[SpamCop-List] Re: New redirection being missed

[spamcop]

On 8/25/05 5:29 PM, in article deld7n$h1g$1 at news.spamcop.net, "Mike Easter"
<MikeE at ster.invalid> wrote:

> spamcop wrote:
>> re:
> www.spamcop.net/sc?id=z799795680zfd932e80c17ef092c8910059335aa70az
>> 
>> Sc misses decoding the redirection:
> 
> That's true, but....
> 
> ... in a way, it doesn't really matter.
> 
>> 
> http://www.appearancessalon.com/oscommerce/redirect.php?action=url&goto=www.
>> nfycb.moonboard.info/?a507f1835f69f3G5c4c2Fe3cbc6df6b8
> 
> www.nfycb.moonboard.info resolves to 211.147.228.100 no rDNS
> 
> That IP is listed in numerous blocklists, including spamhaus as the /24
> of the ROKSO [known spamgang] Michael Lindsay, iMedia
> 
> The provider gzidc.com who would get notified if the redirector were
> handled has 5 different netblocks spamhaus listed including 2 different
> ROKSOs, the one above and Leo Kuvayev / BadCow
> 
> In addition to the spamhaus problems, the IP is also spewed as S3056 in
> the Global Media section.
> 
> Looking at a spews listing tells you a lot about the non-responsiveness
> of the provider
> 
> 1, 211.147.224.95, myvirtualusa.com
> 1, 211.147.224.0 - 211.147.255.255, myvirtualusa.com (World Crossing
> Telecom(GuangZhou) Ltd.)
> 1, 211.147.214.0 - 211.147.255.255, cnnic.net.cn (myvirtualusa.com
> (World Crossing Telecom(GuangZhou) Ltd.))
> 
> That shows that the IP in question became spews listed because the
> provider for a single IP was so unresponsive that spews first expanded
> the /32 listing to a /19, a huge leap to over 8000 IPs or a /19, and
> then to include 10 more /24s after that, over 10000 IPs.
> 
> The meaning of which is that the provider is unresponsive even to spews
> and spamhaus listings.  I'm sure they don't even look at spamcop reports
> of spamvertisers, which are completely toothless.
> 
> Spamcop notifying that provider is a complete waste of time.
> 
> 

Nevertheless SC not correctly decoding the URL is a bug and the correct url
will never show up in SC's url list.

Tom