♦ REFRESH to rotate MAAMAW'S CLICKY NOTES thru this space..... Timely Tips, Best of the Boards & More ♦

You'll find great information in this "Read Only" Archive, but remember..... things change.
Be sure to visit the Current Message Board when you're finished here.

We're very friendly, so don't be shy... just jump right in and post your question.
Scams outnumber legitimate biz ops about a bzillion to one, so it's well worth your time.

\| View Thread \| Return to Index \| Read Prev Msg \| Read Next Msg \|

FIB - Scams 101 - Ye Olde Archives

Re: reporting spammer to their host??

Posted By: The Roadie <wcarton@flash.net>
Monday, 28 February 2005, at 7:24 a.m.

In Response To: reporting spammer to their host?? (Kim)

> My question is - to Roadie or anyone else - is how do I know who the isp
> is for someone? I have been getting emails from www.bestlenderz4u.com for
> the last couple of weeks - they appear to have gotten ahold of road
> runners email list and are clueless enough to have an entire list of
> emails addresses in the to part of the email - there are about 20 email
> addresses all starting with K in the latest from them.

The spammers have discovered that a lot of their crap was being filtered by a simple rule that too many addresses in the BCC list means it's spam. So some of them started using the CC list, which allows victims to see the addresses of the other spam victims. This normally isn't a problem except there are viruses that scan the INBOX of any infected computer, looking for addresses. Now yours appears in a place where the virus can pick it up and send itself to you. If you aren't already running good AV software you certainly need to now.

Anyway, you probably know that the "from" field in an email is almost NEVER where the spammer is sending it from - it's trivially forged. The real way to annoy spammers is to go after their payload sites, in the body of the email.

Tracing spammers back to the sources and reporting them to their home ISP is difficult work except for absolute newbie idiot spammers who use their own connection. The top 200 professionals (http://www.spamhaus.org/rokso/index.lasso) use bribed connections from China or Brazil to get their stuff out, or else they use a network of virus-infected cable modem clients in the US as anonymous spam engines. You can use SpamCop to trace these back to the source, and complain to the originating ISP but that's almost a losing proposition. Most bulletproof spam source ISPs KNOW they're providing connectivity to spammers, and they simply ignore complaints because you have no stick to beat them with and the spammer's paying good money.

But for the curious, you can visit http://www.spamcop.net/ and use their services to trace headers.

To trace the spammer's body URLs, you need to use tools like Sam Spade to check the whois (which you are already doing) and then find their IP location to see who their host is.

In this case, the spammer's domain is hosted at IP 218.30.123.56. Take that IP, and go to the nice site http://www.openrbl.org/ and plug it in. The response will tell you where the IP is in the world (ChinaNet) and how many blacklists it's already on (7). If you follow the link to this IPs SpamHaus listing (http://www.spamhaus.org/SBL/sbl.lasso?query=SBL23610) you will see it's a domain hosted with 326 (!) other spamvertised domains on a box under control of Alan Ralsky, one of the world's biggest spammers.

http://www.spamhaus.org/rokso/listing.lasso?-op=cn&spammer=Alan%20Ralsky

There is a chance for a new anti-spam law in China in the next few weeks, and then the administrators of that network might actually boot the spammers instead of taking their bribes and looking the other way, but until then, there is absolutely NOTHING we can do from the trenches. It is being worked on, is about all I can say.

http://www.spamhaus.org/news.lasso?article=153

> I looked them up and their contact information for the domain is
> completely bogus when I checked last week - but cannot get info returned
> today - not sure what if anything that means. If I remember correctly it
> was registered with godaddy - but again can't get any info right now to
> confirm.

I'll check back later as well, but there is a bug at the highest-level domain registry at the moment, the one that redirects inquiries to WHICH of the retail registries like GoDaddy has a domain's details. Since the domain resolves (meaning you can go there with a browser) the domain is not totally dead - just the whois lookup.

> Anyway - I have decided to do my part and to start reporting these people
> to their isp's - just need to know how to check. Have a couple more to
> report as well.

I recommend starting by reading all you can at the SpamCop site, and also a few hours of reading at http://spam.abuse.net/

Thanks for joining the war!

Messages in This Thread

Have you read MAAMAW'S CLICKY NOTES today?
Excuse me... You MISSED them??
At the top o' the page in the blue bars (sheesh!).

reporting spammer to their host?? (views: 853)
Kim -- Monday, 28 February 2005, at 6:24 a.m.
- Re: reporting spammer to their host?? (views: 686)
  The Roadie -- Monday, 28 February 2005, at 7:24 a.m.
- They're using Joker, the spammer's friend, for a registrar (views: 720)
  The Roadie -- Monday, 28 February 2005, at 10:22 a.m.
  - Re: They're using Joker, the spammer's friend, for a registrar (views: 676)
    Kim -- Monday, 28 February 2005, at 3:58 p.m.

\| View Thread \| Return to Index \| Read Prev Msg \| Read Next Msg \|

FIB - Scams 101 - Ye Olde Archives is maintained with WebBBS 3.11.

NOTICE TO SCUMBEEZLES
(you know who you are... you scream "Foul!" when the truth comes out)

        PLEASE READ THIS LEGAL NOTICE CAREFULLY BEFORE YOU FILE A LAWSUIT OR EVEN WASTE TIME THINKING ABOUT IT. It has been done before, but never successfully. In fact, the last dodobird who tried it ended up being ordered to pay more than $77,000 in attorney fees ($65,000+ to my attorneys and $12,000+ to my co-defendant's legal advisor).
        If your attorney is worth his salt, he's going to tell you that the expense of filing a lawsuit you can't win is a whole lot worse than any "damages" resulting from messages posted on this insignificant little chunk of cyberspace.
        NEWS FLASH: I didn't just climb down off that ol' turnip truck yesterday. I'm well aware that expressing a negative opinion, relating one's personal experience, and restating provable facts are all legal in this country and do not constitute libel, slander, or defamation -- so you don't want to play games with me, and you sure don't want to start something you aren't prepared to finish. I don't take threats lightly, and I don't accept bribes (or did you call it a "mutually-beneficial arrangement"?). I'll turn you in faster than you can yell, "ARREST ME, I'M SCUM!!"
        Do yourself a favor and turn your legal team loose in greener pastures.
        Although we may, from time to time, monitor or review discussions, postings and the like on the Friends In Business (Scams 101) Message Board, we are under no obligation to do so. We are not responsible or liable for any claim arising from the content of any such discussions or postings or for any error, defamation, libel, slander, omission, falsehood, obscenity, pornography, profanity, danger, or inaccuracy contained in any information contained within such locations on the Site.
        You are prohibited from posting or transmitting any unlawful, threatening, libelous, defamatory, obscene, scandalous, inflammatory, pornographic, or profane materials or any material that could constitute or encourage conduct that would be considered a criminal offense, give rise to civil liability, or otherwise violate any law. You are likewise prohibited from posting any false claims against any company or individual. We will fully cooperate with any law enforcement authorities or court order requesting or directing us to disclose the identity of anyone posting any such information or materials.
        By posting messages and/or content on the Friends In Business (Scams 101) Message Board, you give permission for Lesley Fountain/Friends In Business/Shoestring Success Publications to display, distribute and use the posting and content for publication, advertising, promotion, excerption or example. You grant Lesley Fountain/Friends In Business/Shoestring Success Publications complete, perpetual, but non-exclusive rights to use, archive, reproduce, adapt, modify, distribute, sub-license, repurpose, rework, compile, or offer for sale or resale the messages, postings or content appearing on this site in whole or in part, throughout the world and universe, on a royalty-free basis without remuneration. If you cannot accept or agree with the terms of service for this website and discussion board, you are advised not to post on this board.
        In closing, I would like to remind you once again that it is still legal, in this great country of ours, to express a PERSONAL OPINION, as long as it is presented as opinion and not as fact.
        And finally, all you scammers out there will do well to remember that TRUTH IS AN ABSOLUTE DEFENSE against charges of libel, defamation, and slander... so if you're operating just a hop, skip, and jump ahead of the law, you might want to think twice before doing anything stupid... (AND SHAME ON YOU!!).