OT Mailing List Spam
This might be slightly off-topic but as the source of spam is probably a spammer getting emails from this list, I reported him and his service provider should cut off his/her ugly head. I got an email of the classic 419 scam from a "El Amir Assadallah" rdjir001@eircom.net.
This has just come if from the abuse department :-
Dear Vandaman,
Thank you for your recent email to Technical Support.
We have contacted our customer and hope to have this issue resolved within 72 hours. If you receive any further mails of this nature after the 72 hour time period has elapsed, please forward the headers.
Kind Regards,
eircom net Residential Technical Support.
So report the damn spammers and get them kicked off.
Regards, Vandaman
vandaman2002-rt@yahoo.co.uk wrote:
OT Mailing List Spam
This might be slightly off-topic but as the source of spam is probably a spammer getting emails from this list, I reported him and his service provider should cut off his/her ugly head. I got an email of the classic 419 scam from a "El Amir ....
except, 99% of spam has forged FROM addresses, often an innocent address randomly picked from the same lists being used to send the spam TOO.
95% of the spam is sent from hacked/infected servers acting as relays, so complaining to the owner of the IP space the spam originated in doesn't actually catch the real spammers either, although it may help fix the hacked box, there's bazillions more.
This might be slightly off-topic but as the source of spam
is probably
a spammer getting emails from this list, I reported him and his service provider should cut off his/her ugly head. I got an
except, 99% of spam has forged FROM addresses, often an innocent address randomly picked from the same lists being used to send the spam TOO.
95% of the spam is sent from hacked/infected servers acting as relays, so complaining to the owner of the IP space the spam originated in doesn't actually catch the real spammers either, although it may help fix the hacked box, there's bazillions more.
This list does not publish the actual mails in the archive does it?
On Thu, Oct 2, 2008 at 11:23 AM, Bob Hoffman bob@bobhoffman.com wrote:
This list does not publish the actual mails in the archive does it?
Apparently you have not looked there? Yes, it does. That's what archives are for - historical records and information. It's a goldmine if you can remember how to look something up....
mhr
Apparently you have not looked there? Yes, it does. That's what archives are for - historical records and information. It's a goldmine if you can remember how to look something up....
mhr
Yes I have, just never looked at anything other than what I was reading. Great.. Guess best thing to do is get a gmail account to use with mailing lists to lower spam scanners on your main email..
Sigh..too late for this one...lol
You would think the program they use to present the information would obscure that mail address. Really no reason to show it forever is it?
Bob Hoffman wrote:
Great.. Guess best thing to do is get a gmail account to use with mailing lists to lower spam scanners on your main email..
Sigh..too late for this one...lol
Gmail? Yahoomail is just fine too. I use the addressguard and have disposable addresses, so my main email is safe. Once spam starts coming in, I cut-off that disposable and grow another one. 100% zero tolerance is operated, any spam and its reported.
If you want your main emails to have less spam, never use them on mailing lists, forums etc use Yahoo/Gmail etc When they get spammed cut them off and get another free email account.
Regards, Vandaman.
John R Pierce wrote:
except, 99% of spam has forged FROM addresses, often an innocent address randomly picked from the same lists being used to send the spam TOO.
95% of the spam is sent from hacked/infected servers acting as relays, so complaining to the owner of the IP space the spam originated in doesn't actually catch the real spammers either, although it may help fix the hacked box, there's bazillions more.
This isn't a hacked box. A quick look on google for 419 scams from eircom shows a lot of spam originating from their network. If more and more people reported then the ISP will be forced to take action.
When reporting spam to hotmail, they do come and say some headers are forged but others are legit. In this instance it looks as if a legit eircom customer is abusing the service.
Regards, Vandaman.
John R Pierce a écrit :
except, 99% of spam has forged FROM addresses,
Yeah, but at least one sender IP that can't be forged. Run jwhois on that, which usually gives you an abuse@provider adress, and then simply forward them the spam. Normal providers hate hosting spammers. Unless, of course, it's one of those phantom PC farms constitued of 50.000 infested Windows PC's.
Cheers,
Niki Kovacs
At 03:13 PM 10/2/2008, you wrote:
John R Pierce a écrit :
except, 99% of spam has forged FROM addresses,
Yeah, but at least one sender IP that can't be forged. Run jwhois on that, which usually gives you an abuse@provider adress, and then simply forward them the spam. Normal providers hate hosting spammers. Unless, of course, it's one of those phantom PC farms constitued of 50.000 infested Windows PC's.
As it was, the original poster of the thread did not post his email headers, so we are just taking his word for it that it came from eircom.net. However, emailing their abuse@eircom.net now gets an auto-response that they will not accept reports via email, but you must now fill in a web form to report. <rant> In which case I notified them that I considered that RFC-Ignorant behavior and that each and every offending IP would be included in my local DNSBL. </rant> Problem solved!
Cheers!
On Thu, Oct 2, 2008 at 12:33 PM, Glenn centos@1bigadmin.biz wrote:
As it was, the original poster of the thread did not post his email headers, so we are just taking his word for it that it came from eircom.net. However, emailing their abuse@eircom.net now gets an auto-response that they will not accept reports via email, but you must now fill in a web form to report.
<rant> In which case I notified them that I considered that RFC-Ignorant behavior and that each and every offending IP would be included in my local DNSBL. </rant>
Sounds like they have a serious problem with spam from their users, they know it, but they don't know how to deal with it (or don't care), in which case (either way) they deserve to be blacklisted. That kind of "support" we can do without.
mhr
MHR wrote
Sounds like they have a serious problem with spam from their users, they know it, but they don't know how to deal with it (or don't care), in which case (either way) they deserve to be blacklisted. That kind of "support" we can do without.
1. Go to the eircom page or type abuse at eircom in google to get the web form. The form looks like it goes direct to their tech support, they responded very fast. 2. As the scam lists a hotmail.fr address as the contact, forward it to abuse at hotmail. hotmail do not like such scams run from their accounts. 3. A look on google showed some guy named Cole running a similar scam from a residential account in Glasgow. Once his ISP is on him and the local police notified, his days are numbered.
Bottomline - report the MOFOS.
Regards, Vandaman.
On Oct 2, 2008, at 3:17 PM, Vandaman wrote:
- Go to the eircom page or type abuse at eircom in google to get
the web form. The form looks like it goes direct to their tech support, they responded very fast.
Yes, but the trend is for the big ISPs to use ARF, which sort of defeats the idea of humans filling out forms. http://mipassoc.org/arf/index.html
Anyone know of a tool that will take an spam message with headers and spit out an ARF formatted message? I've found MIME::ARF but haven't had time to go back and re-learn the tiny bit of Perl I knew to make it more useful.
--Chris
On Thu, Oct 2, 2008 at 8:21 PM, Chris Boyd cboyd@gizmopartners.com wrote:
On Oct 2, 2008, at 3:17 PM, Vandaman wrote:
- Go to the eircom page or type abuse at eircom in google to get the web
form. The form looks like it goes direct to their tech support, they responded very fast.
Yes, but the trend is for the big ISPs to use ARF, which sort of defeats the idea of humans filling out forms.
This is getting WAY off topic, but:
ARF is really meant to be a format for ISPs to report abuse to one another. For example, when an AOLer clicks the "Report Spam" button, AOL pastes up an ARF format message and sends it to the entity who controls the IP address from which AOL received the original message. This only works if that entity has registered an email address with AOL's "feedback loop" service.
ARF is not intended for use by end users making spam complaints to abuse desks.
on 10-2-2008 12:54 PM MHR spake the following:
On Thu, Oct 2, 2008 at 12:33 PM, Glenn centos-pz1itigPBUykqlQVS2g5fQ@public.gmane.org wrote:
As it was, the original poster of the thread did not post his email headers, so we are just taking his word for it that it came from eircom.net. However, emailing their abuse@eircom.net now gets an auto-response that they will not accept reports via email, but you must now fill in a web form to report.
<rant> In which case I notified them that I considered that RFC-Ignorant behavior and that each and every offending IP would be included in my local DNSBL. </rant>
Sounds like they have a serious problem with spam from their users, they know it, but they don't know how to deal with it (or don't care), in which case (either way) they deserve to be blacklisted. That kind of "support" we can do without.
mhr
Some ISP's are so heavy with spammers that if they cut them off, they would not have enough customers left to stay in business. That is their own fault for letting it get out of hand to begin with!
-
Bart Schaefer -
Bob Hoffman -
Chris Boyd -
Glenn -
John R Pierce -
MHR -
Niki Kovacs -
Ralph Angenendt -
Scott Silva -
Vandaman -
vandaman2002-rt@yahoo.co.uk