All Activity

This stream auto-updates   

  1. Today
  2. Forwarding the offending emails as attachments to your Spamcop reporting account should be fine most of the time. One advantage is that you can send them in batches, and, depending on your settings, Spamcop will mung (disguise) your email address in any reports it sends out.
  3. The only advantage I can see is that it slows down probes of a login system. In addition to just the time to process two vs one screen, it would not be hard to slow roll repeated password tries for a given username. You wouldn't want to look up username and slow roll sending the password screen for bad usernames. That would reveal when they got the first part correct.
  4. I've been hit by the same problem. My mail host reports nicely back on each undeliverable mail - in the thousands now. As described above, the original mails (including the original headers) are appended to the "Mail delivery failed: returning message to sender" mails I get. And, of course, it doesn't make sense to report my own mail host as spammer... Using Thunderbird as mail client, I have developed a scri_pt which parses the Thunderbird INBOX file and extracts the original "Received: from" lines. Seems like there are to kinds: "Received: from mail.xxxx.com ([123.456.789.123]:<port number> helo=exploited.site.com)" "Received: from [123.456.789.123] (port=34176 helo=exploited.site)" (mail.xxx.com would be the name of the mail server sending on behalf of the exploited site.) It seems like - in my case - that they come in groups of up to 5, and then the source changes. In a sample of 2070 there were a total of 782 unique IP sender addresses. The text included in the original mail (spoofing my mail ID) varies sligthly - I've seen French, English, Polish, Italian texts, but more or less to the same adult point. Now, this is all very interesting, because now I have a view of the bot net used. But then what to do next? Since it's not doable to copy/paste each individual original header into some reporting tool - and since, in principle, the exploited domain owner should report the spam - can I then take this extracted information (mail server ID + IP address + exploited domain name) and report this on SpamCop or somewhere else? Ideas? /Per
  5. Yesterday
  6. Some newer web sites that require login have put the username and password entry on separate pages. I.e., you enter the username on one page and then are redirected to a second page for password entry. Is this considered to be more secure than the traditional method of entering the username and password on the same page?
  7. If the spam always has the same address just send it direct to the spam folder for reporting. Not much else can be done
  8. Last week
  9. Sorry to hear you are getting spammed. We all have been on a prolific spammer's emailing list at one time or another. I hate to say that has guaranteed that you will get even more spam from this source. By responding, you let the spammer know that your email address is valid AND someone reads the email to fine the "Unsubscribe" link. Unfortunately an unscrupulous spammer or ISP will ignore the spam reports sent for you by SpamCop and there is nothing anyone can do about that. However, by continuing to report a given spammer, even when they cycle through several IP addresses, their IP address will be added to the SpamCop Block List, used by many ISPs to filter their clients incoming email. If your email ISP does not use the SCBL that is not much help for you I am afraid. You do collect the good karma for your efforts. If you would provide an example Tracking URL it would help others here to give you more guidance.
  10. Hello, why hasn't the spam stopped after faithfully reporting the same email address for months? They send me a few every day. I requested unsubscribe but they ignore it. I don't really want to pay for more reporting if you can't stop the spam. The address is: - martin.cox81 at gmail.com. It is from that Binary Options scammer. Thanks,
  11. Abuse contact for 185.13.104.0 - 185.13.107.255 is kadams[at]lycatel.com
  12. As you can tell from this year long thread, some spammers don't change. Reporting all spam from ocn.ad.jp and their clients that use IP addresses controlled by them, will help keep their IPs on the SpamCop block list. Yes, many ISP's use rather dumb filters, based on domain names - not IP addresses, to filter incoming email. Why someone would think a spammer would include the word 'spam' in their domain name and use that to filter email, I do not know. I believe you should be able to add SpamCop.net to your white list to over-ride the basic filtering.
  13. I get too many spams latelly from ocn.ad.jp Can we do anything to this provider? Just block all of their clients. That should make them think once their normal clients start complaining for non delivered emails. Also it is kind of funny. Gmail delivers email from this forum into spam box. Just FYI
  14. Thank you alvarnell, I'll do that now.
  15. No, one account is all you will need. Just make sure to use the Mailhost tab to add in all your host servers for best results.
  16. As I have more than one email address, do I need more than one SpamCop account? - as in one SpamCop account for each separate email address? Thanks.
  17. Currently I'm not having the problem but as you can see from this thread I have had problems. Guess it is your turn in the barrel (a good place for C2H5OH, yes?)
  18. Agreed, it's a pain. It's one of those things that seem to be sent to trip us up when using automated tools to assist the reporting process,.
  19. RadicalDad is using the web form to report, so the Outlook forwarding problem isn't the culprit in this case. Maybe a re-learn of Mailhosts might fix this. Is it possible the OP's mail/Internet provider has added new servers and routes?
  20. Yes, HORDE works mainly for me too, but for the past few months whenever I try to batch-submit a bunch of spam there's bound to be one that borks the whole lot. By trial and error I remove individual spams from the batch until what's left goes through. I've begun to recognise the format of the recently appeared pest, so always keep those out of a batch, but still others can cause the same problem. I'll try to keep a list of links for the emails that have to be manually reported. When I have half a dozen or so it might become clear what's the common element. If I still can't spot it I might come back here with that list of links to see if anyone on this list is a better detective!
  21. Doing a search on "Outlook" I see problems going back to 2004. With OL messing with the header before you can get/forward it there is no fix farther down stream (towards SC). A quick look at the history leads me to believe that what OL does with the header has changed over time, so a "fix" would also have to be dynamic. That is not a workable situation. Which is to bad for your reporting. Have you looked at the possibility of using something like Thunderbird for you email? I have used it 'for ever' without problem. There also is an addon to help with reporting (to SpamCop and others).
  22. What I am noticing is that Spamcop doesn't work at all for me anymore. Wondering if all my headers have a break in the chain now so that nothing will ever be usable for Spamcop again. I currently use Outlook 2016 with an Exchange 2016 host. Have others reported this as a problem? I use the "Outlook/Eudora" work-around submission form (well, it used to be called that) via web browser (in answer to the question by C2H5OH). Appreciate you breaking the spammy link. Good idea. As above, the Spamcop parser doesn't seem to catch any of those for me now. Is there any way to fix this? spam filtering by my mail host is very good these days, so I only submit stuff to Spamcop that is extra slimy and got through my filter, in hopes it makes it to the Spamcop RBL and will be blocked for others. If that isn't the way things work, then there probably isn't a reason for me to keep using Spamcop at all.
  23. Of course no one else can process your spam and get anything but an error message. For example, if I submitted your spam none of the header would match my mailhost settings so the parser would just throw the example out. Don't know why SC dropped the link in the text except part of clearing your email witch would have been sent as a parameter in the link. But you are correct winnermistak.xyz surly is not a drop box link. When the parser goes down the sequence of Received: header entries, two internal IP are found first (172.16.0.0/12) followed by a break in the chain, so nothing usable. The link in the body would have been a low level priority even if it had not been lost. Notice I broke that link in your last post. I wouldn't want an unknown link laying around for someone to click on in ignorance.
  24. Thanks everyone. I was thinking someone would put the headers and body through the parser themselves. That is also why I left my original email address intact - thought the parser might need it. (I also thought about munging the address, but that address has been harvested many times by spammers, so I wasn't too worried. Still, removal by Lking is appreciated.) Here is the parser tracking URL: https://www.spamcop.net/sc?id=z6357239923z2f559431f437c6b4b950f1c320499087z The "click here" hyperlink is not retained by Spamcop when using the "view entire message" link from the parser. Failing to process these hyperlinks is a problem in addition to Spamcop always pointing at my mail host as the culprit. The "click here" URL is http;⁄⁄winnermistak,xyz⁄ppdpureoffice99888/index.php?userid=xxx@xxx.com (email address munged). Provided here for reference. I don't suggest anyone click on this.
  25. Don't know my use of HORDE seems to be working OK. Lucky I guess.
  26. Edited the OP in this thread to remove references to bmorris{AT} addresses as "our drinking friend" suggested. You forgot to do this as you did last time. This is a prime example for why a Tracking URL is the way to reference an example of spam. That would also let the rest of us see what the SpamCop parser did with the example. has no meaning not seeing the results of the processing.
  27. Following up this longstanding irritation; I'm receiving a minor but steady stream of spam from one source whose emails cannot be reported to SC as email attachments. All other spam reports normally. These troublesome spams can be reported using the web interface by pasting the entire message without modification into the "all-in-one submission form". I don't have to fix missing blank lines between header and body for instance. Here's a link to the successfully reported spam; https://www.spamcop.net/sc?id=z6357183132z1d69cb2dfc8b9610109ea7846ab30adez Can anyone see something in the original body that would make my email client (HORDE) fail to forward, with the familiar error message:- "There was an error sending your message. Message could not be delivered - the address was not found, is unknown, or is not receiving messages."
  1. Load more activity