Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Sign In Register

Quick Links


Categories

In this Discussion

Methods to get a spammer mailserver blocked?
New on LowEndTalk? Please Register and read our Community Rules.

All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.

Methods to get a spammer mailserver blocked?

DroidzoneDroidzone Member
edited August 2013 in General

I seem to have received two scores of these last month:

Sender: [email protected] Subject: VPS Hosting Services Providers Body: Dear Sir, I am Hemant Bansal, Business development executive. We are providing quality VPS hosting for websites. If your website is grown up or not running smoothly, we can provide you quality Virtual private server (VPS) hosting for Rs 800/- only. In VPS you will get all the features of a dedicated server for fraction of a dedicated server cost. You will get full root access, can host unlimited domains, unlimited email ids. You can install any software which need root access and can set any configuration setting as per your need. If you are suffering in shared hosting because other sites in shared server are using too much resources or facing problem in email due to your neighbour site is spamming. We recommend you to switch to VPS hosting. A VPS will give you complete independence and lots of room to grow your site. I will really appreciate if you please let me know your VPS requirement. We are also providing Reseller and shared hosting. Warm Regards Hemant Bansal P.S. To stop receiving further mail please reply with "Remove" in the subject line.

Message header (my details removed):

Delivered-To: [[email protected] removed] Received: by 10.68.204.234 with SMTP id lb10csp6940pbc; Sat, 10 Aug 2013 01:39:05 -0700 (PDT) X-Received: by 10.60.131.69 with SMTP id ok5mr3471132oeb.70.1376123944596; Sat, 10 Aug 2013 01:39:04 -0700 (PDT) Return-Path: <[email protected]> Received: from mail-oa0-f46.google.com (mail-oa0-f46.google.com [209.85.219.46]) by mx.google.com with ESMTPS id sp4si11350425oeb.124.2013.08.10.01.39.04 for <[[email protected] removed]> (version=TLSv1 cipher=ECDHE-RSA-RC4-SHA bits=128/128); Sat, 10 Aug 2013 01:39:04 -0700 (PDT) Received-SPF: pass (google.com: domain of [email protected] designates 209.85.219.46 as permitted sender) client-ip=209.85.219.46; Authentication-Results: mx.google.com; spf=pass (google.com: domain of [email protected] designates 209.85.219.46 as permitted sender) [email protected] Received: by mail-oa0-f46.google.com with SMTP id l10so7944474oag.33 for <[[email protected] removed]>; Sat, 10 Aug 2013 01:39:04 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20120113; h=x-original-authentication-results:delivered-to:to:subject:from :reply-to:message-id:date; bh=zSMRbrl//PMEzHQ6OysHgk48CTaa8Hx+QU92JI9AcuE=; b=V0jDd5g44xp/IflBQFEPP/A7WMhSgycsjaYSstyMPUC2DZtHGa3m2kexZR5cYbWZW0 +kgwdapOCTRshF9sHdP9SJ5IfIhwyyd3TExyjzMun0nVaY0Eb8qBkq+ZyjRCXw6Sq4jL oguysxDZlQkd9AKLYz5BEFOOJJW4AMMYRu0UikldCbP5xXXdmQE2meXZJoadY9oE9WXA qhPhacLCZXEftv6FUWya9oygDEAUDwOnjgo09GB/R4kc+gMx7Nv4K9j+YDFJTK3n7PYQ zjppUh9eP6ONxuNrCqzQDAhQP8iSzygLBhvc49vjnZpMFOxsOR4yD4KlpmzrBGvnOaTO UEIg== X-Original-Authentication-Results: mx.google.com; spf=neutral (google.com: 198.23.248.156 is neither permitted nor denied by best guess record for domain of [email protected]) [email protected] X-Received: by 10.182.119.229 with SMTP id kx5mr6412591obb.23.1376123944234; Sat, 10 Aug 2013 01:39:04 -0700 (PDT) X-Forwarded-To: [[email protected] removed] X-Forwarded-For: [[email protected] removed] [[email protected] removed] Delivered-To: [[email protected] removed] Received: by 10.182.128.229 with SMTP id nr5csp8850obb; Sat, 10 Aug 2013 01:39:03 -0700 (PDT) X-Received: by 10.68.189.194 with SMTP id gk2mr1027310pbc.194.1376123943050; Sat, 10 Aug 2013 01:39:03 -0700 (PDT) Return-Path: <[email protected]> Received: from us4.networkpanda.com ([198.23.248.156]) by mx.google.com with ESMTPS id ie10si14857047pbc.251.2013.08.10.01.39.02 for <[[email protected] removed]> (version=TLSv1 cipher=RC4-SHA bits=128/128); Sat, 10 Aug 2013 01:39:03 -0700 (PDT) Received-SPF: neutral (google.com: 198.23.248.156 is neither permitted nor denied by best guess record for domain of [email protected]) client-ip=198.23.248.156; Received: from topseo80 by us4.networkpanda.com with local (Exim 4.80.1) (envelope-from <[email protected]>) id 1V84hR-000004-MM for [[email protected] removed]; Sat, 10 Aug 2013 08:39:01 +0000 To: [[email protected] removed] Subject: VPS Hosting Services Providers From: [email protected] Reply-To: [email protected] X-Mailer: NotOneBit.com Simple Mailer Message-Id: <[email protected]> Date: Sat, 10 Aug 2013 08:39:01 +0000 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report X-AntiAbuse: Primary Hostname - us4.networkpanda.com X-AntiAbuse: Original Domain - gmail.com X-AntiAbuse: Originator/Caller UID/GID - [764 765] / [47 12] X-AntiAbuse: Sender Address Domain - us4.networkpanda.com X-Get-Message-Sender-Via: us4.networkpanda.com: authenticated_id: topseo80/only user confirmed/virtual account not confirmed

What are the best methods of reporting extensive spam? Google's reporting system obviously doesn't do much. Are there spam list databases that allow reporting? Does colocrossing take any action against such reports?

ping us4.networkpanda.com PING us4.networkpanda.com (192.227.129.118) 56(84) bytes of data. 64 bytes from host.colocrossing.com (192.227.129.118): icmp_req=1 ttl=48 time=82.4 ms

Comments

  • PatrickPatrick Member

    http://whois.arin.net/rest/net/NET-192-227-129-112-1/pft

    Look down to POC and report it to that abuse email, if they fail to respond then report it to CC.

  • DroidzoneDroidzone Member
    edited August 2013

    Thanks @INIZ, the block seems to be allocated to Greenvalue Hosts. But networkpanda.com is another hosting company, probably renting a dedicated from Greenvalue Hosts? Anyway I've reported it to both.

    Edit:
    Apparently some hosts have not got a clue regarding email headers. Here's the reply from

    Hello, The email address 'myemailaddress' does not belong to us. Please contact 'myemailaddress' directly about this issue. Thank you. [email protected]

    They read the message header, and what they understood was that I was sending a spam mail to myself!

    Edit 2: They suspended the user.

    Hello Joel, Just as a follow up, the user who was authenticating to this Gmail account to send the messages, was now permanently suspended from our servers. But you will also need to report the account to Google, as he will be also using other providers to send spam. Thank you for reporting this issue.

Sign In or Register to comment.