Jump to content

All Activity

This stream auto-updates     

  1. Today
  2. Yesterday
  3. 20.33.0.0 - 20.128.255.255 is Microsoft but SpamCop reports 20.73.0.72 directly to the spammer. I've seen similar misreporting for other Microsoft-hosted spammers. https://www.spamcop.net/sc?id=z6692876685z0b26f07c4b20c3a2543ebe996cd74d4fz Routing details for 20.73.0.72 [refresh/show] Cached whois for 20.73.0.72 : abuse@microsoft.com Using best contacts abuse@microsoft.com Using rdns to route to correct Microsoft department host 20.73.0.72 = vi44.viv0digital.com. (cached) abuse net viv0digital.com = postmaster@viv0digital.com In this case, the spammer is sending "invoice reminders" purporting to be from Brazilian carrier Vivo with "download/print" link that redirects to a java scri_pt-wrapped malware download.
  4. Last week
  5. Lking

    Website wordpress

    The original post is off topic for this forum. the link was broken so as not to promote the site. Later: The same member came back and posted additional links to the same website. Enough is enough and so the poster was restricted from posting and ALL their post were hidden. (which is why my post is just hanging out here.)
  6. gnarlymarley

    No data / Too much data

    Does this post help? http://forum.spamcop.net/topic/9324-unable-to-process-message-hearders-in-reporting-tab/?do=findComment&comment=63654 If I click "Process spam" without having the textbox above filled out, I get a similar message. Try going to https://www.spamcop.net/, without the sc at the end of the URL.
  7. Earlier
  8. Bellsouth Email Login

    Please help! sent email and it bounced sbcglobal.net!!!

    Excellent list! Extremely useful info specially the last part I care for such information much. I was seeking this certain information for a very long time. Thank you and best of luck. We Also Provide the same service about Bellsouth Email Login Account Thanks
  9. I will try the spamcop link but aside from the missing n's in the headers of the form x-inbound-n.inbound.mailchannels.net headers, the parser has also been hanging on other kinds of mailchannels headers. Also for one spamcop account the mailchannels entry in Mailhosts periodically disappears entirely, and for another spamcop account mailchannels cannot be added to Mailhosts at all.
  10. Hello Everybody! For almost 20 years I never had any problems reporting spam till last 2 weeks. No matter what I've tried, I'm getting: " You are most likely submitting a very large email", "firewall", " linked to the wrong URL or your browser" which neither would be applicable as far as I can see. Any ideas what is going on?
  11. Assumed EWV was a paid user? not sure what is available for free service? But couldn't hurt? Same applies https://www.spamcop.net/fom-serve/cache/401.html
  12. Petzl, your link required authentication. Did you mean https://www.spamcop.net/fom-serve/cache/401.html?
  13. Try sending message to SpamCop service https://mailsc.spamcop.net/fom-serve/cache/401.html "Mailhosts" in "reason for contact" In dialogue box next page : Mail Hosts that need whitelisting in my Mailhosts 199.10.31.238, inbound-egress-6.mailchannels.net 199.10.31.237 inbound-egress-5.mailchannels.net ? I think but there are more suspect the lot will be found by SpamCop? postfix-inbound-0.inbound.mailchannels.net postfix-inbound-3.inbound.mailchannels.net postfix-inbound-4.inbound.mailchannels.net postfix-inbound-5.inbound.mailchannels.net postfix-inbound-6.inbound.mailchannels.net postfix-inbound-7.inbound.mailchannels.net postfix-inbound-11.inbound.mailchannels.net
  14. What do I have to do to get this fixed? For one spamcop account I can't add mailchannels to Mailhosts at all. "Mailchannels" as the standard name reverts to non-mailchannels servers at dreamhost. (Dreamhost is using mailchannels to intercept and scan mail.) For my other spamcop account mailchannels can be added to Mailhosts but periodically disappears and has to be added again. Even while mailchannels is registered with Mailhosts it still does not work because of additional servers with ambiguous headers inserted by mailchannels into incoming email that prevents further parsing to the spam source. Ken Simpson, from mailchannels, above says they are inserting internal servers with IPs like 0.0.0.0:2500 but the spamcop parser hangs at ambiguous IPs like https://www.spamcop.net/sc?id=z6691078615zd435ce8b004b579b41b019fa65a5d50ez 3: Received: from inbound-trex-2 (100-96-24-78.inbound-trex.inbound.svc.cluster.local [100.96.24.78]) by postfix-inbound-2.inbound.mailchannels.net (Postfix) with ESMTP id 0F77480112 for <x>; Mon, 16 Nov 2020 10:20:43 +0000 (UTC) No unique hostname found for source: 100.96.24.78 Meanwhile, after four days, dreamhost support is not responding. What does it take to get this fixed?
  15. Steve

    Spam by SMS?

    Yep, I do that every time I get a spam text. I also block the number it came from.
  16. https://talosintelligence.com/reputation_center/support#faq3 Displaying behavior that is exceptionally bad, malicious, or undesirable Has your/3 email servers listed as "poor" but not on any blocklists So maybe you should read the above Cisco link, it may help? you are listed on backscatterer (bounces) the site may ask for free sign-up just close the dialog box no need to "sign-up" https://mxtoolbox.com/Problem/Blacklist/BACKSCATTERER/?page=prob_blacklist&amp;ip=199.10.31.238&amp;link=button&amp;action=blacklist:199.10.31.238&amp;showLogin=1&amp;hidetoc=1&amp;reason=127.0.0.2
  17. Hi, I work for MailChannels. We have a few internal MTA hops while processing incoming email in our inbound filtering service. At each hop, we add a Received header as per the RFCs. Some of the internal MTAs are on private IP addresses. The 0.0.0.0:2500 Received header is the first hop into our edge SMTP proxy. While it's not super cool to have an IP of 0.0.0.0, we don't believe it's inconsistent with the RFC. But please, if we're doing it wrong, we want to fix this and would be keen to know what you all think is the correct way to add headers. Thanks Ken Simpson MailChannels CEO
  18. Hmmm, I noticed your second line does not properly match the first one. Specifically the "by 0.0.0.0:2500" section does not match a mailchannels line of "inbound-egress-6.mailchannels.net". Something is strange where the headers do not see to match up. If nothing was lost, then this would be from an internal mailchannels user. 1: Received: from TrololoVPN ([UNAVAILABLE]. [163.172.137.93]) by 0.0.0.0:2500 (trex/5.18.10); Thu, 12 Nov 2020 21:07:09 +0000 No unique hostname found for source: 163.172.137.93 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line.
  19. All of my incoming mail at dreamhost now has these mailchannels headers inserted, which blocks spamcop parsing to find the source. Submitting any incoming mail to the spamcop parser results in hanging on mailchannels Received headers, and the parser "finds" networking@carbon60.com (mailchannels) as the reporting address. I have tested this on random non-spam incoming mail (which is not reported). The mailchannels headers make finding and reporting spam impossible, except that mailchannels takes credit for the spam and its headers are in fact responsible for protecting spammers from being reported. Dreamhost also funnels all outgoing mail to mailchannels to intercept and scan. Aside from the privacy problem (echoing Google mail surveillance), this results in occasional, to an unknown degree, random outgoing mail being disparaged as "junk" in mailchannels headers, which in turn sometimes causes the perfectly valid mail to bounce or be diverted into a receiver's spam folder. But that is a different problem than the one with incoming mail and the disruption of spamcop parsing, which is a new problem. I don't know if this mess is caused by dreamhost, mailchannels, the spamcop mailhosts system, or some combination. I have reported it to dreamhost but am still waiting; they are very slow and the first rounds of their eventual 'responses' are usually oblivious to the problem reported.
  20. https://www.spamcop.net/w3m?action=checkblock&amp;ip=163.172.137.93 spam is bombing the world fake email addresses included 199.10.31.238 is a cloud account possibly compromised?
  21. Another example: https://www.spamcop.net/sc?id=z6690587707z0afbb907bf385a3a5839c4d16a400f48z This has not been reported so as to not duplicate.
  22. Would help if you could send a Tracking URL which is at top of parse BEFORE you submit spam example Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6690533908ze72fd31a4dff786edaf29eccae16c308z
  23. Adding mailchannels to mailhosts was confirmed in mailhosts, with no change in parsing behavior. Parsing submissions have been only after Mailhosts was updated. Mailchannels later disappeared from mailhosts entirely and could not be added back: Selecting the "standard name" mailchannels resulted in the options to select only dreamhost servers (the base mail host already registered long ago). Hours later I could then add mailchannels servers again, but still with the same aberrant behavior blocking parsing for mail hosts preceding mailchannels in the Receive headers. For a second spamcop account, used only for quickreporting, I have not been able to add mailchannels to the mailhosts at all, with the only options being the dreamhost mail servers after specifying the standard name 'mailchannels'.
  24. petzl

    Any point in reporting spam from AMAZONAWS?

    Here is your TRACKING URL - it may be saved for future reference: https://www.spamcop.net/sc?id=z6690533908ze72fd31a4dff786edaf29eccae16c308z Seeing forged headers! Hotmail never show originating IP. With Gmail a powerful tool is to mark it as "Phishing" Usually/often if you click unsubscribe it tries to get you to send a mail bomb to 50 reply addresses Azure are offering spammers free throwaway cloud accounts, for couple of years now. They need to get a valid credit card number to stop this spammer, SpamCop parse picked up Azure in headers spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com
  25. You can try adding the same email address to your mailhosts again and then go back to the previous tracking URL to see if it picks it up. I don't think the mailhosts updates itself automatically.
  26. mailhosts only allows adding mx1.mailchannels.net. (pri 0) and mx2.mailchannels.net resulting in: inbound.mailchannels.net postfix-inbound-0.inbound.mailchannels.net postfix-inbound-3.inbound.mailchannels.net postfix-inbound-4.inbound.mailchannels.net postfix-inbound-5.inbound.mailchannels.net postfix-inbound-6.inbound.mailchannels.net postfix-inbound-7.inbound.mailchannels.net postfix-inbound-11.inbound.mailchannels.net Missing from that list is (at least)#2: postfix-inbound-2.inbound.mailchannels.net and more fundamentally inbound-splitter.mailchannels.net resulting in spamcop hanging before getting to the spam source, for example: 2: Received: from inbound-trex-4 (100-101-84-158.inbound-trex.inbound.svc.cluster.local [100.101.84.158]) by postfix-inbound-4.inbound.mailchannels.net (Postfix) with ESMTP id AAE1520251 for <x>; Thu, 12 Nov 2020 10:19:05 +0000 (UTC) No unique hostname found for source: 100.101.84.158 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. for headers: ... Received: from inbound-trex-4 (100-101-84-158.inbound-trex.inbound.svc.cluster.local [100.101.84.158]) by postfix-inbound-4.inbound.mailchannels.net (Postfix) with ESMTP id AAE1520251 for <x>; Thu, 12 Nov 2020 10:19:05 +0000 (UTC) Received: from inbound-trex-0 (100-96-26-96.inbound-trex.inbound.svc.cluster.local [100.96.26.96]) by postfix-inbound-splitter-0.localdomain (Postfix) with ESMTP id EBBED20032; Thu, 12 Nov 2020 10:19:00 +0000 (UTC) Received: from p110239-ipoefx.ipoe.ocn.ne.jp (p110239-ipoefx.ipoe.ocn.ne.jp [153.246.145.238]) by 0.0.0.0:2500 (trex/5.18.10); Thu, 12 Nov 2020 10:19:00 +0000 p110239-ipoefx.ipoe.ocn.ne.jp escapes being reported.
  27. Thorin

    Any point in reporting spam from AMAZONAWS?

    Actually Microsoft did something: after reporting any of the spamming hosts hosted by Azure belonging to the AAMC house of spamming rats they may have taken down since every spam run I got after was originated from a different IP address. Same goes for the spamming assholes at Wowrack.com, my old date spam companions since years (not over numbering, it is years they go on sending me their crap): the last one I reported was this one ARC-Authentication-Results: i=1; mx.google.com; spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com Return-Path: <nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com> Received: from a7vp.j9glM2hEsnKgKqRD.COM (bqsqtintn-14.northeurope.cloudapp.azure.com. [13.79.243.243]) by mx.google.com with ESMTP id z4si2987582wmi.27.2020.11.11.10.13.22 for <xxx.xxx@gmail.com>; Wed, 11 Nov 2020 10:13:22 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) client-ip=13.79.243.243; Authentication-Results: mx.google.com; spf=pass (google.com: best guess record for domain of nvrkhlhohoras@fantomiil-1.australiacentral.cloudapp.azure.com designates 13.79.243.243 as permitted sender) smtp.mailfrom=nvRkHLhoHOraS@fantomiil-1.australiacentral.cloudapp.azure.com Received: from efianalytics.com (efianalytics.com. 216.244.76.116) List-Unsubscribe: <zMqRVfXQsini-hPIgoLQwVVoQ@[dom]> From: "Melania" <xxx.xxx.zNDxUaxOIVsY@RpiLylERPzCP.edu.se> Date: [Date] Subject: CONFIRM YOUR "UNSUBSCIBE" PLEASE xxx.xxx. and seemed to hit since on the following spam run they came back using their german spamming rats associates, xsserver.gmbh: this is a sample of two days ago Delivered-To: xxx.xxx@gmail.com Received: by 2002:ac9:686:0:0:0:0:0 with SMTP id o6csp292041oco; Tue, 10 Nov 2020 21:19:53 -0800 (PST) X-Google-Smtp-Source: ABdhPJztzuLv5vnsJfVUnMWp3RtQyNHtoS7WajK+8o7FBtLUZRW3u29YCqyBD11SIxCZk0tk518g X-Received: by 2002:adf:f246:: with SMTP id b6mr27298463wrp.111.1605071993246; Tue, 10 Nov 2020 21:19:53 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1605071993; cv=none; d=google.com; s=arc-20160816; b=bZNM3+3jdF4rkMz9lTocNi2BVWO3/gf+prBqKbx+TqakiDF2hxVGc2GBa/Devw/mAP ZEGwezR+ndZ9wENzeRUeRh1/EwpyoUOn9/pZi6E8FuwLHh6Pcjoen2KPj0lZOdKzJ679 c71MTrZxgJwKt/R0ZfuOVuvwijXPPCapENDVMBEjZhlDRfbiJLKFbiqaRhTMJW0YkMTn PTCHgqaId7e6QsiJ+UGS9NpY1O+xNCzV01hUfq1AIUa2+ekTcinJXFxVTtNTaxkNnP5/ lJ7P7pSrtg7MVt3HF3pVLA8W5BCnJoPpnZWPkwOySy2prcZxOg5AkRiM6iS9fAm/eFWe 0ueg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=message-id:to:subject:date:from:list-unsubscribe :domainkey-signature:dkim-signature; bh=FcDs18rHaqo4LJ7x5Wp9kyyTbjq22dbZ7+yVDxCfJIo=; b=da6yXO+HBBgxvJqd22/cKrI0fjx6ge07ExSDX5EWJ13GhwroTnm3/P5sCwLmhbh1eU A+csULMWjSPniqdDsW0dHFHvhSM25I4mkQe509x6aqyX+E3Enf0uIAsUhPsBZnwjWRta VXj7Yb0Ofm0ZXd8nqKTjv5eMoIGklFR0Yaez1mSjyhHkvHB1CbpyFLHRESeXZDhXZ+f5 rdWQxevaxOrmV8AG/a1f9zb+YkVAgIXzSTAg+D8ft01na1C8mNNlac+usfoI/Vn1FNmQ IYXz3IwgNXsK0m/uxpcnoPlaKK/Pxjjle2qMFqxbyvXcVqldI3mTJzJB4KBS8wf1o/Qt a/ZQ== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@spotnika.com header.s=mail header.b=jrWGr7Fx; spf=neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) smtp.mailfrom=abuse@chacha.com Return-Path: <abuse@chacha.com> Received: from spotnika.com (spotnika.com. [195.62.46.23]) by mx.google.com with ESMTP id x184si1107042wmx.89.2020.11.10.21.19.52 for <xxx.xxx@gmail.com>; Tue, 10 Nov 2020 21:19:53 -0800 (PST) Received-SPF: neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) client-ip=195.62.46.23; Authentication-Results: mx.google.com; dkim=pass header.i=@spotnika.com header.s=mail header.b=jrWGr7Fx; spf=neutral (google.com: 195.62.46.23 is neither permitted nor denied by best guess record for domain of abuse@chacha.com) smtp.mailfrom=abuse@chacha.com DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/relaxed; s=mail; d=spotnika.com; h=List-Unsubscribe:From:Date:Subject:To:Message-Id:Content-Type; i=replyin@spotnika.com; bh=V07rnCA3cx7MJcl9lmTySlHt7EU=; b=jrWGr7FxYhiOm1OFdEwoF/lTpDPt16JdqW+phWTXcLn5Zh1GFNIaob1orlYXrLJiT3E1yYEUcimG fBhzb5vgGx5fMQMZMlNoPrqWnYOlBHLBqXZaOqje+y+SaLb+Tri9zRHq6NM4X7U8RQraJ0pl4xRR KBPzlAN5XRIG/7DTi9Q= DomainKey-Signature: a=rsa-sha1; c=nofws; q=dns; s=mail; d=spotnika.com; b=f+PMNcWX1nExvD8FxJ2mi8A7KzpArc3JfPbg9avARBzePrxN4K1T0f5aOnbJX2GTFFsPRf0GnliJ ol0wFV/akOFWQcBfrdj7d2xwidZizqIHHWPnM84EaT4nAPpj8ci16v6FaBrVsUdvPZzYWte/2w7r /Hc5PXivOMp30zKPZng=; Received: from efianalytics.com (efianalytics.com. 216.244.76.116) List-Unsubscribe: <Ukvp3bFB8gLt3ZzBr-KLo7x3HcafaJ@spotnika.com> From: LawsuitWinning <replyin@spotnika.com> Date: Tue, 10 Nov 2020 14:35:58 -0600 Subject: Boy Scouts Abuse Victims, Read This! Free Legal Review and Potential Compensation To: xxx.xxx@gmail.com Message-Id: <Ukvp3bFB8gLt3ZzBr-KLo7x3HcafaJ@spotnika.com> X-EMMAIL: xxx.xxx@spotnika.com Content-Type: text/html; charset=utf-8
  28. petzl

    Any point in reporting spam from AMAZONAWS?

    spam stops when I report to Cert for me but takes microsoft around a month to reply? I don't use SpamCop to report this they all need truncating. Microsoft claim they need full headers and body, I forward message name their IP and past headers and body a space below.
  29. Thorin

    Any point in reporting spam from AMAZONAWS?

    Ehm, I already told I am always reporting to Microsoft regarding Azure spam both via e-mail (junk@office365.microsoft.com, abuse@microsoft.com, secure@microsoft.com, msndcc@microsoft.com, IOC@microsoft.com, report_spam@hotmail.com), SC and cert.microsoft.com website but it's always just like writing to /dev/null, they don't seem to take it seriously since the AAMC spamming rats always come back with new IP addresses to spam from.
  1. Load more activity
×