Spam from my domain !

[Agile]

For several weeks I have been getting returned mail from email addresses as a result of someone using our domain name to send spam.

Its only 5-10 a day so not too troublesome to just delete them.

However, today I received TWO spams sent to ME but FROM our own domain!

I have checked and the host server is well known for sending spam.

Presumably there is absolutely nothing I can do about this as its located in a third world country. Not identified fully but probably in South America.

Its such a pity the world has not been able to get together to sort this problem out!

If I park on a yellow line then I get a ticket! If somebody sends me spam there is nothing anybody in the world wants to do about it. Why?

Tony

 

[Softus]

See www.abuse.net

It's a labour intensive cure, but a very effective one.

 

[Agile]

I have had a look at that softus but cannot see how that can help.

The domain the spam is sent from ( sexlino.com ) is already well listed on the internet as hosting multiple spammers.

I can only conclude that they enjoy hosting spammers because that enhances their income and being located in South America (?) their local infrastructure is not concerned.

You can see them in a LONG list of spamming ISPs at:-

http://www.joewein.de/sw/blacklist.htm

Now one of the listed spamming domains is hsbcbankplclondon.com look at that carefully and you will see that a seriously criminal fraud attempt is still there and NO EFFORT is being made by any Police action to stop it!

Tony

 

[Softus]

I sympathise with your plight Agile, because Spam is such a tangible nuisance but with intangible perpetrators.

However, I don't agree with any of your conclusions.

For example, AFAICT sexlino.com is a domain, not a host, and the IP address for that domain is allocated to an ISP in Hong Kong, not South America.

The ISP for sexlino is called "New World Telecommunications Limited", so you should join abuse.net and copy (with full headers) the spam Email that you've received to "[email protected]". I use the abuse.net service for a lot of customers and it consistently yields results.

Regarding "hsbcbankplclondon.com", this appears to be hosted by an organisation called "InterNap Network Operations Center", who publish an Email address for dealing with Internet abuse, which is "[email protected]". You should copy your spam to this address and also to "[email protected]".

The thing that you call a "seriously criminal fraud attempt" is what I could call a very weak and transparent fraud attempt. You'd have to pass through seven shades of stupid to be caught out by that web site, and I can't find any indication on the Interwebby that people are being taken in by it.

 

[Agile]

Yes, I am sorry, I did not use the right terminology.

The spam may actually comes from a different mailing address than sexlino but points you to the sexlino.com address to get you to buy their products although perhaps all you do is send money and never actually receive anything.

However, my info on sexlino.com seems to be different to yours.

Domain Name: SEXLINO.COM
Registrar: ENOM, INC.
Whois Server: whois.enom.com
Referral URL: http://www.enom.com
Name Server: NS1.FRYCHICKENPHARM.COM
Name Server: NS2.FRYCHICKENPHARM.COM
Status: clientTransferProhibited
Updated Date: 28-feb-2007
Creation Date: 28-feb-2007
Expiration Date: 28-feb-2008

AboutUs: sexlino.com

Registration Service Provided By: NameCheap.com
Contact: [email protected]

Domain name: sexlino.com

Registrant Contact:
Kelly Jing Saladas Ltd
Falsia Bruno ([email protected])
+55.4130267732
Fax: +55.4130267732
La Cumbia, 94
Curitiba, PR 85331
BR

All those details put into a search engine come up with pages about their scamming activities.

I am sure that if others with more time to spend than I do cannot get it closed then I will not succeed.

An interesting point is it comes to me as from sexlino.com.br although it seems to be the same as the plain .com address.

That chickenpharm seems involved with a lot of spamming too!

Tony

 

[Softus]

Yes, I am sorry, I did not use the right terminology.

No problem.

The spam may actually comes from a different mailing address than sexlino...

In that case you need to follow the abuse.net instructions, and forward (with full headers) those Emails to abuse.net.

...but points you to the sexlino.com address to get you to buy their products although perhaps all you do is send money and never actually receive anything.

This is incidental to the main problem.

However, my info on sexlino.com seems to be different to yours.

Domain Name: SEXLINO.COM
.
.
etc.

Forgive me for abbreviating the information you posted, but you've simply looked up the domain name registration for sexlino.com, not the company (or companies) responsible for hosting their Internet services. In any case sexlino is completely irrelevant if the Email is being sent from a different domain, and/or hosted by a different ISP.

All those details put into a search engine come up with pages about their scamming activities.

As my previous comment, putting these details into Google will achieve nothing.

I am sure that if others with more time to spend than I do cannot get it closed then I will not succeed.

I have no idea to whom you're referring, but the reason spammers are able to spam is because people don't report them. I've offered you a way of reporting the problem, but you seem to have decided that it won't make any difference. I've told that I use this service myself, and to good effect, but you don't seem interested in something that I've seen working.

An interesting point is it comes to me as from sexlino.com.br although it seems to be the same as the plain .com address.

That may be a spoofed domain name - you need to get at the underlying IP address.

That chickenpharm seems involved with a lot of spamming too!

Things are rarely as they appear - you need to ignore the shop front and checkout the tradesman's entrance.

Need I remind you of this?

If somebody sends me spam there is nothing anybody in the world wants to do about it. Why?

Because, like you, most people are reluctant to take any action whatsoever.

 

[Agile]

It seems to me that there is no international co-operation in dealing with spamming from the third world.

If the authorities in the UK are unable to stop tons of heroin from Afganistan getting into the UK each year with all the police and customs officials then I dont see much hope of anyone stopping spamming from anywhere when it comes along a wire.

The sexlino promotes its dogey business of porporting to sell fake branded watches by the use of spam mail. Thats enough for me to hate them when they do it from our domain.

I have taken little notice of the returned spam from our domain name until I started to receive it directed to me from our own domain! I will make a note of where it seems to come from in future.

Tony

 

[Softus]

It seems to me that there is no international co-operation in dealing with spamming from the third world.

I don't why you think what you're receiving comes from the "third world", and I don't why you think there ought to be any higher authority dealing with what is essentially a contractual infringement.

If the authorities in the UK are unable to stop tons of heroin from Afganistan getting into the UK each year with all the police and customs officials then I dont see much hope of anyone stopping spamming from anywhere when it comes along a wire.

I have not the first clue why you're drawing a parallel between illegal physical drug traffic and electronic mail spamming. They have about as much in common as copper tube and a yak's bladder.

The sexlino promotes its dogey business of porporting to sell fake branded watches by the use of spam mail. Thats enough for me to hate them when they do it from our domain.

Less hate, more action.

I have taken little notice of the returned spam from our domain name until I started to receive it directed to me from our own domain! I will make a note of where it seems to come from in future.

This is quite frustrating, but I'll try again...

There's no point whatsoever in you "making a note" of where the spam comes from. If you dilly-dally then the spammers will move to a different ISP. Follow the instructions that abuse.net will send you when you join, or that you can read on their web site. You don't even have to send it to abuse.net - you can send it directly to the hosting ISP.

If you do nothing then I question your right to criticise anyone else for doing nothing.

 

[Agile]

Had another returned today and the details are:-

From: Samuels M. Jacob <[email protected]>

To: [email protected]

Subj: snarl insanity
Sent: 2007-03-08 05:50

has encountered a delivery problem.


Reason: Spam SLS/RBL
The message was received from a host that is on a spam list.
Additional info:
The sending host is: c-66-30-217-199.hsd1.ma.comcast.net [66.30.217.199]

Even though the sending host is on a spam list and being blocked by some spam filters there are still on the web and active!

Tony

 

[stevesey]

Tony

Are you assuming that because the to address has been spoofed as [email protected] this mail has originated from you ISP or Hosting service? Not true, you need to look at the e-mail headers to see what servers it came from (view->options in Outlook).

If you look up the IP given you get.

Comcast Cable Communications Holdings Inc
OrgID: CCCH-3
Address: 1800 Bishops Gate Blvd
City: Mt Laurel
StateProv: NJ
PostalCode: 08054
Country: US
NetRange: 66.30.0.0 - 66.31.255.255
OrgAbuseHandle: NAPO-ARIN
OrgAbuseName: Network Abuse and Policy Observance
OrgAbusePhone: 1-856-317-7272
OrgAbuseEmail: [email protected]
OrgTechHandle: IC161-ARIN


My usual response to this sort of spam (or your e-mail contained a virus bounce) is to send a e-mail to the organisation to bouced it back to me telling them to sort their systems out. It's clearly a spoofed to address, their mail filtering software should be able to work this out so what is the point in ending a bounce back to a spoofed address - other than clogging up the net with more unnecessary mail and in fact by doing this they are guilty of spamming themselves.

No sure it does any good - but I feel better afterwards.

 

[Softus]

Had another returned today...

Of course you did - you'll keep on getting them until you do something about it.

Even though the sending host is on a spam list and being blocked by some spam filters there are still on the web and active!

Agile, what would you think if someone came onto the forum and reported symptoms of what you knew to be a flow switch fault, and blamed the entire plumbing and heating universe for not preventing it from happening.

If you had taken the trouble to find out how Email systems work you'd realise that there is no way of preventing someone who has an Internet connection from sending whatever Email messages they like, to whomever they like, with whatever spoofed 'from' address they like. The solution is to report the perpetrator to their ISP, either directly or via a service such as abuse.net.

Despite having already told you, several times, what you need to do, I'm expecting to have to repeat it a further four million times on this topic.

Ready when you are...