undefined locations"?

Having gotten joejobbed he may be a little sensitive. I would not consider one email a serious attack, besides if it were serious he would be flooded with bounces from dumb mail servers.

I don't bother to count the number of spam I get "from" me.

[rconner]

Can we get some more info?

Are you saying that you are now being blocked by the SpamCop Blocking List (SCBL)? Are you being blocked by any other BLs? What resources of yours are they blocking, and what was the reason they gave?

Is the problem simply that your domain appears in the "From" address of the spam? This is not such a deadly problem (which is good, since you can't do much about it). I myself, along with many others here, are repeatedly victimized in this fashion, but thus far I at least have not been blacklisted by anyone to my knowledge.

What are the IPs you have traced back to ICANN and ARIN and where/how did you find them? How did you trace them? I am puzzled since in the vast majority of cases it should be possible to trace such addresses back to a proper provider and not just to an internet registry or umbrella organization (ARIN and ICANN, respectively). I for one have never had WHOIS tell me that an address was administered by ICANN (yeah, ok, maybe the ICANN webserver might be an exception).

So far, it is hard to say what is going on with the little information you have given. If you can fill in some of the blanks, this would be helpful.

You might also find this link to the SC Wiki to be helpful: http://forum.spamcop.net/scwik/FromAddressForgery

-- rick

[StevenUnderwood]

Steven, I think you are reading to much into the OP.

How exactly do you read the line: so I dont have to come here a year from now and be accused of spamming people like last time?

I believe this may have happened before but the source was showing as his IP. The only time I have ever seen someone accused of spamming in here is when thr source shows it.

[Wazoo]

More than 24 hours later, numerous Replies made ... yet no follow-up at all. Hard to take things seriously when this happens.

The last time this happened we spent 3 years trying unsuccessfully to get off various blacklists, and even after getting off them being put back on them repeatedly. I wasted hundreds of dollars signing up for the "Bonded Sender" program which turned out to be a total joke.

Serious lackof detail offered here.

Now we've been Joe Jobbed again. I just got an email a few minutes ago from "Me" for a viagra selling canadian pharmacy.

"Joe Job" has a real and specific definition. A simple spam with a "forged From: and/or Reply-To:" address is not one of them.

The IP's all trace back to ICANN and ARIN and other undefined locations.

In all honesty, this suggests that you simply do not know how to use appropriate tools to do the basic research involved. ICANN results would typically indicate that yyou are trying to tracj down non-routable IP Addresses, probably from within your own network. ARIN is hardly 'undefined' ...

Now what? Since the internet is so insanely disorganized when it comes to this, I have no way of globally contacting everyone.

And the thought of spamming 'everyone' with your issues about your spam seems a bit off the wall.

Where do I at least let SPAMCOP know that we aren't the sender, so I dont have to come here a year from now and be accused of spamming people like last time?

Actually, this question doesn't make a lot of sense. Perhaps the actual disclosure of the "last incident from a year ago" might help in actually developing your story. Hopes are that the background does not include you generating a 'new' account here just to make this detail-deficient bit of a rant.

[JoeJobbed]

Sorry - im obviously not an expert.

I just got an email that had my email address as the sender, and got worried.

It did not matter what IP address the email resolved to last time. We still got put on a black list - even here on Spamcop and I had to come here and show evidence it wasnt us.

The reason it was assumed to be us is because the email itself linked to something on our site. The person obviously trying to cause trouble.

Its a nice sentiment that some organizations actually do research before they blacklist you but most don't. AOL ... Hotmail... Yahoo at the time all blacklisted us simply because the "FROM" email address was [at]mydomain.com .... they cared nothing about IP's. In fact, we had a dedicated server with "Hostway" and they accused us of spamming and kicked us off their service as a result. No questions asked. Legal team contacted me and said "youre history". They care nothing about the originating IP either, since the email linked to our site. They said I could use any IP address on earth to spam from.

That was last time.

This time it didnt link to our site. And the poster above is correct - I am not seeing bounced emails so maybe it was just one email.

I think we'll be okay this time.

[Miss Betsy]

You ought to know a little bit more about how email is blocked if you intend to use it seriously enough to be considered a Bonded Sender. I don't know much about how that works except that it costs a great deal, but it might not be so much of a joke if you understood more about how email and spam filtering work.

Hotmail and Yahoo and probably AOL and many ISPs use several different methods to filter incoming email for spam. One way is to filter out spam based on the website advertised in the email. I believe it is being 'joe-jobbed' if someone deliberately uses your website in a malicious attempt to get you tagged as a spammer. However, spammers sometimes use 'innocent bystander' websites in their spam in an attempt to evade the filters.

The spamcop blocklist, however, only lists IP addresses where the spam actually is sent from. Spamcop does send a report to the abuse desk for spamvertised websites. The abuse desk may then cut you off, but should do some research first before not allowing you back because there are situations where a customer may not really be a spammer. Unfortunately, some don't listen. If there is a spamcop report, you are out.

Usually, other blocklists and filters are more conservative than spamcop so the spam email has to have been sent many times in order to get on other lists. Getting a spamcop report is like an early warning signal that something is wrong. There are private lists like hotmail and yahoo that only those who use them know the criteria for filtering. There are also public lists like spamcop that anyone can use to filter spam - most of them are based on IP addresses where the spam came from, but there is, at least, one that is based on IP addresses of websites advertised in spam.

No one, except ignorant end users, would block an email because of the FROM because it is well known that spammers forge the FROM (and the return path). Of course, end users might block it because they don't want email from you. And some server admins probably do include email from a spamvertised domain as well as email containing that domain in their filtering mix.

Don't panic if you do see 'bounced' emails. If the spammer is using your email address in the spam run, then some of those emails may be accepted and then an NDR sent to the return path which is you.

If you don't want to take the time to learn how spam is blocked and how to avoid having email from your domain being tagged as spam, then you really need to hire someone to keep your computers up to date with security and to handle any reports against your server or your domain.

Miss Betsy

[StevenUnderwood]

It did not matter what IP address the email resolved to last time. We still got put on a black list - even here on Spamcop and I had to come here and show evidence it wasnt us.

The reason it was assumed to be us is because the email itself linked to something on our site. The person obviously trying to cause trouble.

You could not have been put on the SpamCop blocklist if the source of the message was not your IP. If I am wrong, what username did you use at that time so we can look up the discussion. JoeJobbed's first post was made in this thread.

What you (or your ISP) likely got was an email from SpamCop letting you know your website was used in a spam message. That does not lead to any spamcop listing, but ISP's have in the past overreacted to those messages and shut down the website in question. That is a problem between the provider and the customer.

There is a list that takes the most spamvertized sites that spamcop sees and creates a list for checking the body of spams, but that is not the SpamCop list.

[Wazoo]

Perhaps the actual disclosure of the "last incident from a year ago" might help in actually developing your story. Hopes are that the background does not include you generating a 'new' account here just to make this detail-deficient bit of a rant.

on Sep 7 2006, 11:08 AM lwayno posts into http://forum.spamcop.net/forums/index.php?showtopic=7016 in which hostway comes up

http://forum.spamcop.net/forums/index.php?showtopic=6859 from Aug 15 2006 includes some spamvertised-site Report data

http://forum.spamcop.net/forums/index.php?showtopic=2274 from Aug 2 2004 contains a post from hostwayabuse

on Jul 30 2004, azuur posts into http://forum.spamcop.net/forums/index.php?showtopic=2256 referencing hostway

So the question I asked still appears unanswered. Which of the above would be your previous account here? Duplicate accounts are not allowed here.

I just got an email that had my email address as the sender, and got worried.

One FAQ/Wiki entry found here is titled Why am I getting all these Bounces?

It did not matter what IP address the email resolved to last time. We still got put on a black list - even here on Spamcop and I had to come here and show evidence it wasnt us.

As stated in numerous places here, for a listing in the SpamCopDNSBL, there is an issue with spew being reported/seen from a specific IP Address. Errors in that programming logic are very rare, actuallt usually an issue with "bad" Reporting, which carries its own ramifications to the Reporter.

The reason it was assumed to be us is because the email itself linked to something on our site. The person obviously trying to cause trouble.

Although that does tend to lean towards a "joe-job" there doesn't seem to be much evidence of that provided in the above referenced previous Topics/Discussions here. (I've not done any newsgroup archive research.)

I think we'll be okay this time.

At present, you have some specific attention focused on your actions and details of previous actions on this Forum. Please answer the questions asked, provide data requested else some other negative (account) actions will be taken on this Forum.

[JoeJobbed]

You could not have been put on the SpamCop blocklist if the source of the message was not your IP. If I am wrong, what username did you use at that time so we can look up the discussion. JoeJobbed's first post was made in this thread.

Well it was a long time ago. Four years. I did some googling and found it again:

http://www.gthelp.com/showthread.php?t=32253

Basically some of your loyal members complained to you that we had spammed them. You then in turn put the word out to the various ISP's and hosting companies. Our hosting company was actually "Interland" at the time. They heard from SpamCop that we were spamming people. According to the poster on the link above, it wasnt an official blacklist but a notice that SpamCop sends out. So in fact at that time, that particular list apparently wasn't researched. People are just trusted (???) to be telling the truth. Their reports along with SpamCops subsequent notice to Interland resulted in us being kicked off the Interland service completely. Meanwhile, nobody had bothered to check the originating IP and when I pointed it out, everyone told me the email was linking to my site, so it had to be me.

I guess the question at this time is simple: How do I find out if anyone has reported anything recently about us? I just came to the site to try and do a search for offending domain names. Wasn't able to find it.

Thanks!

[StevenUnderwood]

Well it was a long time ago. Four years. I did some googling and found it again:

http://www.gthelp.com/showthread.php?t=32253

Basically some of your loyal members complained to you that we had spammed them. You then in turn put the word out to the various ISP's and hosting companies. Our hosting company was actually "Interland" at the time. They heard from SpamCop that we were spamming people. According to the poster on the link above, it wasnt an official blacklist but a notice that SpamCop sends out. So in fact at that time, that particular list apparently wasn't researched. People are just trusted (???) to be telling the truth. Their reports along with SpamCops subsequent notice to Interland resulted in us being kicked off the Interland service completely. Meanwhile, nobody had bothered to check the originating IP and when I pointed it out, everyone told me the email was linking to my site, so it had to be me.

I guess the question at this time is simple: How do I find out if anyone has reported anything recently about us? I just came to the site to try and do a search for offending domain names. Wasn't able to find it.

1. That was not spamcop and I see lots of misinformation over there.

2. The "loyal members" did not complain the you had spammed them. They informed your provider that your link was found in a spam that they received (you even confirm this). SpamCop does not inform any other blocklists, for spamvertized sites, it would contact anyone who has requested information about that IP address.

3. As I said earlier, it sounds like your provider did not pay attention to the actual message sent, thought they were being added to a blocklist and caused you some issues. They are expected to investigate to see if you are in fact behind the messages (even if sent from other sources).

4. I would like to see the contact you made with spamcop to get your web site removed from their list. I doubt that happened since as we have said (and was said over there at the time) SpamCop does not list web sites.

5. Likely what happened is that Interland's email servers were listed for spamming (not your "JoeJob").

[Wazoo]

I guess the question at this time is simple: How do I find out if anyone has reported anything recently about us?

And I'm wondering how to get a straight answer from you.

I just came to the site to try and do a search for offending domain names. Wasn't able to find it.

Just doing that would not have required going through the Registration process. Yet, you did that so you could post .. and then you have either made some misleading statements in your posts or you are simply refusing to answer specific questions. Which is it?

Your Google search results don't have anything to do with any previous interaction with this Forum. Your off-site traffic that includes statements such as "someone from SpamCop" sure doesn't explain much either. Even the actions you suggest as being taken by "someone from SpamCop" don't ring as valid.

[Miss Betsy]

The reason you cannot find information on offending domain names is because spamcop operates entirely on IP addresses.

Spamcop reporters get unsolicited email and send it to spamcop. The spamcop software parser determines where the reports should go. The source - the IP address that sent the email - is added to a blocklist algorithym. It takes more than one report to list an IP address. The abuse address listed publicly is also sent a report - in case they care that spam is coming from their network. In addition, the abuse addresses of the websites advertised in the unsolicited email are sent a report. Both are reports - the email is attached so that the abuse personnel can see what it is. No action is demanded. It is FYI, only. Of course, the source IP can be listed on the spamcop blocklist that is used by many server admins to filter spam. But, there is no spamcop blocklist for websites advertised in the spam email.

However, many ISPs do not want to be contributing to the spam problem even if it is not mail servers under their control that are sending spam, but only the websites under their control that are advertising via spam.

Some, apparently, do not investigate further, but take action based on spamcop reports. Others do try to see what the situation is before they take action.

Your vagueness about this situation and failure to use terms properly means that you either are completely ignorant of how email works and what blocklists are and how they filter for spam or that you really were sending unsolicited email about your website - probably by hiring a spammer to advertise for you. Not that you necessarily intended to spam people, but didn't read the fine print when you hired them. The fact that you ended up on numerous lists shows that the spam containing your website continued for quite some time - something that would not have happened if you had heeded the first spamcop report and that means whether you were innocent or guilty. You would have known how to fix it either way.

Spamcop is all automatic - when the spam stops, the listing stops. No list of spamvertised sites is kept so if no spam is sent to the spamcop parser, no reports go out. As you found out, that is not true of other blocklists.

Don't believe Mr. Nghanda about his fortune that he wants to share with you either.

Miss Betsy

[turetzsr]

<spam>

Basically some of your loyal members

<snip>

...Not mine; not ours. The only participant here to which the phrase "your members" can be properly directed is SpamCop employee SpamCopAdmin aka Don D'Minion. Everyone else here, including our Forum Administrator, Wazoo, is a volunteer SpamCop user and/or, like you, a party interested in anti-spam efforts. I guess you did not realize this because you missed the note on the page where you post your messages:

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)