All Activity

This stream auto-updates   

  1. Yesterday
  2. Last week
  3. The New Feature Request forum would be the place for such a suggestion.
  4. Abuse contact for cloud.promodeals.nl [109.237.218.48] is abuse@mihos.net This is one of those entries in RIPE where the reporting address is an inline image and not parseable from the text whois.
  5. Any chance of getting SpamCop to add a dynamic "additional reporting address" so that we can manually enter the address at reporting time?
  6. They're back at it this morning. Getting a steady influx of the IP missing emails. Sent a tech support request to my provider to see if they can make anything out of it. The peace and quiet was nice while it lasted. Oh yeah, the other brain booster spams had quieted down too but they're cranking back up also.
  7. Hello I have been reporting spam with Spamcop for many years (from abt. 1995 I think). But this spam is recurring and I get alot of it every day. The scary thing is that they know my phonenumber. I also believe Spamcop's report is wrong for this spam, as I have reached out to one of the address and they have been helpful tracking the source of the spam (4vendeta.com). They say that's the only thing they can do. What more should I do? It's illegal to send spam here in Norway as well, but what to do when the senders are not interested to stop it and just answer back with foul language when asked? When there's a known spammer, it should be possible to put a stop to it in an effective way. Best regards, Kjell Inge Sandvik Norway
  8. Here's a status update. I got a note from the tech support folks where I host my email and it said... I'm not exactly sure what that means but the good news is I haven't had any orphaned (No source IP) emails in about 24 hours now. As a matter of fact the quantity and frequency of spam has suddenly decreased to almost nothing. So I guess we'll see how long things remain quiet until the spammers gear up again.
  9. Welcome to the spam fight. First of all responding directly to a spammer confirms that your email address is real and someone reads it, makes your email address more valuable to them for sale to other spammers. -- A mistake we all have made at one time or another. I would suggest the best thing to do is to open a reporting account at SpamCop.net and then report their spam. When you report spam to SpamCop, it does two things: 1. Information you submit is used to build SpamCop's Block list which can be used by email providers to help filter spam from their customers inboxes. This may not directly help you keep spam out of your inbox, but you get lots of good karma for helping others. 2. SpamCop send "spam Reports" to the ISP sending the spam and upstream providers letting them know they are supporting a spammer, and that as a result their IP address may be blocked and that this will affect all their clients. This hopes that the ISP is a good 'internet neighbor' and will take action to remove the blight from the email system. 3. As a low priority, SpamCop also tries to send spam reports to the host of any website advertised in the body of the spam. This is a 'follow the money' approach to stopping spam. There are also other sites that accept your spam as part of the fight to stop spam. I also report/forward all my spam to http://www.knujon.com (No Junk spelled backwards). KnujOn has #3 above as their priority. I do not know about Norway, but in some countries the government have programs to stop spam.
  10. Hello all. Just want to notice you of a firm called 4vendeta LTD (4vendeta.com). It seems that this firm is located in Bulgaria, but is run by russians. I've got countless recurring spams asking me To re-order something that has been cancelled To confirm my mobile-number When confronting 4vendeta that they probably have user(s) that is producing spam, all I get for answer is just "fu** you" and a picture of a fox sitting on the toilet. I take this as a proof that this firm actually now that their are spamming, and want to. But it shouldn't be nescessary to answer in this unpolite manner. What can we do to this attitude? I'm far from a expert so a little help would be nice. I want to bring this firm down. Regards, Kjell Inge Sandvik Norway
  11. Earlier
  12. Yes. With an abundance of caution SpamCop stops when email header standards are not followed. In this case the parser does not have the information/ability to know with certainty the source of the email, therefore does not "want" to run the risk of falsely identifying the source.
  13. This report https://www.spamcop.net/sc?id=z6397987359zc635571074ec887a3fe4f62e433eeb25z produces a "This email contains no date" A search of the forum showed one reply to a similar report saying that this was due to the first "Received:" entry not having a data. The first Received line in this email has a data, although the second doesn't. Is that enough to cause the report to be rejected? First 3 Received lines: Received: from spica04.aul.t-online.de (rSFFKsZ6YhdqYsoski2XUd2+MvprEnW1kpyZfto8BeXrryvFCk6vAdTtlIgv6zTQKd@[172.20.102.131]) by fwd30.aul.t-online.de with esmtp id 1dh7ru-1o5d2G0; Mon, 14 Aug 2017 07:24:50 +0200 Received: from 101.222.168.155:14608 by cmpweb17.aul.t-online.de with HTTP/1.1 (Lisa V4-9-4-0.14023 on API V5-8-0-0) Received: from 172.20.102.123:17644 by spica04.aul.t-online.de:8080; Mon, 14 Aug 2017 07:24:49 +0200 (MEST)
  14. I contacted the folks that are hosting my email. I could tell that the tech support guys was "outsourced" and he didn't seem to be interested in the issue but he at least let me email him a file with all the header info, I haven't seen any let up in the frequency of these "orphaned" emails nor have they contacted me back. In a about a 13 hour period overnight I received 28 spam emails and 11 of those I couldn't report because of no source IP.. All emails are essentially the same subject about some kind of brain boosting pill and all emails are formatted in plain text. Without giving up any of my personal info here's a snippet of what I'm receiving; Received: from localhost (localhost.localdomain [127.0.0.1]) by mail.grupoitm.lan (Postfix) with ESMTP id 5C766FAB454; Mon, 14 Aug 2017 03:48:58 -0600 (CST) Received: from mail.grupoitm.net ([127.0.0.1]) by localhost (mail.grupoitm.lan [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 3xff6aC6fjRp; Mon, 14 Aug 2017 03:48:57 -0600 (CST) Received: from [127.0.0.1] (unknown [84.238.197.88]) by mail.grupoitm.lan (Postfix) with ESMTPSA id A7E26FAB458; Mon, 14 Aug 2017 03:44:12 -0600 (CST) Received: from mail.grupoitm.net ([190.148.69.250]) by mx.perfora.net ############### My host's address and "To" info Subject: Boost your intelligence thanks to these tablets Date: Mon, 14 Aug 2017 05:44:14 -0400 Message-ID: <646B5A86.4477323@grupoitm.net> MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit
  15. Just to confirm, you're saying that the spam is originating from the same place that is hosting my email account???
  16. I usually see this when the spammer is using my local email provider. Since spamcop is external to my email provider, I have to use the "report spam" button to get it sent to the postmaster to deal with. Before the report spam buttons and back around when spamcop began, we used to forward those emails to abuse@[relatedISP].com.
  17. I've been getting a bunch of spam that cannot be processed. The messages I get are; Mailhost configuration problem, identified internal IP as source No source IP address found Nothing to do. I don't want to publicly post the email headers. I just need some advice on what to look for or perhaps what I can do about this. Thanks.
  18. Sorry, unfortunately when the forum was moved to new software many link were broken.Try https://www.spamcop.net/reported.shtml SpamCop Blocklist Help If you don't find an answer that helps, Ask again.
  19. Hello, http://forum.spamcop.net/forums/index.php?showtopic=11512 The page you requested does not exist. How to solve the same problem?
  20. Interesting that the both the command-line version as well as the "Display Data" link show this as plain text. It sure does confuse the parser. I wonder why RIPENCC has changed the data? https://www.spamcop.net/sc?action=showcmd;cmd=whois 185.202.173.233%40whois.ripe.net
  21. https://www.spamcop.net/sc?id=z6396719619za31ed22231ee686eb352332a73d014d9z IP address in question is 89.144.55.71, within 89.144.0.0 mask 255.255.128.0 Someone (on a dsl ip address) manually added a reporting address (as shown in the ARIN comments), but it bounces. The whole setup looks suspicious. Maybe reports should go to their upstream, ghostnet.de?
  22. I'm guessing that RIPE has achieved their objective by making the "Abuse contact" a CAPTCHA. I would suggest when you find situations like this during your research that you make an entry in "Reporting Help" -> "Routing/ Report address issues" forum.
  23. https://www.spamcop.net/sc?id=z6396626348z83eec1a7ee976570e7ece110f3a27b86z Return-Path: <RalphLauren@wolved.info> X-Original-To: x Delivered-To: x X-Greylist: delayed 00:06:28 by SQLgrey-1.8.0 DKIM-Filter: OpenDKIM Filter v2.11.0 smtp.jhmg.net 937B2403AA Authentication-Results: smtp.jhmg.net; dkim=pass (1024-bit key) header.d=wolved.info header.i=@wolved.info header.b="DpuNugtc" Received: from smoking.wolved.info (smoking.wolved.info [185.202.173.233]) by smtp.jhmg.net (Postfix) with ESMTP id 937B2403AA for <x>; Tue, 8 Aug 2017 13:08:43 -0400 (EDT) Here's the SC interpretation... Tracking message source: 185.202.173.233: Display data: "whois 185.202.173.233@whois.arin.net" (Getting contact from whois.arin.net ) Redirect to ripe Display data: "whois 185.202.173.233@whois.ripe.net" (Getting contact from whois.ripe.net) Lookup fdl258-ripe@whois.ripe.net Display data: "whois fdl258-ripe@whois.ripe.net" (Getting contact from whois.ripe.net) fdl258-ripe = whois.ripe.net 185.202.173.233 (nothing found) No reporting addresses found for 185.202.173.233, using devnull for tracking. HOWEVER... see the attached image. The issue is that the reporting address is an image and not text. Are there any solutions? It would be really helpful if we could add an ad-hoc destination on the analysis results screen to cope with this issue.
  24. Abuse contact for 107.173.54.128 - 107.173.54.255 is abuse[at]hudsonvalleyhost.com
  25. michaelanglo and lisati, I believe are both correct. I overlooked/ forgot the detail that the original email was sent to a friend that was using the same office email system (At least we are assuming that the original email was sent to the same email system that Steve has configured in his SpamCop mailhost). I surely do report spam from 4 domains, all mailboxes with one vary simple mailhost sense all domains are served by the same mail system/host and therefor follow the same internal path.
  26. The system used by spamcop works best if the original recipient of the unwanted mail submits the spam. An email from a colleague wouldn't normally be classed as spam, even if it's a copy of an unwanted email they've received.
  27. I don't think you are right. spam without my name anywhere is reported fine so provided 'my friend' is using the same email system and incoming servers as 'Steve' a forward as attachment looks just like a 'Steve' for mailhost analysis. Same for any system for which many email addies arrive in the same mailbox. Try it and see.
  28. I normally read my gmail account using Thunderbird, and find the Habul plugin helpful. Habul has options for sending to several spam reporting agencies, including Spamcop, in the "correct" format.
  1. Load more activity