All Activity

This stream auto-updates   

  1. Today
  2. Yesterday
  3. Sorry to hear you are getting spammed. We all have been on a prolific spammer's emailing list at one time or another. I hate to say that has guaranteed that you will get even more spam from this source. By responding, you let the spammer know that your email address is valid AND someone reads the email to fine the "Unsubscribe" link. Unfortunately an unscrupulous spammer or ISP will ignore the spam reports sent for you by SpamCop and there is nothing anyone can do about that. However, by continuing to report a given spammer, even when they cycle through several IP addresses, their IP address will be added to the SpamCop Block List, used by many ISPs to filter their clients incoming email. If your email ISP does not use the SCBL that is not much help for you I am afraid. You do collect the good karma for your efforts. If you would provide an example Tracking URL it would help others here to give you more guidance.
  4. Hello, why hasn't the spam stopped after faithfully reporting the same email address for months? They send me a few every day. I requested unsubscribe but they ignore it. I don't really want to pay for more reporting if you can't stop the spam. The address is: - martin.cox81 at gmail.com. It is from that Binary Options scammer. Thanks,
  5. Abuse contact for 185.13.104.0 - 185.13.107.255 is kadams[at]lycatel.com
  6. As you can tell from this year long thread, some spammers don't change. Reporting all spam from ocn.ad.jp and their clients that use IP addresses controlled by them, will help keep their IPs on the SpamCop block list. Yes, many ISP's use rather dumb filters, based on domain names - not IP addresses, to filter incoming email. Why someone would think a spammer would include the word 'spam' in their domain name and use that to filter email, I do not know. I believe you should be able to add SpamCop.net to your white list to over-ride the basic filtering.
  7. I get too many spams latelly from ocn.ad.jp Can we do anything to this provider? Just block all of their clients. That should make them think once their normal clients start complaining for non delivered emails. Also it is kind of funny. Gmail delivers email from this forum into spam box. Just FYI
  8. Last week
  9. Thank you alvarnell, I'll do that now.
  10. No, one account is all you will need. Just make sure to use the Mailhost tab to add in all your host servers for best results.
  11. As I have more than one email address, do I need more than one SpamCop account? - as in one SpamCop account for each separate email address? Thanks.
  12. Currently I'm not having the problem but as you can see from this thread I have had problems. Guess it is your turn in the barrel (a good place for C2H5OH, yes?)
  13. Agreed, it's a pain. It's one of those things that seem to be sent to trip us up when using automated tools to assist the reporting process,.
  14. RadicalDad is using the web form to report, so the Outlook forwarding problem isn't the culprit in this case. Maybe a re-learn of Mailhosts might fix this. Is it possible the OP's mail/Internet provider has added new servers and routes?
  15. Yes, HORDE works mainly for me too, but for the past few months whenever I try to batch-submit a bunch of spam there's bound to be one that borks the whole lot. By trial and error I remove individual spams from the batch until what's left goes through. I've begun to recognise the format of the recently appeared pest, so always keep those out of a batch, but still others can cause the same problem. I'll try to keep a list of links for the emails that have to be manually reported. When I have half a dozen or so it might become clear what's the common element. If I still can't spot it I might come back here with that list of links to see if anyone on this list is a better detective!
  16. Doing a search on "Outlook" I see problems going back to 2004. With OL messing with the header before you can get/forward it there is no fix farther down stream (towards SC). A quick look at the history leads me to believe that what OL does with the header has changed over time, so a "fix" would also have to be dynamic. That is not a workable situation. Which is to bad for your reporting. Have you looked at the possibility of using something like Thunderbird for you email? I have used it 'for ever' without problem. There also is an addon to help with reporting (to SpamCop and others).
  17. What I am noticing is that Spamcop doesn't work at all for me anymore. Wondering if all my headers have a break in the chain now so that nothing will ever be usable for Spamcop again. I currently use Outlook 2016 with an Exchange 2016 host. Have others reported this as a problem? I use the "Outlook/Eudora" work-around submission form (well, it used to be called that) via web browser (in answer to the question by C2H5OH). Appreciate you breaking the spammy link. Good idea. As above, the Spamcop parser doesn't seem to catch any of those for me now. Is there any way to fix this? spam filtering by my mail host is very good these days, so I only submit stuff to Spamcop that is extra slimy and got through my filter, in hopes it makes it to the Spamcop RBL and will be blocked for others. If that isn't the way things work, then there probably isn't a reason for me to keep using Spamcop at all.
  18. Of course no one else can process your spam and get anything but an error message. For example, if I submitted your spam none of the header would match my mailhost settings so the parser would just throw the example out. Don't know why SC dropped the link in the text except part of clearing your email witch would have been sent as a parameter in the link. But you are correct winnermistak.xyz surly is not a drop box link. When the parser goes down the sequence of Received: header entries, two internal IP are found first (172.16.0.0/12) followed by a break in the chain, so nothing usable. The link in the body would have been a low level priority even if it had not been lost. Notice I broke that link in your last post. I wouldn't want an unknown link laying around for someone to click on in ignorance.
  19. Thanks everyone. I was thinking someone would put the headers and body through the parser themselves. That is also why I left my original email address intact - thought the parser might need it. (I also thought about munging the address, but that address has been harvested many times by spammers, so I wasn't too worried. Still, removal by Lking is appreciated.) Here is the parser tracking URL: https://www.spamcop.net/sc?id=z6357239923z2f559431f437c6b4b950f1c320499087z The "click here" hyperlink is not retained by Spamcop when using the "view entire message" link from the parser. Failing to process these hyperlinks is a problem in addition to Spamcop always pointing at my mail host as the culprit. The "click here" URL is http;⁄⁄winnermistak,xyz⁄ppdpureoffice99888/index.php?userid=xxx@xxx.com (email address munged). Provided here for reference. I don't suggest anyone click on this.
  20. Don't know my use of HORDE seems to be working OK. Lucky I guess.
  21. Edited the OP in this thread to remove references to bmorris{AT} addresses as "our drinking friend" suggested. You forgot to do this as you did last time. This is a prime example for why a Tracking URL is the way to reference an example of spam. That would also let the rest of us see what the SpamCop parser did with the example. has no meaning not seeing the results of the processing.
  22. Following up this longstanding irritation; I'm receiving a minor but steady stream of spam from one source whose emails cannot be reported to SC as email attachments. All other spam reports normally. These troublesome spams can be reported using the web interface by pasting the entire message without modification into the "all-in-one submission form". I don't have to fix missing blank lines between header and body for instance. Here's a link to the successfully reported spam; https://www.spamcop.net/sc?id=z6357183132z1d69cb2dfc8b9610109ea7846ab30adez Can anyone see something in the original body that would make my email client (HORDE) fail to forward, with the familiar error message:- "There was an error sending your message. Message could not be delivered - the address was not found, is unknown, or is not receiving messages."
  23. Have you looked at the second pinned topic "Outlook received header problem" in the list above? Outlook now routinely rearranges the header lines when forwarding, so if you are running Outlook you *may not* forward your spams as an attachment for processing. Does this apply to your situation? If not - have you registered your mailhosts? - Also, is that bmorris address live? If so you'd be advised not to advertise it. I'd have edited it out for you if I knew how to do that... HTH
  24. Sometime about a year ago, I complained on these forums that Spamcop has become all but useless when using Outlook on an Exchange server. The spam report ALWAYS comes back pointing to my own email server, even when a cursory look shows the obvious source of the spam. I've all but stopped reporting on Spamcop for this reason. Someone suggested on that ancient thread that I post a sample for folks to look at. OK, here one is. Note also that Spamcop also misses the bogus hyperlink ("Click here!"), not doing any reporting at all on the bogus web host. Are the light still on here? Message header: Received: from MBX01D-ORD1.mex09.mlsrvr.com (172.29.128.27) by MBX01A-IAD3.mex09.mlsrvr.com (172.29.64.20) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27 via Mailbox Transport; Wed, 15 Feb 2017 20:56:00 -0500 Received: from MBX05C-ORD1.mex09.mlsrvr.com (172.29.128.24) by MBX01D-ORD1.mex09.mlsrvr.com (172.29.128.27) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27; Wed, 15 Feb 2017 19:56:00 -0600 Received: from gate.forward.smtp.iad3a.emailsrvr.com (204.232.172.40) by MBX05C-ORD1.mex09.mlsrvr.com (172.29.128.24) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.544.27 via Frontend Transport; Wed, 15 Feb 2017 19:55:59 -0600 Return-Path: liysc25@nottingham.ac.uk X-spam-Threshold: 95 X-spam-Score: 0 X-spam-Flag: NO X-Virus-Scanned: OK X-MessageSniffer-Scan-Result: 0 X-MessageSniffer-Rules: 0-0-0-13735-c X-CMAE-Scan-Result: 0 X-CNFS-Analysis: v=2.2 cv=QPAqfUDL c=1 sm=1 tr=0 a=wMuiOM+aJX97FqABAv1gmw==:117 a=wMuiOM+aJX97FqABAv1gmw==:17 a=n2v9WMKugxEA:10 a=KXl77lDgDEgIEtoqJYcA:9 a=jMgyydZaAAAA:8 a=TMeMXT5H6L7W2mJr2DcA:9 a=wPNLvfGTeEIA:10 a=zOPv43MEAAAA:8 a=jt-rlJBq7EhYDvrx:21 a=_W_S_7VecoQA:10 a=H_FcBddkztAA:10 a=-FEs8UIgK8oA:10 a=NWVoK91CQyQA:10 a=sRwWbsoZOIyncXQJl99K:22 a=jKBK-nmJ8lQYDYSZPBHD:22 X-Orig-To: XXX X-Originating-Ip: [128.243.43.129] Authentication-Results: smtp27.gate.iad3a.rsapps.net; iprev=pass policy.iprev="128.243.43.129"; spf=pass smtp.mailfrom="liysc25@nottingham.ac.uk" smtp.helo="uidappmx06.nottingham.ac.uk"; dkim=none (message not signed) header.d=none X-Classification-ID: 0fa97262-f3eb-11e6-9265-782bcb33f754-1-1 Received: from [128.243.43.129] ([128.243.43.129:52055] helo=uidappmx06.nottingham.ac.uk) by smtp27.gate.iad3a.rsapps.net (envelope-from <liysc25@nottingham.ac.uk>) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTP id F6/CD-22337-EA605A85; Wed, 15 Feb 2017 20:55:59 -0500 Received: from uidappmx06.nottingham.ac.uk (localhost.localdomain [127.0.0.1]) by localhost (Email Security Appliance) with SMTP id 752592DF798_8A506AEB for <XXX>; Thu, 16 Feb 2017 01:55:58 +0000 (GMT) Received: from smtp4.nottingham.ac.uk (smtp4.nottingham.ac.uk [128.243.220.65]) by uidappmx06.nottingham.ac.uk (Sophos Email Appliance) with ESMTP id 603AD2D2135_8A506AEF for <XXX>; Thu, 16 Feb 2017 01:55:58 +0000 (GMT) Received: from [130.65.254.18] (helo=DESKTOP-55DHA5K.sjsu.edu) by smtp4.nottingham.ac.uk with esmtpsa (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.85) (envelope-from <liysc25@nottingham.ac.uk>) id 1ceBFz-0002mF-Az for XXX; Thu, 16 Feb 2017 01:53:16 +0000 Content-Type: multipart/alternative; boundary="===============1385527312==" MIME-Version: 1.0 Subject: A document folder is shared with you! To: <XXX{AT}blk-ink.com> From: " '' Dropbox Support '' " <XXX{AT}dropbox3665.com> Date: Wed, 15 Feb 2017 17:53:12 -0800 Message-ID: <E1ceBFz-0002mF-Az@smtp4.nottingham.ac.uk> Sender: <liysc25@nottingham.ac.uk> X-MS-Exchange-Organization-Network-Message-Id: d19fd38f-f441-4628-3ea4-08d4560ef49e X-MS-Exchange-Organization-AVStamp-Mailbox: SMEXyGDz;1322100;0;This mail has been scanned by Trend Micro ScanMail for Microsoft Exchange; X-MS-Exchange-Organization-SCL: 0 X-MS-Exchange-Organization-AuthSource: MBX05C-ORD1.mex09.mlsrvr.com X-MS-Exchange-Organization-AuthAs: Anonymous X-MS-Exchange-Transport-EndToEndLatency: 00:00:01.0240672 Message body: Hello, Someone shared a folder with you on Dropbox. Click here to view documents. Dropbox Support. Happy sharing! NB: This message is sent to XXX
  25. I'm mildly surprised that your email was rejected, but an outright rejection for a "4XX" code has been known to happen. (A "4XX" code, 451 in your example, usually means "Try again later." While waiting for other suggestions, I'd suggest looking into why the list maintainer might have thought that your IP address had a spamtrap hit.
  26. Hi everyone, Recently I noticed that our mail server is black listed by vote.drbl.gremlin.ru Following the instructions at http://gremlin.ru/soft/drbl/en/faq.html#howtogetout I did the following > host -t any 1.2.3.4.work.drbl.gremlin.ru 1.2.3.4.work.drbl.gremlin.ru descriptive text "gremlin:Spamtrap hit" 1.2.3.4.work.drbl.gremlin.ru has address 127.0.0.2 > host -t any 1.2.3.4.vote.drbl.gremlin.ru 1.2.3.4.vote.drbl.gremlin.ru descriptive text "Spamtrap hit" 1.2.3.4.vote.drbl.gremlin.ru has address 127.0.0.2 > host -t soa vote.drbl.gremlin.ru vote.drbl.gremlin.ru has SOA record ns.gremlin.ru. drbl-79f8y6.gremlin.ru. 1486889337 10800 1800 604800 86400 I figured out, the postmaster address here is drbl-79f8y6@gremlin.ru. I sent a request to re-test our mail server, because recently we fixed some spam issues we had, but it was rejected with message (host mail.gremlin.ru[46.4.14.152] said: 451-Rejected: 1.2.3.4 is blacklisted at vote.drbl.gremlin.ru 451 Spamtrap hit (in reply to RCPT TO command)) drbl-79f8y6@gremlin.ru Do you have any suggestion how to have our IP delisted from this dnsbl ? Cheers, Johnny.
  27. Abuse contact for '62.243.40.0 - 62.243.41.255' is 'postmaster[at]abuse.mail.dk'
  1. Load more activity