SPAMCOP HOME · SPAMCOP FAQ · NEWSGROUPS · FORUM FAQ · WEBMAIL · SSL WEBMAIL · SPAMCOPWIKI


 Other words, data, places -->  SpamCop Pages V  FAQs & Words V  Newsgroups V  WebMail V  News-Recent Stuff V   Poll on menu

------>------> Latest and Current Announcements <------<------

Welcome Guest ( Log In | Register )

> This is a User to User Support Forum

The primary mode of support here is peer-to-peer, meaning users helping other users. (please remember this at all times!)
Another try:
This forum is composed of people who have used spamcop and those who are learning about anti-spam efforts.

2 Pages V  1 2 >  
Reply to this topicStart new topic
> Recent increase in Chinese spam
A.J.Mechelynck
post Apr 7 2013, 05:00 AM
Post #1


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



Since a few days, I'm getting a lot of spam from China. Here's my latest one:
http://www.spamcop.net/sc?id=z5486059763z0...e8ef8310c852cdz
Are other people seeing the same thing or is it just me?


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
ananda
post Apr 7 2013, 05:05 AM
Post #2


Newbie
*

Group: Members
Posts: 6
Joined: 27-October 12
Member No.: 10946



Most of my spam is coming from Belarus.

George
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Apr 7 2013, 07:51 AM
Post #3


What Life?
Group Icon

Group: Membersph
Posts: 6589
Joined: 23-February 04
From: Western Australia
Member No.: 491



I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 7 2013, 09:06 AM
Post #4


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(Farelf @ Apr 7 2013, 01:51 PM) *

I think most of mine is currently coming through a botnet - mostly European origins, eastern Europe certainly over-represented, a bit of Chile, Brazil, a few from China, none of it appearing in blocklists, much marked by SC as "no master". Quite low volume, easily identified as spam, very little would be seen by the average recipient. Pretty pathetic really.

Most of my spam is also “easily identified” and “pretty pathetic” but these days (this week, let's say) I'm seeing an increase by an order of magnitude or so, with subjects usually either in Chinese or in gobbledygook, and coming from IP sources in .cn — It's the increase that alarms me. What did I do wrong? Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
lisati
post Apr 7 2013, 01:47 PM
Post #5


Advanced Member
***

Group: Membera
Posts: 209
Joined: 1-February 10
Member No.: 9772



Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 7 2013, 02:04 PM
Post #6


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(lisati @ Apr 7 2013, 07:47 PM) *

Most of "my" spam comes via Yahoo accounts that I've got forwarded to my server. Rejecting mail that arrives via one of Yahoo's servers is easy enough; adding a check of the purported sender's address against a local whitelist isn't that difficult either.

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
petzl
post Apr 8 2013, 04:58 AM
Post #7


Been There
Group Icon

Group: Memberp
Posts: 1544
Joined: 20-January 04
From: Sydney Australia
Member No.: 6



QUOTE(A.J.Mechelynck @ Apr 8 2013, 05:04 AM) *

Most of my spam arrives via gmail, which I read by POP, and which lets me get false positives and mark false negatives on their webmail pages. Whitelisting isn't difficult, that's not the problem. The problem is that when I suddenly start getting several tens of spam messages a day instead of hardly a handful, and practically all of them from China, it is bound to raise my eyebrows.

try MailWasher to POP for you
In
Settings
spam Tools/Origin of spam
Click "+ ADD" button
in "Filter Name" box call it China
in "domain to validate" box put
cn.countries.nerd.dk
And no spam will go to your inbox, it ill be ready for reporting to you super secret spamcop email address
MailWasher can also detect Chinese characters in
spam Tools//My Filters
Yes it's Freeware


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Geek
post Apr 8 2013, 05:22 AM
Post #8


Advanced Member
***

Group: Membera
Posts: 228
Joined: 9-April 06
From: Canada
Member No.: 5532



QUOTE(A.J.Mechelynck @ Apr 7 2013, 03:00 AM) *

Since a few days, I'm getting a lot of spam from China.
...
Are other people seeing the same thing or is it just me?


Here too (IMG:style_emoticons/default/sad.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 06:17 AM
Post #9


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(petzl @ Apr 8 2013, 10:58 AM) *
[...]
try MailWasher to POP for you
[...]

QUOTE
Operating System: Works with Windows 7 and 8, Windows Vista, XP

I'm on openSUSE Linux.


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
petzl
post Apr 8 2013, 07:03 AM
Post #10


Been There
Group Icon

Group: Memberp
Posts: 1544
Joined: 20-January 04
From: Sydney Australia
Member No.: 6



QUOTE(A.J.Mechelynck @ Apr 8 2013, 09:17 PM) *

I'm on openSUSE Linux.

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213
http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148
http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100
And so-on


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 12:59 PM
Post #11


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(petzl @ Apr 8 2013, 01:03 PM) *

OK the countrywide block list for China is
cn.countries.nerd.dk
Not sure what options Linux have for spam filtering?
Gmail I've found they are quite good at keeping spam from inbox

As for increase in China spam yes seems to be a spammer there using Chinese Botnet infected email servers
To add the CBL to spam fitter add
cbl.abuseat.org
http://cbl.abuseat.org/lookup.cgi?ip=61.155.13.213
http://cbl.abuseat.org/lookup.cgi?ip=222.128.33.148
http://cbl.abuseat.org/lookup.cgi?ip=61.135.173.100
And so-on


I use the "Junk" filtering facilities built into SeaMonkey (and Thunderbird). For instance I could create a filter (just as I would for any email filter) but with as action "Set Junk Status To" "Junk" (for a blacklist) or "Set Junk Status To" "Not Junk" (for a whitelist). But anyway most of those Chinese spam messages are already correctly filtered away to my Junk folder (inside SeaMonkey) with no particular intervention on my part, that's how "pathetic" they are, as Farelf said above. The few that aren't correctly detected I mark as Junk manually, thus teaching the Bayesian filters.

Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
Farelf
post Apr 8 2013, 03:13 PM
Post #12


What Life?
Group Icon

Group: Membersph
Posts: 6589
Joined: 23-February 04
From: Western Australia
Member No.: 491



QUOTE(A.J.Mechelynck @ Apr 7 2013, 10:06 PM) *
... Oh well, maa shallah, now that the sh** is in the fan, let's get our bats and give the molehills a good getting-go!

Like your spirit, Tony!
QUOTE(A.J.Mechelynck @ Apr 9 2013, 01:59 AM) *
... Well, oh, well. Let's just report as many of those botnet messages as seems reasonably feasible, and the spam blocklist barriers will someday go up against them (inshallah, as my neighbours would say).
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think (IMG:style_emoticons/default/laugh.gif)


--------------------
Plus ça change, plus c’est la même chose
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
A.J.Mechelynck
post Apr 8 2013, 03:53 PM
Post #13


Advanced Member
***

Group: Membera
Posts: 204
Joined: 28-March 04
From: Schaerbeek (near Brussels, Belgium)
Member No.: 908



QUOTE(Farelf @ Apr 8 2013, 09:13 PM) *

Like your spirit, Tony!
Yep, but irritating for some of those who report in bulk (via e-mail submission) when some of those botnets seem to be loaded with "no master" sending IP addresses. Let's just reiterate - it is not necessary that an abuse desk be contacted for the SCBL to be loaded. Sending a report to the proper abuse address for a zombie computer has the potential to easily locate and have the compromised machines cleaned by the legitimate owner - but there are cached and locked SC report routing records, addresses not supplied with reports by SC decision (etc.) with all sorts of considerations about cache refreshing, possible blocking of SC lookups, review periods for locked/over-ridden report routing and so-on. Above and beyond that, it seems to me that distressingly few ISPs seem to be into such botnet suppression/AUP enforcement behaviour. But the SCBL is fed by reporter submissions regardless.

"Masha'Allah" and "Insha'Allah" are phrases some of my neighbours use too - but most of them are 4,000 km away and don't spam a lot. But then some of their neighbours do, like crazy. Then there's the Chinese and the niggling suspicion about spam and other cybercrime as instruments of State policy. Nah, that's just "conspiracy theory", isn't it? Well, that's what they want you to think (IMG:style_emoticons/default/laugh.gif)

I used to report by forward-as-attachment, then a few years ago my ISP (who blocks any connection to an SMTP server other than its own ones) decided to blackhole any outgoing email with attached spam. I didn't like it at first, but now I've taken to the routine: I order my spam most-recent-first in my mailer's Junk folder, then, one by one, I "View source" on them (without opening them, of course) and paste that in the SC form — for those which are newer than my "average reporting time" (7 hours at the moment) by the time I get to them. Older ones I move to Trash without reporting. This way I still get time to do something else than reporting spam, and the most important ones (those likely to be "caught in the act") get reported in priority.

Yes, those "nomaster[at]devnull" reports puzzled me — how can someone send mail without a registered service provider? But as you said, they still get entered into the blocking lists, all the more so since there's nobody at the other end of the line to tell you that action has been taken; so, I report them just like the rest, no special treatment for or against.

spam as instrument of state policy — yes, it has turned up in the news a couple of times recently, about different (but always totalitarian) countries. Well, that's several floors above me, let's let the diplomats, secret services, and investigation journalists handle that as best they can, I'm not going to complain about things I can obviously do nothing about. As Marcus Aurelius said: “O Gods! Give me patience to endure what I cannot change, strength to change what I can and must, and wisdom to tell them apart from each other.”

This post has been edited by A.J.Mechelynck: Apr 8 2013, 04:04 PM


--------------------
Best regards,
Tony
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
andre77
post Jul 8 2014, 12:14 PM
Post #14


Newbie
*

Group: Members
Posts: 4
Joined: 30-May 14
Member No.: 11683



i am too receiving many chinese spam and i have report it everytime to spamcop but to no avail over the month. does spamcop follow up my report about this chinese spam? it doesnt decrease at all while other spam from other countries decrease at least 50%.

can any of spamcop representative give an explanation about this?

Thank you in advance,
Andre
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
techie
post Jul 8 2014, 03:59 PM
Post #15


Member
**

Group: Members
Posts: 41
Joined: 21-March 07
Member No.: 7590



I would like to reiterate my suggestion that spamcop should create a new blocklist containing all sites that have non-functional abuse addresses, either because they refuse spamcop reports, pass the reports to the spammer, all addresses bounce, or no addresses can be found. Tag each type separately, and let the users decide if we want to accept them or not. The data already exists in spamcop's database, it just needs to be made available to the end users.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
turetzsr
post Jul 8 2014, 04:05 PM
Post #16


What Life?
Group Icon

Group: Membersph
Posts: 5140
Joined: 26-January 04
From: Michigan USA
Member No.: 59



Hi, Andre,
...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.
...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.


--------------------
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
andre77
post Jul 10 2014, 03:45 AM
Post #17


Newbie
*

Group: Members
Posts: 4
Joined: 30-May 14
Member No.: 11683



QUOTE(turetzsr @ Jul 9 2014, 04:05 AM) *

Hi, Andre,
...If I understand correctly, the quick answer to your question is that SpamCop does nothing to block spam you receive (unless your e-mail provider is using the SpamCop blacklist to block or filter spam and, even then, the sources from which you are receiving spam may not be on the blacklist) and in any event does not target spam but rather individual sources of spam (IP addresses of machines that originate spam). One person by her/himself can never get a spam source added to the blacklist.
...For more detailed information, please have a look at the SpamCop Wiki (also labeled as SPAMCOPWIKI or SCWiki) article "What is the SpamCop Blocking List (SCBL)? and/ or the SpamCop FAQ articles in the "SpamCop Parsing and Reporting Service" section.


dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
petzl
post Jul 10 2014, 05:30 AM
Post #18


Been There
Group Icon

Group: Memberp
Posts: 1544
Joined: 20-January 04
From: Sydney Australia
Member No.: 6



QUOTE(andre77 @ Jul 10 2014, 06:45 PM) *

dear Steve,

my server does not use SBL, what I mean is the report that everyday I sent to spamcop report and after a few weeks some spam from europe or other countries beside china is decreasing but has no efect on chinese spam.

i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?

thank you for coresponding my post.

send a SC tracking URL
One can get better than just SpamCop reporting
SpamCop by itself is not bad and does try to contact the ISP involved


--------------------
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
turetzsr
post Jul 10 2014, 02:03 PM
Post #19


What Life?
Group Icon

Group: Membersph
Posts: 5140
Joined: 26-January 04
From: Michigan USA
Member No.: 59



QUOTE(petzl @ Jul 10 2014, 06:30 AM) *
<snip>
SpamCop by itself is not bad and does try to contact the ISP involved
...True but only as a result of SpamCop reporter (our) submissions and only if we or SpamCop don't turn off the reporting; not in the way that Andre seems to believe they may:
QUOTE(andre77 @ Jul 10 2014, 04:45 AM) *
<snip>
i want to ask spamcop did the ISP in chinese not cooperate enough in fighting spam or just because they handle it very slow?
<snip>
Unless the ISP abuse desk contacts SpamCop, SpamCop does not follow up on the spam reports (at least that I am aware).
...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.


--------------------
..Regards,
...Steve T

...A Happy SpamCop.net reporting user (not an employee)
...Please avoid replying via e-mail, as it is not secure
User is offlineProfile CardPM
Go to the top of the page
+Quote Post
andre77
post Jul 11 2014, 06:25 AM
Post #20


Newbie
*

Group: Members
Posts: 4
Joined: 30-May 14
Member No.: 11683



QUOTE(turetzsr @ Jul 11 2014, 02:03 AM) *

...Andre: as discussed elsewhere in the SpamCop Forum (use the "Search for --" facility at the top of the screen to search for "China" OR "Chinese" to find other Forum posts, if you wish), some Chinese ISPs and e-mail providers do seem to be either ineffective in stopping their spammers or uninterested in doing so. I also receive spam with what appear to me to be Chinese characters (it's is possible that they are traditional Japanese) which seem to come from sources outside the Orient.


I guess its true because the american government once complaint about the attack from china and until now no authorities in china try to solved it, it seems that they aware of it and just let the spammer, cracker and hackers in china to roam free on internet. (IMG:style_emoticons/default/mad.gif)

i guess i have to block any incoming from chinese ISP and also email in kanji (fortunately my company not in business with china, hk, or japan) (IMG:style_emoticons/default/rolleyes.gif)
User is offlineProfile CardPM
Go to the top of the page
+Quote Post

2 Pages V  1 2 >
Reply to this topicStart new topic
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:

 

- Lo-Fi Version Time is now: 30th September 2014 - 10:50 AM