![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: Subject: Want to make EASY Money? TeamAaronShara will show you
how!
Philippe Verdy (n.o-s.p.a.m+abuse)
verdy_p at wanadoo.fr
Sun Dec 4 02:40:57 EST 2005
"Geoffrey Hyde" <g.hyde at bigpond.net.au> a écrit dans le message de news:
dmtgj3$87e$2 at news.spamcop.net...
> Are you saying that your ISP can't/won't stop address bounce errors?? If
> so, perhaps you should explain the problem to them, if you can get ahold
> of a reasonably intelligent real-life tech support guy at the other end of
> the phone support number.
There's no bounce error. These are real spams sent directly from known open
relays.
> If not, you need to find out where the infected PC that is sending the
> spam is located, and have them and their service provider notified so that
> they can shut off spammy's flow. Much of which has been described in
> various ways here.
Not needed. I let Spamcop determine the source itself and report spams
correctly to the appropriate abuse desks. Regarding this spam, all the
Spamcop-generated reports seem to go to spamcop at imaphost.com (in addition to
another ISP). This looks like imaphost.com is acting as a relay for the
infected PCs that are running zomby viral spamwares, and imaphost.com
currently does not close the relay authorization from its customers.
> If you are finding that the problem is your ISP doesn't seem sympathetic
> or is clueless, I'd recommend switching to one who is not as clueless.
There's no problem at my ISP. The problem is at the source network that is
hosting the open-relays, apparently all of them being related to
imaphost.com (that's not my ISP).
The effective propagation is:
- spammer sends instructions and posts lists of emails to some IRC server,
where the zombies can discover themselves andact as a large spamming
network.
- infected PCs are listening for instructions from this IRC server, and they
download lists of emails addresses to send spam to
- the infected PCs (that are acting as open-relays) are sending a copy of
the spam email to their current email provider (imaphost.com)
- imaphost.com relays those spams, because it currently trusts these sources
that appear to be among their subscribed customers
- imaphost.com relays the spam to my ISP that accepts it because it
currently trusts (doesnot block) imaphost.com
- these spams fill my mailbox despite I have subscribed (and paid) an
antispam option that should direct them to another folder with limited
capacity.
- I have informed my ISP that its antispam filter is currently not blocking
those spams as it should; I am waiting for them to update their filter)
- for now I need to setup my own personal blocking list on top of my ISP's
filter.
More information about the SpamCop-List
mailing list