Abuse reporting/cookies, muffins and bagles

Archived from groups: microsoft.public.windowsxp.general (More info?)

I have just reported an email abuse incident…
From: <myuserid@charter.net>
{Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
(HELO Panferov.net)}
To: <myuserid@myisp>

Zip attached was called “Work and taxes.zip�

Because it was obviously suspect, I right clicked it in Outlook
to pick up detail for abuse report. In this venue, one sees
attachment name + dump plus the fact that it actually came
out of .ru / Russia. On looking further, charter.net or
charter.com smells pretty bad to me as well. I then blocked
the unopened email which supposedly dropped it from server.
I don’t like the fact that myuserid is in use at another ISP.
I wonder how else one should react to a similar situation;
isn’t it best to report the “abuse� so that it can be followed
up on. I wonder if my ISP does that?
6 answers Last reply
More about abuse reporting cookies muffins bagles
  1. Archived from groups: microsoft.public.windowsxp.general (More info?)

    It was a virus laden email. Many viruses forge the return address, and
    there is nothing you can do about it.

    Tom
    "Will" <Will@discussions.microsoft.com> wrote in message
    news:A70E1EA9-4BC2-487A-88CE-14D6E53E118F@microsoft.com...
    |I have just reported an email abuse incident.
    | From: <myuserid@charter.net>
    | {Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
    | (HELO Panferov.net)}
    | To: <myuserid@myisp>
    |
    | Zip attached was called "Work and taxes.zip"
    |
    | Because it was obviously suspect, I right clicked it in Outlook
    | to pick up detail for abuse report. In this venue, one sees
    | attachment name + dump plus the fact that it actually came
    | out of .ru / Russia. On looking further, charter.net or
    | charter.com smells pretty bad to me as well. I then blocked
    | the unopened email which supposedly dropped it from server.
    | I don't like the fact that myuserid is in use at another ISP.
    | I wonder how else one should react to a similar situation;
    | isn't it best to report the "abuse" so that it can be followed
    | up on. I wonder if my ISP does that?
  2. Archived from groups: microsoft.public.windowsxp.general (More info?)

    For:
    tompepper@mvps.invalid

    This does not answer question.

    "Tom Pepper Willett" wrote:

    > It was a virus laden email. Many viruses forge the return address, and
    > there is nothing you can do about it.
    >
    > Tom
    > "Will" <Will@discussions.microsoft.com> wrote in message
    > news:A70E1EA9-4BC2-487A-88CE-14D6E53E118F@microsoft.com...
    > |I have just reported an email abuse incident.
    > | From: <myuserid@charter.net>
    > | {Received: from 213.252.72.10.dim-co-volokolamskoe.rmt.ru
    > | (HELO Panferov.net)}
    > | To: <myuserid@myisp>
    > |
    > | Zip attached was called "Work and taxes.zip"
    > |
    > | Because it was obviously suspect, I right clicked it in Outlook
    > | to pick up detail for abuse report. In this venue, one sees
    > | attachment name + dump plus the fact that it actually came
    > | out of .ru / Russia. On looking further, charter.net or
    > | charter.com smells pretty bad to me as well. I then blocked
    > | the unopened email which supposedly dropped it from server.
    > | I don't like the fact that myuserid is in use at another ISP.
    > | I wonder how else one should react to a similar situation;
    > | isn't it best to report the "abuse" so that it can be followed
    > | up on. I wonder if my ISP does that?
    >
    >
    >
  3. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Will wrote:

    > For:
    > tompepper@mvps.invalid
    >
    > This does not answer question.

    Yes, it does. Your original post is a bit confusing, but sifting through
    the verbiage the only question asked is this one:

    >> | I wonder how else one should react to a similar situation;
    >> | isn't it best to report the "abuse" so that it can be followed
    >> | up on. I wonder if my ISP does that?

    >
    > "Tom Pepper Willett" wrote:
    >
    >> It was a virus laden email. Many viruses forge the return address,
    >> and there is nothing you can do about it.

    Mr. Willett's answer was correct. You can report the "abuse" if it makes
    you feel better, but it will probably do no good since many viruses
    spoof the "from" line. There is no way to know for sure that the
    "abuse" actually occurred by the supposed sender, either. You should
    just delete these sorts of emails which are very common, or set up
    filters in your email client to delete them.

    As for your last question, there is no way for any of us to know what
    your ISP (Eastlink in Canada?) does about abuse reports. Contact them
    and find out.

    What has most probably happened is:

    1. You have a friend who has your email address in their computer's
    addressbook. This friend's computer is infected with a virus that sends
    copies of itself to all email addresses it finds on the infected
    computer. The virus may also spoof the "from" line. Now someone else in
    your friend's addressbook gets a virus-laden email with your name in
    the "from" line. This person now writes you an angry email but of
    course, it isn't your machine that's infected at all but your friend's.

    2. And/or your machine is infected with a virus that is doing this.

    3. And/or you signed up for something, used your real unmunged email
    address somewhere, or otherwise got your email address harvested.

    If you still think your question was not answered, then please post back
    with a better description of what you need to know.

    Malke
    --
    Elephant Boy Computers
    www.elephantboycomputers.com
    "Don't Panic!"
    MS-MVP Windows - Shell/User
  4. Archived from groups: microsoft.public.windowsxp.general (More info?)

    Thanks for detail Malke. If I get something meaningful from Abuse I will post
    it here. For starters I’d like mail ISP/Outlook able to filter by Country
    acceptable to me. Russia is not on my list. Aside from the damage it can do
    to users, if this garbage is slowing down the internet, then it is in
    everyone’s best interest for it to be fixed because it will otherwise only
    get worse.
    Logic says to solve problem at source rather than after; solution being for
    mailer (Outlook Etc.) to test uncertified code attachments on sender computer
    or on ISP server that can take the (S)hit.

    "Malke" wrote:

    > Will wrote:
    >
    > > For:
    > > tompepper@mvps.invalid
    > >
    > > This does not answer question.
    >
    > Yes, it does. Your original post is a bit confusing, but sifting through
    > the verbiage the only question asked is this one:
    >
    > >> | I wonder how else one should react to a similar situation;
    > >> | isn't it best to report the "abuse" so that it can be followed
    > >> | up on. I wonder if my ISP does that?
    >
    > >
    > > "Tom Pepper Willett" wrote:
    > >
    > >> It was a virus laden email. Many viruses forge the return address,
    > >> and there is nothing you can do about it.
    >
    > Mr. Willett's answer was correct. You can report the "abuse" if it makes
    > you feel better, but it will probably do no good since many viruses
    > spoof the "from" line. There is no way to know for sure that the
    > "abuse" actually occurred by the supposed sender, either. You should
    > just delete these sorts of emails which are very common, or set up
    > filters in your email client to delete them.
    >
    > As for your last question, there is no way for any of us to know what
    > your ISP (Eastlink in Canada?) does about abuse reports. Contact them
    > and find out.
    >
    > What has most probably happened is:
    >
    > 1. You have a friend who has your email address in their computer's
    > addressbook. This friend's computer is infected with a virus that sends
    > copies of itself to all email addresses it finds on the infected
    > computer. The virus may also spoof the "from" line. Now someone else in
    > your friend's addressbook gets a virus-laden email with your name in
    > the "from" line. This person now writes you an angry email but of
    > course, it isn't your machine that's infected at all but your friend's.
    >
    > 2. And/or your machine is infected with a virus that is doing this.
    >
    > 3. And/or you signed up for something, used your real unmunged email
    > address somewhere, or otherwise got your email address harvested.
    >
    > If you still think your question was not answered, then please post back
    > with a better description of what you need to know.
    >
    > Malke
    > --
    > Elephant Boy Computers
    > www.elephantboycomputers.com
    > "Don't Panic!"
    > MS-MVP Windows - Shell/User
    >
  5. Archived from groups: microsoft.public.windowsxp.general (More info?)

    FWIW---A lot of the things coming from China and Russia are originating
    from right here in Florida, USA

    "Will" <Will@discussions.microsoft.com> wrote in message
    news:6F30396A-A71C-40AE-873B-01968AB3ACF6@microsoft.com...
    > Thanks for detail Malke. If I get something meaningful from Abuse I will
    > post
    > it here. For starters I'd like mail ISP/Outlook able to filter by Country
    > acceptable to me. Russia is not on my list. Aside from the damage it can
    > do
    > to users, if this garbage is slowing down the internet, then it is in
    > everyone's best interest for it to be fixed because it will otherwise only
    > get worse.
    > Logic says to solve problem at source rather than after; solution being
    > for
    > mailer (Outlook Etc.) to test uncertified code attachments on sender
    > computer
    > or on ISP server that can take the (S)hit.
    >
    > "Malke" wrote:
    >
    >> Will wrote:
    >>
    >> > For:
    >> > tompepper@mvps.invalid
    >> >
    >> > This does not answer question.
    >>
    >> Yes, it does. Your original post is a bit confusing, but sifting through
    >> the verbiage the only question asked is this one:
    >>
    >> >> | I wonder how else one should react to a similar situation;
    >> >> | isn't it best to report the "abuse" so that it can be followed
    >> >> | up on. I wonder if my ISP does that?
    >>
    >> >
    >> > "Tom Pepper Willett" wrote:
    >> >
    >> >> It was a virus laden email. Many viruses forge the return address,
    >> >> and there is nothing you can do about it.
    >>
    >> Mr. Willett's answer was correct. You can report the "abuse" if it makes
    >> you feel better, but it will probably do no good since many viruses
    >> spoof the "from" line. There is no way to know for sure that the
    >> "abuse" actually occurred by the supposed sender, either. You should
    >> just delete these sorts of emails which are very common, or set up
    >> filters in your email client to delete them.
    >>
    >> As for your last question, there is no way for any of us to know what
    >> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
    >> and find out.
    >>
    >> What has most probably happened is:
    >>
    >> 1. You have a friend who has your email address in their computer's
    >> addressbook. This friend's computer is infected with a virus that sends
    >> copies of itself to all email addresses it finds on the infected
    >> computer. The virus may also spoof the "from" line. Now someone else in
    >> your friend's addressbook gets a virus-laden email with your name in
    >> the "from" line. This person now writes you an angry email but of
    >> course, it isn't your machine that's infected at all but your friend's.
    >>
    >> 2. And/or your machine is infected with a virus that is doing this.
    >>
    >> 3. And/or you signed up for something, used your real unmunged email
    >> address somewhere, or otherwise got your email address harvested.
    >>
    >> If you still think your question was not answered, then please post back
    >> with a better description of what you need to know.
    >>
    >> Malke
    >> --
    >> Elephant Boy Computers
    >> www.elephantboycomputers.com
    >> "Don't Panic!"
    >> MS-MVP Windows - Shell/User
    >>
  6. Archived from groups: microsoft.public.windowsxp.general (More info?)

    "Frank" <bbunny@bqik.net> writes:
    >FWIW---A lot of the things coming from China and Russia are originating
    >from right here in Florida, USA

    A surprising proportion of the internet fraud in the U.S. flushes out
    of Florida. But some claim spam and internet fraud isn't the only
    sort of fraud that Florida seems to specialize in.

    Something you can try, if you wish, based on my decades of working
    with spam.

    The "From" has been forged by every spammer and virus on the net for
    years, that tells you nothing, ignore it.

    If you look at the headers of the message and in particular at the
    topmost "Received" line you will sometimes see two different
    domain names, sometimes only one, and sometimes just an ip address.
    The first name on that line is also often forged, the second seems
    to be less often forged. And the ip address is fortunately rarely
    forged. You can use that ip address to look up the domain of the
    last computer to relay that to you. You type the scrape the ip
    address into your clipboard and choose the appropriate database:

    For most of the U.S.
    www.arin.net/whois/index.html
    For most of South America
    lacnic.net/en/index.html
    For Brasil, always a popular spam/fraud source
    registro.br/index.html
    For most of Europe and eastern Europe
    www.ripe.net/perl/whois/
    For most of Asia
    www.apnic.net
    For most of Africa, an increasing source of fraud flushing
    www.afrinic.net

    With a little experience you will know from the first number
    in the IP address which of these to use. Those will look up
    the ip address and sometimes give you an abuse address you
    can send the complete message to, minus any big binaries,
    politely asking them to WHACK their little net vandal.

    You can try similar things with Received lines further down
    the list, but the first one that is forged means that it and
    all the rest will be meaningless trash just trying to divert
    attention from the real scum.

    If the scum is using web pages you can report to them too,
    spammers seem to dislike having their web pages cut off far
    more than they dislike having their hijacked mail source
    cut off. There are sources out there that will turn a domain
    name into an ip address, search for "nslookup" and see what
    you find.

    You can also use
    www.abuse.net/lookup.phtml
    to often find an abuse email address for a domain name.

    There are other ways of doing this, other people will perhaps
    say that their way is much better than anybody else's way.
    But you can with a little practice find a way you can use
    to help report net scum.

    It likely won't make spam and virus disappear from the world
    but if you want to you can do your little part to help combat
    fraud, spam and virus on the net

    56572 SWEN virus email received and reported

    >"Will" <Will@discussions.microsoft.com> wrote in message
    >news:6F30396A-A71C-40AE-873B-01968AB3ACF6@microsoft.com...
    >> Thanks for detail Malke. If I get something meaningful from Abuse I will
    >> post
    >> it here. For starters I'd like mail ISP/Outlook able to filter by Country
    >> acceptable to me. Russia is not on my list. Aside from the damage it can
    >> do
    >> to users, if this garbage is slowing down the internet, then it is in
    >> everyone's best interest for it to be fixed because it will otherwise only
    >> get worse.
    >> Logic says to solve problem at source rather than after; solution being
    >> for
    >> mailer (Outlook Etc.) to test uncertified code attachments on sender
    >> computer
    >> or on ISP server that can take the (S)hit.
    >>
    >> "Malke" wrote:
    >>
    >>> Will wrote:
    >>>
    >>> > For:
    >>> > tompepper@mvps.invalid
    >>> >
    >>> > This does not answer question.
    >>>
    >>> Yes, it does. Your original post is a bit confusing, but sifting through
    >>> the verbiage the only question asked is this one:
    >>>
    >>> >> | I wonder how else one should react to a similar situation;
    >>> >> | isn't it best to report the "abuse" so that it can be followed
    >>> >> | up on. I wonder if my ISP does that?
    >>>
    >>> >
    >>> > "Tom Pepper Willett" wrote:
    >>> >
    >>> >> It was a virus laden email. Many viruses forge the return address,
    >>> >> and there is nothing you can do about it.
    >>>
    >>> Mr. Willett's answer was correct. You can report the "abuse" if it makes
    >>> you feel better, but it will probably do no good since many viruses
    >>> spoof the "from" line. There is no way to know for sure that the
    >>> "abuse" actually occurred by the supposed sender, either. You should
    >>> just delete these sorts of emails which are very common, or set up
    >>> filters in your email client to delete them.
    >>>
    >>> As for your last question, there is no way for any of us to know what
    >>> your ISP (Eastlink in Canada?) does about abuse reports. Contact them
    >>> and find out.
    >>>
    >>> What has most probably happened is:
    >>>
    >>> 1. You have a friend who has your email address in their computer's
    >>> addressbook. This friend's computer is infected with a virus that sends
    >>> copies of itself to all email addresses it finds on the infected
    >>> computer. The virus may also spoof the "from" line. Now someone else in
    >>> your friend's addressbook gets a virus-laden email with your name in
    >>> the "from" line. This person now writes you an angry email but of
    >>> course, it isn't your machine that's infected at all but your friend's.
    >>>
    >>> 2. And/or your machine is infected with a virus that is doing this.
    >>>
    >>> 3. And/or you signed up for something, used your real unmunged email
    >>> address somewhere, or otherwise got your email address harvested.
    >>>
    >>> If you still think your question was not answered, then please post back
    >>> with a better description of what you need to know.
    >>>
    >>> Malke
    >>> --
    >>> Elephant Boy Computers
    >>> www.elephantboycomputers.com
    >>> "Don't Panic!"
    >>> MS-MVP Windows - Shell/User
    >>>
Ask a new question

Read More

Internet Service Providers Cookie Windows XP