![[SpamCop.net - protecting the internet through technology]](http://news.spamcop.net/newlogo.jpg)
[SpamCop-List]
Re: THOUSANDS copies of: Construction-Report.Com , Subscribe,
Advertise or Work from Home?
Philippe Verdy (n.o-s.p.a.m+abuse)
verdy_p at wanadoo.fr
Tue Dec 27 20:14:36 EST 2005
"Mike Easter" <MikeE at ster.invalid> a écrit dans le message de news:
doq35u$m98$1 at news.spamcop.net...
> Philippe Verdy wrote:
>> Tracking URL:
> www.spamcop.net/sc?id=z847344570z70746c60e7171004fc80b6d4e736aa7fz
>
>> The problem:
>> I get about 2 or 3 copies per minute, and it is still notdetected by
>> my antispamfilter, so it fills megabytes in my mailbox. I came back
>> this evening from 2-day holiday, and saw one of my mailbox filled by
>> several THOUSANDS copies of this spam, starting at the christmas eve.
>
> My provider's spamfilter has options which include my being able to
> blacklist a From address or domainname and that puts those items into a
> Spam folder for autodeletion [if so configured] and/or in any case the
> spamfolder contents don't count against my mailbox size limitations.
Yesthe list of spamvertized domains is constant, but not the "from". What I
did was to add a filter on the subject line. This still continues.
However, my ISP just puts the spams in the "undesirable mails" IMAP folder
(which is not read through POP3, but managed through the webmail interface).
But there's no option to automatically delete some messages (I have the
option to drop spams, but this affects all undesirable messages, and I
prefer being able to review them; undesirable messages are dropped
automatically after 1 week, too slow for this spam).
Unfortunately, the space used by this folder is taken as part of the maximum
volume, so I still need to clean this folder manually, so this does not
prevent my mailbox of becoming full after 2 days only . The solution I took
was to forward allemailsexcept spams to another secret mailbox.
> It appears that these all have a Construction-Report.Com From or rather
> construction-report.com
Yes but in the HTML part of the body. I don't use filters on message
content, as they only work on the text-only part, and it is VERY unreliable
on HTML.
> Otherwise you have to enlist the aid of your mail provider to prevent
> mailbox full problems.
20MB per mailboxis my maximum, there's no option to get a larger mailbox.
What I did was to request assistance so that this spam would be detected
specially and deleted before reaching my mailbox (i.e. not put into my
undesirable folder). I reallycan't understand why spammers use such stupid
bots that will enlist my email address into hundreds of open-relays that
will all send a copy of the same spam in parallel every hour.
Only some of the open-relays are listed as such in various RBLs. (they are
probably running spambots, and there are at least two types of bots, because
the spam whose visible text is identifical, has two encoding forms to
specify the list of sites in the HTML part). It looks like there's a spambot
that not only receives a list of email addresses to spam and the text ofthe
message,but also a dynamic list of target URLs toinsert in the message body.
I have no idea if the web sites are real. You suggest this is a joe job, but
then why some of them resolve to hosts with dynamic IPs that change every
few minutes? I do think this is effectively alist of malicious websites
installed by spammers to steal the identities or personnal info of people.
More information about the SpamCop-List
mailing list