RetroBBS - news.admin.net-abuse.email - Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121

Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389

<anfi+2022-01-14-e08bd34442a055f157a99325@wp.eu>

https://www.rocksolidbbs.com/computers/article-flat.php?id=234&group=news.admin.net-abuse.email#234

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!aioe.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: @
Newsgroups: news.admin.net-abuse.email
Subject: Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389
Date: Fri, 14 Jan 2022 06:30:22 +0000
Organization: Do not be the worst
Lines: 101
Message-ID: <anfi+2022-01-14-e08bd34442a055f157a99325@wp.eu>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii; Format=Fixed
Content-Transfer-Encoding: 7bit
Injection-Info: reader02.eternal-september.org; posting-host="954ef0378dbc0ee06754276fd3acaee0";
logging-data="14889"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+bTMw6zK0CrmUCVV7y1x5F"
Cancel-Lock: sha1:lKxzoWrmAS79vwY7wY/qxUp24K4=

by: @ - Fri, 14 Jan 2022 06:30 UTC

Spamcop.net Top200 source: https://www.spamcop.net/hoshame.shtml
IPv4 reports for the week ending 2022-01-14T06:30:22+00:00
IPv6 reports for the week ending 2022-01-14T06:30:25+00:00
IP address to country and ASN mapping by whois.cymru.com
Stats generated for 200 IPv4 addresses and 2 IPv6 adresses
Cutoff at Spamcop.net 200:IPv4 : 2217 reports
Spamcop.net 1:IPv6 : 6184 reports

#### Top entries with reports count
#### [Top-IP: Top 10 IPv4&IPv6 + Top 1 IPv6 + DNSWL listed]
#No. Reports Age AS IP_Address
1. 1:IPv4 121_404 2.9 days RU AS12389 77.40.78.189
2. 2:IPv4 104_764 4.1 days RU AS12389 77.40.62.30
3. 3:IPv4 80_542 2.9 days RU AS12389 77.40.2.250
4. 4:IPv4 70_357 24 hours DE AS58329 31.214.157.36
5. 5:IPv4 53_175 44 hours RU AS12389 77.40.80.123
6. 6:IPv4 46_565 5.9 days SE AS2119/NO 85.224.174.245
7. 7:IPv4 35_644 5.3 days RU AS12389 77.40.102.45
8. 8:IPv4 34_417 2.7 days CZ AS399471/US 212.192.246.215
9. 9:IPv4 29_729 24 hours KR AS17858 125.251.116.4
10. 10:IPv4 29_158 23 hours TW AS4780 123.204.7.19
20. 20:IPv4 18_687 24 hours US AS15169 209.85.220.41
https://dnswl.org/s/?s=209.85.220.41 Trust=none google.com
33. 33:IPv4 12_516 25 hours US AS15169 209.85.220.65
https://dnswl.org/s/?s=209.85.220.65 Trust=none google.com
74. 1:IPv6 6_184 23 hours FR AS16276 2001:41d0:8:c5b3:0:0:0:0
202. 200:IPv4 2_217 - - -
1_236_832 - - *

#### Entries and reports count by AS
#### [Top-AS: Top 10 ASes + listed in Top-IP]
#No. Reports AS_name_and_country
1. AS12389 22 536_108 ROSTELECOM-AS, RU
[Top-IP:1,2,3,5,7]
2. AS10429 35 199_676 TELEFONICA BRASIL S.A, BR
3. AS58329 1 70_357 RACKPLACE, DE
[Top-IP:4]
4. AS399471 2 50_931 AS-SERVERION, US
[Top-IP:8]
5. AS2119 2 50_390 TELENOR-NEXTEL Telenor Norge AS, NO
[Top-IP:6]
6. AS45382 4 35_117 EHOSTIDC-AS-KR EHOSTICT, KR
7. AS8075 3 34_805 MICROSOFT-CORP-MSN-AS-BLOCK, US
8. AS35900 2 32_890 DIGI-BDS-ASN, BB
9. AS15169 2 31_203 GOOGLE, US
[Top-IP:20(dnswl-none),33(dnswl-none)]
10. AS17858 1 29_729 POWERVIS-AS-KR LG POWERCOMM, KR
[Top-IP:9]
11. AS4780 1 29_158 SEEDNET Digital United Inc., TW
[Top-IP:10]
19. AS16276 3 20_733 OVH, FR
[Top-IP:74(1:IPv6)]
107. - 1 2_217 -
* 123 758_877

#### Entries and reports count by country
#### [Top-Country: Top 5 countries + listed in Top-IP + listed in Top-AS]
#No. Reports ASes_with_stats
1. RU 36 655_437 AS12389(22:536_108) AS20485(1:25_888)
AS31133(3:18_658) AS35401(1:16_566)
AS198541(1:10_143) AS42610(1:7_805)
AS50556(1:7_316) AS48371(1:6_906) AS8369(1:6_533)
AS44812(1:6_151) AS210240(1:5_491) AS49551(1:4_131)
AS42002(1:3_741)
[Top-IP:1,2,3,5,7 + Top-AS:1]
-. eu 27 338_951 DE(3:79_098) SE(4:65_937) CZ(3:63_724) BG(5:55_181)
NL(3:29_033) FR(3:20_733) DK(2:10_330) AT(1:6_089)
BE(1:3_881) RO(1:2_728) SI(1:2_217)
[Top-IP:4,6,8,74(1:IPv6) + Top-AS:3]
2. BR 46 243_777 AS10429(35:199_676) AS18881(1:9_181)
AS28573(1:7_161) AS61591(2:6_583) AS17222(1:4_155)
AS263648(1:3_981) AS16735(1:3_114) AS26599(1:2_638)
AS8167(1:2_544) AS267538(1:2_514) AS269548(1:2_230)
[Top-AS:2]
3. US 19 176_064 AS399471(2:50_931) AS8075(3:34_805)
AS15169(2:31_203) AS14061(2:16_662)
AS7922(3:10_953) AS11272(1:6_660) AS11776(2:6_314)
AS11427(1:5_170) AS33616(1:4_617) AS6128(1:4_416)
AS19108(1:4_333)
[Top-IP:8,20(dnswl-none),33(dnswl-none) + Top-AS:4,
7,9]
4. DE 3 79_098 AS58329(1:70_357) AS3320(1:5_369) AS51167(1:3_372)
[Top-IP:4 + Top-AS:3]
5. KR 8 75_173 AS45382(4:35_117) AS17858(1:29_729)
AS4766(3:10_327)
[Top-IP:9 + Top-AS:6,10]
6. SE 4 65_937 AS2119/NO(2:50_390) AS45011(1:10_254)
AS39651(1:5_293)
[Top-IP:6]
7. CZ 3 63_724 AS399471/US(1:34_417) AS25248(1:25_889)
AS197846(1:3_418)
[Top-IP:8]
9. NO 2 50_390 AS2119(2:50_390)
[Top-IP:6 + Top-AS:5]
11. TW 3 38_889 AS4780(1:29_158) AS131584(1:5_847) AS3462(1:3_884)
[Top-IP:10]
13. BB 2 32_890 AS35900(2:32_890)
[Top-AS:8]
19. FR 3 20_733 AS16276(3:20_733)
[Top-IP:74(1:IPv6)]
49. - 1 2_217 -

Re: Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389

<anfi+ydx1pghoof-m1e5@wp.eu>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=235&group=news.admin.net-abuse.email#235

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: anfi@onet.eu (Andrzej Adam Filip)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389
Date: Fri, 14 Jan 2022 18:15:38 +0000 (UTC)
Organization: It is for me to know and for you to find out.
Lines: 9
Message-ID: <anfi+ydx1pghoof-m1e5@wp.eu>
References: <anfi+2022-01-14-e08bd34442a055f157a99325@wp.eu>
<srscv0$5ia$3@gallifrey.nk.ca>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 8bit
Injection-Info: reader02.eternal-september.org; posting-host="c06c6251efe26bbf33cd7ed57692979d";
logging-data="2034"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX1+AXemD4DsGGD335GekZU/L"
Cancel-Lock: sha1:Rhodv5k598jx2JRd3bSu9yywl1Q=
sha1:AFxnOSaBB0DjHbWtKKpk9Si2M20=

by: Andrzej Adam Filip - Fri, 14 Jan 2022 18:15 UTC

doctor@doctor.nl2k.ab.ca (The Doctor) wrote:
> > […]
> Damn Russians! Damn Google!

Google spam makes most of spam passing to my mailboxes (on mail servers
not under my control/administration).

--
A. Filip

Re: Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389

<cone.1642367855.390269.7403.1004@monster.email-scan.com>

copy mid

https://www.rocksolidbbs.com/computers/article-flat.php?id=236&group=news.admin.net-abuse.email#236

copy link Newsgroups: news.admin.net-abuse.email

Path: i2pn2.org!i2pn.org!eternal-september.org!reader02.eternal-september.org!.POSTED!not-for-mail
From: sam@email-scan.com (Sam)
Newsgroups: news.admin.net-abuse.email
Subject: Re: Spamcop-Top200 Weekly 2022-01-14 :
RU(36:655_437);_AS12389/RU(22:536_108)
;_77.40.78.189(1:121_404) RU AS12389
Date: Sun, 16 Jan 2022 16:17:35 -0500
Organization: A noiseless patient Spider
Lines: 71
Message-ID: <cone.1642367855.390269.7403.1004@monster.email-scan.com>
References: <anfi+2022-01-14-e08bd34442a055f157a99325@wp.eu> <srscv0$5ia$3@gallifrey.nk.ca> <anfi+ydx1pghoof-m1e5@wp.eu>
Mime-Version: 1.0
Content-Type: multipart/signed;
boundary="=_monster.email-scan.com-7403-1642367855-0001";
micalg=pgp-sha1; protocol="application/pgp-signature"
Injection-Info: reader02.eternal-september.org; posting-host="4f7eb82ac367bd4b9d954f6040d10818";
logging-data="32489"; mail-complaints-to="abuse@eternal-september.org"; posting-account="U2FsdGVkX19L13OKZrKFbHicJst0meP2"
Cancel-Lock: sha1:+O6P5L06y3NbTuFas9ad1j+UFSM=
X-Mime-Autoconverted: from 8bit to quoted-printable by mimegpg
X-Mailer: http://www.courier-mta.org/cone/

by: Sam - Sun, 16 Jan 2022 21:17 UTC

Attachments: unnamed (application/pgp-signature)

Andrzej Adam Filip writes:

> doctor@doctor.nl2k.ab.ca (The Doctor) wrote:
> > > […]
> > Damn Russians! Damn Google!
>
> Google spam makes most of spam passing to my mailboxes (on mail servers
> not under my control/administration).

Google spam started about 2-3 months ago. It looks like there's now spamware
that uses either a virtual machine or a browser plugin to script spamming
via Gmail.

Everyone accepts mail from Gmail. This makes Gmail a very attractive spam
injection source. I would expected the rocket scientists at Google to figure
out how to detect and neutralize the spambots that are spewing stuff via
Gmail's UI. I wouldn't think that it's brain surgery to say, hey, this
account shouldn't be able to send more than three messages per second, if it
does, drop all of its outbound mail on the floor.

One thing that does work, very well, is verification callbacks. Once
the spew starts the spewing address gets quickly rate-limited by all the
bounces. From my mail logs:

<micheallopez1954@gmail.com>
530-5.2.1 The user you are trying to contact is receiving mail at a rate
that
530-5.2.1 prevents additional messages from being delivered. For more
530-5.2.1 information, please visit https://support.google.com/mail/?p=ReceivingRatePerm h19si3971588qkj.178 - gsmtp
530 <micheallopez1954@gmail.com> verification failed.

I estimate that this stops about 95% of the Google spam.

Attachments: unnamed (application/pgp-signature)

Are we running light with overbyte?

computers / news.admin.net-abuse.email / Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389

computers / news.admin.net-abuse.email / Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40.78.189(1:121_404) RU AS12389

Subject	Author
Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 77.40
Re: Spamcop-Top200 Weekly 2022-01-14 : RU(36:655_437); AS12389/RU(22:536_108); 7	Andrzej Adam Filip
Re: Spamcop-Top200 Weekly 2022-01-14 :	Sam