Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. Gingko

    Spams received already outdated

    In the meantime, I sorted all the spams that I received from this "spam cluster" (that I identified as part of the same group by several common features). I have 158 spams so far, starting January 9th, incoming in two mailboxes hosted by the same ISP. They are coming from 10 different sources, the most active being : ncdhost.com (43 spams) hopone.net (41 spams) dacentec.com (23 spams) ni.net.tr (16 spams) The six others (datashack.net, heymman.com, layer6.net, uaservers.net, vernet.lv, wholesaleinternet.net) have less messages, and sometimes lasted only for a short period, meaning that the spammer can already having been shutted down by this hosting service. I could eventually forward all of them to their respective senders, but does it worth the attempt? Gingko
  3. petzl

    Spams received already outdated

    And it may bounce from there. It's in the "Marshall Islands" so don't get your hopes up? https://en.wikipedia.org/wiki/Marshall_Islands
  4. petzl

    Spams received already outdated

    SpamCop cannot report these spams, but it does tell you the IP address from whence they came. Also the URL in body of message With SpamCop, a "BOT", one sometimes need to step in to do spam reports more effectively. By showing you where I would of sent them, were just letting you see example
  5. gnarlymarley

    Spams received already outdated

    Yep, looking at the headers I see a jump from smtp26.services.sfr.fr to filter.sfr.fr for the two days. It appears that sfr.fr is internally delaying the emails (since they are coming from a 10.x.x.x private address). This appears to be the case. Looking at the "Received:" lines the border server seems to be catching the spam on time, but for some reason there is a delay going to the next internal server. It appears to be a problem on the SFR servers. I think what petzl is trying to say is currently SpamCop thinks 173.240.15.12 should go to abuse[at]dacentec[dot]com but the whois.arin.net (where people in North America gets their IPs from) says the IP should be reported to abuse[at]bigboxhost.com. As long as abuse[at]dacentec[dot]com keeps rejecting spamcop reports, manual sending may be required. Looking at the routing details, it does appear that spamcop does not want to send to abuse[at]bigboxhost[dot]com, but would prefer dacentec even though it bounces.
  6. Gingko

    Spams received already outdated

    One more thing about these spams: Although it is difficult to completely verify, I have some reasons to think that some of these spams, received once by SFR, could have be handled internally by SFR and distributed more than once to the recipient at random intervals. I receive many of these spams several times with identical contents, like if they would come back after having been completely deleted from the mailbox. After reporting, they could sometimes have been seen as duplicated reports. And if I look at my past reports history ( https://members.spamcop.net/mcgi?action=showhistory ), I can see that about half of them have been handled as "No reports filed" by Spamcop, without any more explanation. Gingko
  7. Gingko

    Spams received already outdated

    I don't understand. Where should I forward this if it is not to Spamcop? I hope you are not telling me to forward directly to the spammer or to some hosting service related to it? Gingko
  8. Last week
  9. petzl

    Spams received already outdated

    You need to forward from your email account with this preamble at top of report http://173.240.15.12 Name: lebis.disians.com IP: 173.240.15.12 Domain: disians.com\ Registrar Abuse Contact Email: mailto:abuse[AT]web.com EMAIL IP 173.240.15.12 abuse[AT]bigboxhost.com SpamCop has this wrong http://b.link/E-Leclerc-fr IP 18.208.23.249 abuse[AT]amazonaws.com Then paste headers and text body as you did for SpamCop
  10. Gingko

    Spams received already outdated

    The ISP has be contacted by many angry users (not by me yet) for several weeks, and they only give hackneyed answers like "we are working on it" (for weeks !). About tracking URL, ok, so you are speaking about URLs specifics to a particular spam as it changes for each spam. For the quoted headers above, the tracking URL is https://www.spamcop.net/sc?id=z6611133626z038eafa006f7aed4232b8a0c6617a97az And NO, if I look at the headers of some regular mails, they do NOT go through front26-smtp-dirty.sfrmc.priv.atos.fr. Gingko
  11. +BFsej@2n

    no TLS?

    First of all the login page then should provide a valid certificate, which it does not. And secondly the http login page should be redirected to https which it does not either
  12. gnarlymarley

    Why does abuse@amazonaws.com get /dev/null?

    I can agree on this, however my recent troubleshooting appears that the person/people that are managing the abuse mailbox do not seem capable of clicking on the tracking URL. Also, they do not accept attachments either. I found that I have to copy out the spam email to the body of a message when I manually send to the abuse mailbox. It would be nice if this could be automated such as appears with the level3, but amazon seems to keep changing the reporting rules.
  13. Lking

    Spams received already outdated

    Thanks for the information. The tracking URI others suggested would have given others access to the information you provided above AND allowed visibility to the actions by the parser. I would think that a talk with your email service provider is in order. As you noted the delays reflected by the top three Receive entries is, I think, excessive. Have you brought this to your ISP's attention? They may not be aware of the delay, nor the consequences. It is likely that none of their other customers report spam and care about the delay in receiving spam. I am amused by the server name: front26-smtp-dirty.sfrmc.priv.atos.fr Does you other email go through this server? Or only spam? I would not want to assign motive to the delay in receiving spam. As I said, your provider my not be aware of the delay caused by the spam filtering/ email Authentication process. For your reference the tracking URL can be found a the top of the reporting screen following the lines above.
  14. Gingko

    Spams received already outdated

    Here is the header's of a typical spam that I received that way : You can see that the spam was sent on January 20th at 20:29 CET, but I received it today 13:59 CET. There is a "Received:" line for that, but SpamCop ignore them as the three last "Received:" lines are internal handling from the receiving ISP declared in the mailhosts setup … thus this internal handling is spanning 5 days ! A large part of the spams that I receive on this address has this huge internal handling time property. And this concerns only spam. Regular messages that I send to myself to the same address are delivered in a matter of seconds. Gingko
  15. C2H5OH

    no TLS?

    For information; Firefox now warns whenever I try to go to forum pages. "Websites prove their identity via certificates. Firefox does not trust this site because it uses a certificate that is not valid for forum.spamcop.net. The certificate is only valid for the following names: cloudfront.net, *.cloudfront.net Error code: SSL_ERROR_BAD_CERT_DOMAIN" - Clicking through the warnings and proceeding regardless will open the forum pages.
  16. gnarlymarley

    no TLS?

    My guess is that when the forum was setup not very many people were using https. At that time, the FBI and NSA had the capability to decrypt https trafffic. The place where encryption should be is on the login page. In my own opinion (completely my own opinion and not anyone else's) a public accessible forum (that does not require a login to read) should not need TLS or https encryption on the pages that anyone can read.
  17. gnarlymarley

    reveal obfuscated url for reporting

    Back on v4, I thought I remembered that spamcop use to do this with some URL forwarders. I ran across another post (shown below) before the V5 upgrade and I suspect they took out the unobfuscation section.
  18. gnarlymarley

    Replies from spammer BOK IQ PL

    Hetzner.de is basically the same. I meant to say the from address that would be sent to the ISP when you click the send spam reports button is unique and contains the report ID that goes to the ISP. It should would be nice if the ISPs could setup a unique address or method to accept spamcop all reports without the requiring their users to sign up.
  19. petzl

    Spams received already outdated

    When some email server or Botnet starts spewing spam, occasionally they are taken offline. but when started up again it finishes the out of date spew! When you parse spam at top of page before you submit there is a tracking URL posting this, one can look up IP's to see when spam was happening and when it stopped and if it restarts For instance 35.182.184.76 couple of sites I use to check, was a Botnet, but it now seems a malware scan was done and has fixed it. https://talosintelligence.com/reputation_center/lookup?search=35.182.184.76 https://www.abuseat.org/lookup.cgi?ip=35.182.184.76
  20. Gingko

    Spams received already outdated

    Ahem… Of course, yes, but… What are you calling “A tracking URL”, and how could it be useful, especially in this case?
  21. gnarlymarley

    SpamCop Emails To Me Bounce

    I had this happen with my account on gmail. I had to find all the related message in my spam folder and mark them as "not spam" in order to get their spam rules to stop rejecting it. For me, it all started when google changed their rule system and needed every thing to be setup again. So far I have all seems good for me. Hopefully this might help you.
  22. gnarlymarley

    Spams received already outdated

    A tracking URL would be useful. Also if you look at the headers, is your border server putting on an old date? Spammers have been known to put in faked headers with old dates to try to confuse the SpamCop parser. This is why the mailhosts setup now exists is to cause the parser to stop at your border server. This is so that the correct IP and date can be picked up by the parser.
  23. Hello, I have a problem that for about two week, I have two mailbox (hosted by the same operator) which are flooded by spam having weird characteristics : Most of the received messages are already outdated, meaning that if I use Spamcop for reporting them, they are rejected because they are more than 2 days old, despite the fact that I submit them as soon as they are received. If I delete them from the mailbox, it happens quite often that they come back a few hours later, like if I never deleted them. All of these spams originates (apparently of course as these sender address are always fake) for me (it may be different for other users) from only 3 different mailboxes : 1 - Info@taobao.com 2 - mailer-daemon@amazon.com 3 - mailer-daemon@sourceforge.net All of this suggests that the operator itself could be involved in this situation. I'm not the only one having this problem, actually there is a large topic (38 pages so far) from the community forum of this operator where many users are complaining about the same problem : https://forum.sfr.fr/t5/votre-messagerie-sfr-mail/mail-suspect-reçu-de-ma-propre-adresse-mail-et-nombreux-spams/td-p/2164708 The hosting operator is not less than SFR, which is one of the 4 main telephony and Internet operators on the French territory. For me, this lasts since January 9th, and I got about 140 spams that way, so far. But for other users, this seems to be older. I would like to know what you think about that as I fear this is likely to defeat the Spamcop system. Regards, Gingko
  24. gnarlymarley

    Any point in reporting spam from AMAZONAWS?

    I do find it interesting that I still get the occasional spam from a specific "claimed" helo name and from. Seems like the spammer is able to stand up new EC2 instances almost as soon as amazon "claims" they are resolved the issue.
  25. gnarlymarley

    Can I forward spam Emails as attachment for reporting ?

    Yes, just attach the spams to an email that is heading to your submit address. The parser only recognizes them as an attachment.
  26. I moved this post to a more appropriate forum. Your question is about reporting mot the blocklisst Yes you can report spam as an attachment. Send the spam as attachments to the private submit email address you received when you created your spamcop.net account. Be sure to include the complete email including header and body.
  27. Hello Everyone Here, I get hundreds of spam emails daily and it is cumbersome to forward each emails to spam reporting. Can I forward all such spam mails as attachments ? Will the system recognize and extract/check necessary data from such emails ? Please enlighten us on this ?
  1. Load more activity
×