-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hello,
slowly I get pissed of from one Belgian spammer.
Do anybody else see high personalized spam from smtp.ymlp\d*.net or smtp\d*.ymlpsrv.net? First I found them in uni zürich where they spammed all employees and all students with some festivals in zürich and now I even get spams from those spammer privately. It is not clear where the addresses comes from and I even wounder how this spammer is able to stay outside of all dnsrbls. And as he spawns new nodes on and on it is only possible to block him with the above regexes.
Anybody saw any legal mail from this spammer?
Gruß Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Klaus@Ethgen.de Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
On 2013-08-22 11:12, Klaus Ethgen wrote:
Hello,
slowly I get pissed of from one Belgian spammer.
Do anybody else see high personalized spam from smtp.ymlp\d*.net or smtp\d*.ymlpsrv.net? First I found them in uni zürich where they spammed all employees and all students with some festivals in zürich and now I even get spams from those spammer privately. It is not clear where the addresses comes from and I even wounder how this spammer is able to stay outside of all dnsrbls. And as he spawns new nodes on and on it is only possible to block him with the above regexes.
Anybody saw any legal mail from this spammer?
If you are going to complain about someone, could you at least include headers of these spams?
Also, it would be prudent to contact the ISP that the spamvertised sites are located.
Greets, Jeroen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
Am Do den 22. Aug 2013 um 10:27 schrieb Jeroen Massar:
If you are going to complain about someone, could you at least include headers of these spams?
Sure. See below. But I do not have the spam that was going to all members of university last night.
Also, it would be prudent to contact the ISP that the spamvertised sites are located.
I tried. Unfortunately it is only a spammer that spamms for many customers. I was not able to stop the spammer itself. In case of university that would have included to sue them but the university make the choice to don't. The spamvertised stuff was some parties in Zürich. It was difficult to get informations on the party organiser and if he really is initiated the spams.
Here is the headers: Return-path: mailreturn@smtp5.ymlpsrv.net Envelope-to: klaus@ethgen.de Delivery-date: Thu, 22 Aug 2013 09:48:38 +0200 Received: from smtp5.ymlpsrv.net ([62.213.196.185]) by tschil.ethgen.ch with smtp (Exim 4.72) (envelope-from mailreturn@smtp5.ymlpsrv.net) id 1VCPdC-0001fP-GE for klaus@ethgen.de; Thu, 22 Aug 2013 09:48:38 +0200 Received: (qmail 11308 invoked by uid 0); 22 Aug 2013 07:48:32 -0000 Date: Thu, 22 Aug 2013 09:48:32 +0200 To: klaus@ethgen.de From: Frank Segers trainingsinstituut@successeminars.be Subject: Exclusief Seminar! Speechen met Impact en Frank Segers. Nu nog inschrijven met vroegboekkorting! Beperkt aantal plaatsen... Message-ID: 22dd12d39e6b91ae915dcf8b1f37c2f5@smtp5.ymlpsrv.net Reply-To: trainingsinstituut@successeminars.be X-YMLPcode: cgza+1119+195865 List-Unsubscribe: http://ymlp224.net/unsub_gjusueqgsguybqhbguuuygguqubuu.php MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="b1_22dd12d39e6b91ae915dcf8b1f37c2f5" Received-SPF: pass client-ip=62.213.196.185; envelope-from=mailreturn@smtp5.ymlpsrv.net; helo=smtp5.ymlpsrv.net
The mentioned "list" is no real list than just to confuse spamassassin & Co.
Gruß Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Klaus@Ethgen.de Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
On 2013-08-22 11:40, Klaus Ethgen wrote:
Hi,
Am Do den 22. Aug 2013 um 10:27 schrieb Jeroen Massar:
If you are going to complain about someone, could you at least include headers of these spams?
Sure. See below. But I do not have the spam that was going to all members of university last night.
Contact Kangaroot (AS28707) who are the ISP hosting their netblock:
8<------------------- inetnum: 62.213.196.176 - 62.213.196.191 netname: YMLP descr: YMLP.com country: BE admin-c: PVA110-RIPE tech-c: PVA110-RIPE status: ASSIGNED PA mnt-by: MNT-KANGAROOT source: RIPE # Filtered
person: Patrick Van Acker address: PO BOX 25 address: B-8970 Poperinge address: BELGIUM phone: +32-57-300801 mnt-by: MNT-KANGAROOT nic-hdl: PVA110-RIPE source: RIPE # Filtered
% Information related to '62.213.192.0/19AS28707'
route: 62.213.192.0/19 descr: Kangaroot IPv4 Network origin: AS28707 mnt-by: MNT-KANGAROOT source: RIPE # Filtered ------------------->8
They should be able to put a stop on this, or they will in time appear on spamhaus...
Definitely forward as much information to the latter entity too..
Also http://www.ecops.be/ is the place to report these kind of issues in Belgium. That is the Belgium Federal Crime Unit.
Put http://www.privacycommission.be/en/node/7465 through a translator to get more details.
CC'ing ecops.be when mailing kangaroot should have the proper effect...
Greets, Jeroen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
Am Do den 22. Aug 2013 um 10:58 schrieb Jeroen Massar:
Contact Kangaroot (AS28707) who are the ISP hosting their netblock:
[WHOIS info]
They should be able to put a stop on this, or they will in time appear on spamhaus...
Definitely forward as much information to the latter entity too..
Also http://www.ecops.be/ is the place to report these kind of issues in Belgium. That is the Belgium Federal Crime Unit.
Put http://www.privacycommission.be/en/node/7465 through a translator to get more details.
CC'ing ecops.be when mailing kangaroot should have the proper effect...
I did not make good experiences with spam reports to foreign companies or authorities. Usually you hear nothing and nothing hapens. Even in Germany it is nearly impossible to get a address of a spammer to sue him. And in countries with languages I do not speak ...
But thanks for your help. It might be a idea to feed them to spamhaus. Also I got a private mail from two here that have same problems with this guy.
Gruß Klaus
Ps. No Need to put my private address in Cc as I am reading the list and like to don't have the stuff in two boxes. - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Klaus@Ethgen.de Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
On 2013-08-23 10:36, Klaus Ethgen wrote: [..]
I did not make good experiences with spam reports to foreign companies or authorities. Usually you hear nothing and nothing hapens. Even in Germany it is nearly impossible to get a address of a spammer to sue him. And in countries with languages I do not speak ...
They provide a very standard form on ecops.be that is in multiple languages; they will take action and at the minimum it will be added to the stats, and then when there are too many complaints for that ISP harder action can be taken as there is a history of abuse.
If you do not report then indeed no action will be taken.
Note that another good contact might be cert@cert.be, but indeed as all of these are government funded they might be understaffed and under budgeted to handle it.
Fun eh, as that is already in the 'civilized' world where they can't properly handle these kind of issues.
Ps. No Need to put my private address in Cc as I am reading the list and like to don't have the stuff in two boxes.
You can set a Reply-To: swinog@lists.swinog.ch header if you desire that. Nobody will keep track on what your wishes are.
Greets, Jeroen
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512
Hi,
Am Fr den 23. Aug 2013 um 9:47 schrieb Jeroen Massar:
On 2013-08-23 10:36, Klaus Ethgen wrote: [..]
I did not make good experiences with spam reports to foreign companies or authorities. Usually you hear nothing and nothing hapens. Even in Germany it is nearly impossible to get a address of a spammer to sue him. And in countries with languages I do not speak ...
They provide a very standard form on ecops.be that is in multiple languages; they will take action and at the minimum it will be added to the stats, and then when there are too many complaints for that ISP harder action can be taken as there is a history of abuse.
Ok, sounds to be worth for give it a try.
Fun eh, as that is already in the 'civilized' world where they can't properly handle these kind of issues.
Ups, I didn't know that we reach the 'civilized' world. Was thinking we are still in middle ages. :-D
Ps. No Need to put my private address in Cc as I am reading the list and like to don't have the stuff in two boxes.
You can set a Reply-To: swinog@lists.swinog.ch header if you desire that. Nobody will keep track on what your wishes are.
Well, usually mailman does that. But you are true, not on the swinog list.
Gruß Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16 Klaus Ethgen Klaus@Ethgen.de Fingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C
If you are going to complain about someone, could you at least include headers of these spams?
Also, it would be prudent to contact the ISP that the spamvertised sites are located.
I'd suggest to post your full spam message in the form on www.spamcop.net and it will give you all the abuse contacts of the networks involved in the message (headers, body and URIs).
Regards
Jean-Pierre
-
Jean-Pierre Schwickerath -
Jeroen Massar -
Klaus Ethgen