Abuse reporting/cookies, muffins and bagles

  • Thread starter Thread starter Guest
  • Start date Start date
G

Guest

I have just reported an email abuse incident…
From: <[email protected]>
{Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
(HELO Panferov.net)}
To: <myuserid@myisp>

Zip attached was called “Work and taxes.zipâ€

Because it was obviously suspect, I right clicked it in Outlook
to pick up detail for abuse report. In this venue, one sees
attachment name + dump plus the fact that it actually came
out of .ru / Russia. On looking further, charter.net or
charter.com smells pretty bad to me as well. I then blocked
the unopened email which supposedly dropped it from server.
I don’t like the fact that myuserid is in use at another ISP.
I wonder how else one should react to a similar situation;
isn’t it best to report the “abuse†so that it can be followed
up on. I wonder if my ISP does that?
 
It was a virus laden email. Many viruses forge the return address, and
there is nothing you can do about it.

Tom
|I have just reported an email abuse incident.
| From: <[email protected]>
| {Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
| (HELO Panferov.net)}
| To: <myuserid@myisp>
|
| Zip attached was called "Work and taxes.zip"
|
| Because it was obviously suspect, I right clicked it in Outlook
| to pick up detail for abuse report. In this venue, one sees
| attachment name + dump plus the fact that it actually came
| out of .ru / Russia. On looking further, charter.net or
| charter.com smells pretty bad to me as well. I then blocked
| the unopened email which supposedly dropped it from server.
| I don't like the fact that myuserid is in use at another ISP.
| I wonder how else one should react to a similar situation;
| isn't it best to report the "abuse" so that it can be followed
| up on. I wonder if my ISP does that?
 
Will said:
For:
(e-mail address removed)

This does not answer question.
Click to expand...

Yes, it does. Your original post is a bit confusing, but sifting through
the verbiage the only question asked is this one:

Mr. Willett's answer was correct. You can report the "abuse" if it makes
you feel better, but it will probably do no good since many viruses
spoof the "from" line. There is no way to know for sure that the
"abuse" actually occurred by the supposed sender, either. You should
just delete these sorts of emails which are very common, or set up
filters in your email client to delete them.

As for your last question, there is no way for any of us to know what
your ISP (Eastlink in Canada?) does about abuse reports. Contact them
and find out.

What has most probably happened is:

1. You have a friend who has your email address in their computer's
addressbook. This friend's computer is infected with a virus that sends
copies of itself to all email addresses it finds on the infected
computer. The virus may also spoof the "from" line. Now someone else in
your friend's addressbook gets a virus-laden email with your name in
the "from" line. This person now writes you an angry email but of
course, it isn't your machine that's infected at all but your friend's.

2. And/or your machine is infected with a virus that is doing this.

3. And/or you signed up for something, used your real unmunged email
address somewhere, or otherwise got your email address harvested.

If you still think your question was not answered, then please post back
with a better description of what you need to know.

Malke
 
Thanks for detail Malke. If I get something meaningful from Abuse I will post
it here. For starters I’d like mail ISP/Outlook able to filter by Country
acceptable to me. Russia is not on my list. Aside from the damage it can do
to users, if this garbage is slowing down the internet, then it is in
everyone’s best interest for it to be fixed because it will otherwise only
get worse.
Logic says to solve problem at source rather than after; solution being for
mailer (Outlook Etc.) to test uncertified code attachments on sender computer
or on ISP server that can take the (S)hit.
 
FWIW---A lot of the things coming from China and Russia are originating
from right here in Florida, USA
 
Frank said:
FWIW---A lot of the things coming from China and Russia are originating
from right here in Florida, USA
Click to expand...

A surprising proportion of the internet fraud in the U.S. flushes out
of Florida. But some claim spam and internet fraud isn't the only
sort of fraud that Florida seems to specialize in.

Something you can try, if you wish, based on my decades of working
with spam.

The "From" has been forged by every spammer and virus on the net for
years, that tells you nothing, ignore it.

If you look at the headers of the message and in particular at the
topmost "Received" line you will sometimes see two different
domain names, sometimes only one, and sometimes just an ip address.
The first name on that line is also often forged, the second seems
to be less often forged. And the ip address is fortunately rarely
forged. You can use that ip address to look up the domain of the
last computer to relay that to you. You type the scrape the ip
address into your clipboard and choose the appropriate database:

For most of the U.S.
www.arin.net/whois/index.html
For most of South America
lacnic.net/en/index.html
For Brasil, always a popular spam/fraud source
registro.br/index.html
For most of Europe and eastern Europe
www.ripe.net/perl/whois/
For most of Asia
www.apnic.net
For most of Africa, an increasing source of fraud flushing
www.afrinic.net

With a little experience you will know from the first number
in the IP address which of these to use. Those will look up
the ip address and sometimes give you an abuse address you
can send the complete message to, minus any big binaries,
politely asking them to WHACK their little net vandal.

You can try similar things with Received lines further down
the list, but the first one that is forged means that it and
all the rest will be meaningless trash just trying to divert
attention from the real scum.

If the scum is using web pages you can report to them too,
spammers seem to dislike having their web pages cut off far
more than they dislike having their hijacked mail source
cut off. There are sources out there that will turn a domain
name into an ip address, search for "nslookup" and see what
you find.

You can also use
www.abuse.net/lookup.phtml
to often find an abuse email address for a domain name.

There are other ways of doing this, other people will perhaps
say that their way is much better than anybody else's way.
But you can with a little practice find a way you can use
to help report net scum.

It likely won't make spam and virus disappear from the world
but if you want to you can do your little part to help combat
fraud, spam and virus on the net

56572 SWEN virus email received and reported
 
Back
Top