Results 1 to 7 of 7

Thread: Spam Tracking

  1. #1

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,468

    Spam Tracking

    Some time ago, I posted here about 2 separate spammers that had been bombarding my mailbox for more than a year.

    The first one used hijacked personal computers from world wide locations. All of these messages were bounced because the reverse lookup (PTR) on the IP address did not match the forward lookup (A). Not surprisingly, these ended on May 25, 2020.

    The second one was more sophisticated and started in June, 2019 with almost 1000 spam per month. They used server farms and consequently were able to get around most spam filtering, with the exception of content filtering. Out of all the thousands of attempts, only four managed to make it through my email supplier, and that was in the early stages. Myself and 2 others would report the attempts religiously to AbuseIPDB. The attempts kept getting less and less, and finally quit on Sep 25, 2020.

    I would like to find out if our reporting had anything to do with the shutdown, but I have not been able to find any information about this second spammer. Did the spammer finally get smart and clean up his/her spam list, did our reporting have anything to do with it, or did they get shut down by an external factor?

    Is there any place on the Internet that does a good job of tracking spam sources?

    J.A. Coutts

  2. #2
    Wall Poster TysonLPrice's Avatar
    Join Date
    Sep 2002
    Location
    Columbus, Ohio
    Posts
    3,832

    Re: Spam Tracking

    If you Google:

    tracking spammers

    You will get a bunch of hits that are interesting. I didn't post any because there are quite a few.
    Please remember next time...elections matter!

  3. #3

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,468

    Re: Spam Tracking

    Quote Originally Posted by TysonLPrice View Post
    If you Google:

    tracking spammers

    You will get a bunch of hits that are interesting. I didn't post any because there are quite a few.
    I tried that, and many other searches as well. None of them that I found do a comprehensive job of it. There does not seem to be any kind of central agency that tracks this kind of stuff.

    These were not just spammers; they were also scammers. At first they were scamming things like West Coast cruises, but after the pandemic hit, they started scamming for things like infra red thermometers. I never understood their MO, as there were so many of these spams starting at 7:00 AM PST on week days only, that it was very obvious that they were spam. A smart spammer limits the number of spam sent to a single address, and culls his spam list to avoid attracting attention.

    J.A. Coutts

  4. #4
    Super Moderator Shaggy Hiker's Avatar
    Join Date
    Aug 2002
    Location
    Idaho
    Posts
    38,943

    Re: Spam Tracking

    It doesn't bother me if spammers are dumb.

    That's an interesting time, though, as it suggests that the spammers are in North America, somewhere. I doubt their in the pacific time zone, as 7 AM is a bit early, but they might be in the central time zone.
    My usual boring signature: Nothing

  5. #5
    PowerPoster jdc2000's Avatar
    Join Date
    Oct 2001
    Location
    Idaho Falls, Idaho USA
    Posts
    2,391

    Re: Spam Tracking

    The link below may be close to what you are looking for:

    https://www.spamhaus.org/rokso

    Spammers change domains and IP addresses all the time, since many of them use hijacked computers. This renders a database of spam IPs and domains obsolete very rapidly, which means compiling a list is usually a waste of time. That is why I do not like domain blacklists used by spam filters, since ALL domains send out spam at least occasionally, so they are all blacklisted at times.
    Last edited by jdc2000; Oct 13th, 2020 at 12:30 PM.

  6. #6

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,468

    Re: Spam Tracking

    Quote Originally Posted by Shaggy Hiker View Post
    It doesn't bother me if spammers are dumb.

    That's an interesting time, though, as it suggests that the spammers are in North America, somewhere. I doubt their in the pacific time zone, as 7 AM is a bit early, but they might be in the central time zone.
    For a while I thought that too. I blame the service providers who rent by the time or MB, with Limestone Networks being the worst offender. There are some that suggest the spammers are using stolen credit cards on automated sign up systems, but I have no evidence of that.

    What the timing may also suggest is that they are using public WiFi to avoid using the same IP address, which is easily blocked. Again, I have no evidence of that, because I could never get even one supplier to respond to my email reports to their abuse address. My Outbox is full of Network Abuse reports. There is no evidence that the suppliers even looked at my reports.

    J.A. Coutts

    Addendum: There is also one other interesting point. The spam email uses valid .com domains registered with "GoDaddy.com" or "Sav.com".
    Last edited by couttsj; Oct 13th, 2020 at 12:12 PM.

  7. #7

    Thread Starter
    Frenzied Member
    Join Date
    Dec 2012
    Posts
    1,468

    Re: Spam Tracking

    Quote Originally Posted by jdc2000 View Post
    The link below may be close to what you are looking for:

    https://www.spamhaus.org/rokso

    Spammers change domains and IP addresses all the time, since many of them use hijacked computers. This renders a database of spam IPs and domains obsolete very rapidly, which means compiling a list is usually a waste of time. That is why I do not like domain blacklists used by spam filters, since ALL domains send out spam at least occasionally, so the are all blacklisted at times.
    Because these spammers are using different IP addresses on server farms, Black Lists are totally ineffective. They use one address until their abuse is about to be detected by the provider, and then sign up for a different one and start all over again.

    J.A. Coutts

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width