[Scspamcop] Re: Previously appealed and still getting spam

Mike Easter MikeE at ster.invalid
Thu Aug 2 08:42:57 EDT 2007 

Scott Grayban wrote:
>
http://www.spamcop.net/sc?id=z1378469297zb97936b0052c9f34103fddd147b41a74z

This is a spam item characterized by bogosity, ie untruths, lies, and
abuse -- which we determine first by the header.

  Abbreviated Received lines *comment
  from 76.201.184.193 (adsl-76-201-184-193.dsl.milwwi.sbcglobal.net) by
mx.google.com *source much listed abused dynamic proxified user
  from 44.93.88.125 by  *noncompliant bogusline

It is sourced from a known open proxy multilisted in such places as
spamcop and CBL also quite a number of others, more than average for a
proxysource.  That's abuse, typically associated with spamgang
injection.  It contains a bogus Received traceline.  That's 'against the
law' of canspam in the US, meaning that many direct marketing spammers
wouldn't do it.  That is a significant untruth/lie.  The headers are
also characterized by having 'hostwebdat' as the username in the From &
Reply-To.

The body contains very little, but one lie, the html link sez
http://www.hostweb.com but it conceals that it is going to
click.absoluteagency.com with an affiliate id#.  absoluteagency is at
the .lt Lithuanian block DKD which is a relatively small provider with 3
blocks, a /26 or 64 IPs, a /29 or 8 IPs, and a /22 or 4 class Cs of 256
IPs.  That makes the provider 'small potatoes' anywhere except perhaps
.lt

The IP isn't listed anywhere indicating unresponsiveness, such as
spamhaus or apews, and checking on the .lt providers at spamhaus shows
that DKD doesn't have any listings there -- so we'll say the provider is
'unknown' - not known to be an unresponsive provider for spamvertisers.

> ISP believes this issue is resolved

> ISP has already taken action against the account:

Now we get to the business about spamcop notifying providers and
spamcop's relationship with providers and reporters.

The notification of spamvertiser providers by spamcop is a 'courtesy' to
the provider, because spamcop makes no blocklist based on spamvertisers,
only on spamsources.  That means that from SC's perspective, the only
reason for notifying the spamvertiser provider is if the provider wants
to know that information so that the provider can do something about it.
SC tells the provider that if they don't want to hear about spam
reports, they don't have to.

Help for abuse-desks and administrators :
http://www.spamcop.net/fom-serve/cache/92.html  You are mailbombing me!
How can I make it stop? - a way to refuse or accept each type of report
individually

That is, if a provider doesn't want to be getting all of this mail from
SC, the provider can just 'turn it off' at SC rather than turning it off
at their own mailbox.  When the provider turns it off, they have to give
some kind of reason, such as they've taken action or it is resolved or
whatever.  It just means they don't want to hear about it, it doesn't
mean the account is dead.

There is no purpose in notifying a provider about something which the
provider doesn't want to hear about.  SC reporters don't seem to
understand that.  SC understands that, so SC has to maintain a
relationship with its reporters while being sensible about not being
'abusive' toward providers who don't want the SC mail about an issue.

So, SC allows the provider to refuse the notifies and SC 'causes' the
provider to say something about why.  SC reporters who are paid have a
tendency to 'insist' that SC notify even if the provider doesn't want to
hear it.  That is called an 'appeal' (to notify anyway) so when SC sez
the issue has been appealed, that's what it means.  There is no sense in
notifying providers who don't want to hear the notify.

The link still goes to a dating service website calling itself
AbsoluteAgency.


-- 
Mike Easter
kibitzer, not SC admin

More information about the SCspamcop mailing list