![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SC-Help] Re: Hijacked Account
Glenn Daniels
nobody at devnull.spamcop.net
Sun Aug 22 12:39:33 EDT 2004
"Mike Easter" wrote in message
> redwolfe_98 wrote:
> > can someone who
> > understands headers possibly help my to determine where the spam
> > originated so i can report the spammer? here is info from the headers
> > from the spam that was bounced:
>
> I don't much like to look at partial headers, because the business of
> deciding what to post and what to leave out by the person who doesn't
> know how to read the headers might not have been done correctly.
> However, I can comment on an IP.
>
> > i am thinking that it looks like it is from "66.141.66.213"..?
>
> It's possible a spam with headers like those posted could be sourced at
> 66.141.66.213 rDNS adsl-66-141-66-213.dsl.okcyok.swbell.net from
>
> whois -h whois.arin.net 66.141.66.213 ...
> SBC Internet Services - Southwest 66.136.0.0 - 66.143.255.255
> abuse at swbell.net
> PPPoX Pool Rback3.okcyok 66.141.64.0 - 66.141.67.255
> abuse at swbell.net
>
> which looks like a dynamic adsl user IP in Oklahoma City or thereabouts.
>
> It is listed in numerous spam databases, including spamcop and dynamic
> blockrange lists, as well as lists of insecure or trojan IPs, one of
> which defines the particular insecurity that is abusable to inject smtp,
> which shows the abusable port to be 15082 and the protocols http put and
> connect and socks 4.
>
> It is appropriate to notify the swbell about the insecurity. Some people
> also notify the zapata provider who 'bounced' [ie sent a newmail to a
> bogus From] if they can write a nice letter that explains in a convincing
> fashion how the belated spam bouncemailing [and/or virm bouncemailing] is
> misconfigured and abusive mail handling.
>
I agree in spirit with your findings and your conclusions. OTOH, those
responsible for the sourcing and the bouncing are not accountable to
me and I should think they have already made their positions clear
enough. My ISP, however, owes it to the whole of its worldwide
userbase to block the abuses. My handing them my "package" and
allowing them to "break it down", I wield a much larger mallet than
I would as a David with a sling against a Goliath as swbell. If admin
for myISP has a kind word with admin for swbell, I believe an
amicable outcome is more likely. Later when the shoe moves to
the other foot, a favor is to be payed back in advance for the next.
I am loath to think the admins don't know how the game is to
be played. My action, if any, is simply throwing a flag on a bad
play.
The finding of valid email addresses in the "From:" block on a
spamitem to me suggests that the spam sourcer is a robot lacking
the capacity to form a criminal intent. If swbell chooses to serve
said robot, at least they should be alerted that is malfunctioning
and may need servicing. ;). Barring a more favorable outcome,
myISP may yet owe its userbase protection from the zombies
and brain dead spam bouncers (yes, been there, done that applies).
I am unable to reconcile the the picture completely. I fear most
victims of spamabuse "see" what my wife sees. She sees only
a problem that is too much in her face. People use cars without
needing to be able to repair them. She wants to believe she
should be able to use email without struggling with the mechanism.
She calls on me to fix the problem, but the mechanism is clearly
broken well beyond the reach of any individual. Through
collaboration and judicious use of resources not always
immediately apparent, corrections may be rendered even
without grasping the entire scope of the mechanism.
Personally the generally accepted approach of doing nothing
and waiting for it to pass, does not pass muster. I prefer
to seek out creative solutions, and asking my ISP to find
a creative solution by proxy, has value for a much larger
purpose. Ultimately, the responsibility for the malfunction in
the mechanism is exposed and remedied. I do not hold
my provider responsible for the problem, but surely a
patch can be applied until the mechanism is repaired. If the
broken robot is in fact anyone's responsibility, that party
might well need to pull the plug until repairs have been
effected. But I am about as excited over a broken robot
as I get when my car won't start. It simply is not a
mechanism with the capacity to form a malicious intent
unless, of course, the car's name is "Christine". =^..^=
Have a Most Excellent day! ;-)
Glenn
More information about the SpamCop-Help
mailing list