All Activity

This stream auto-updates   

  1. Today
  2. Yes Gmail has "upgraded(downgraded)" its headers for customers?
  3. Yes. That's what I meant when I said I went through the Spamcop registration process again. Sorry if I was unclear. It's cropped up again with invision7.com, and ISP out of Malaysia. So, for the moment, it seems to be isolated to ISPs in east asia. I am certain that the problem originates with the X-Received line that Gmail throws into its headers. The usual ipv4 10.xxx.xxx.xxx works fine, but an ipv6 address seems to give the parser indigestion. The X-Received line is the ONLY place that the ipv6 address appears in these problem emails. While composing this message, I did some digging, and discovered that the ipv6 address that's been causing me grief ( 2002:a17:902: xxxx) is reserved for 6to4 conversion and translates, interestingly enough, back to ipv4 10.xxx.xxx.xxx. So, it's starting to look like an oversight in the parser where the 6to4 conversion is concerned.
  4. Yesterday
  5. 113.190.137.50 is where it came from "hm-changed [at] vnnic.vn" in notes put compromised/forged web and or email accounts BLOCK OUTBOUND PORT 25, RESERVE FOR LEGIT EMAIL SERVER Make sure you are connecting to your mail server's 'authenticated mail' port 587 and not the ordinary 'unauthenticated' port 25. (ask your ISP to check for you) FAQ see https://www.spamhaus.org/faq/section/Spamhaus PBL >
  6. In the future please include the Tracking URL, and not the text. Looking at a related thread, It looks like gmail.com may have reconfigured their mailhost. You need to log into your reporting account, click on the <Mailhosts> tab and follow the instructions. That should resolve the error. With that the correct source of your spam may be found.
  7. When trying to submit the below email for reporting, I get this result (bold text at bottom): How can this be fixed so that the emails get reported correctly? BTW, this address (2002:a17:902:2468:0:0:0:0), is registered to IANA. Steve
  8. I've reported several hundered spam messages with no let up in messages being sent from their network. Here's a recent (January 8th) auto-reply email I got from sending a report to abuse [at] ocn.ad.jp through the reporting form: Whenever possible, instead of reporting emails to OCN (abuse [at] ocn.ad.jp) using the reporting from, I look for the X-Originating-IP at the end of the email and try to report it that way by replacing OCN's IP address in the 1st Received line such as the one below: Received: from mbkd0102.ocn.ad.jp (mbkd0102.ocn.ad.jp. [153.149.230.3]) with the one in the X-Originating-IP which is usually a 41.xx.xxx.x and usually, the ISP's email address that comes up is netabuse [at] mtn.bj. Steve
  9. When I checked the link you provided, I noticed this line: Have you configured the mailhost(s) for your email accounts?
  10. I've seen similar, where the message appears to be placed in the subject. It's a minor nuisance when reporting, and a good sign that you're dealing with a spammer. What lking said to do usually works for me.
  11. Hello, A few days ago, I started encountering spam messages which cannot be processed due to what appears to be a problem with resolving an ipv6 address. Here is the tracking link: https://www.spamcop.net/sc?id=z6437392727zd5176b494aaf328f9c8ad3ba8a7727ebz The error I received with this particular one was: No unique hostname found for source: 2002:a17:902:aa4a:0:0:0:0 Possible forgery. Supposed receiving system not associated with any of your mailhosts Will not trust this Received line. Mailhost configuration problem, identified internal IP as source The receiving account is a gmail account, and the sending IP (according to gmail) is 114.147.58.100, which belongs to ocn.ad.jp aka the ISP from Hell. There are also numerous references to ocn throughout the header, so I am confident that they are the source. The only place that the aforementioned ipv6 address occurs in the entire header is a single X-Received: line. Every gmail message I've checked has an X-Received: line (invariably with a 10.xxx.xxx.xxx IP address), so I don't know if it's a google error, or if ocn spammers have figured out how to spoof this field, or if the problem is internal to Spamcop. I couldn't find anybody having a similar problem in the forum. I even tried going through the spamcop registration process again, but that didn't solve the problem. The only thing that seems consistent is that these errors only occur with spams sent from ocn. Hopefully, somebody out there has some ideas.
  12. Last week
  13. Yes that is the correct approach. Another option is to add the comment "spam has no body" when reporting as above. With practice the spammer will learn how to use their tool and put the body in correct part of the forum. Rule #3
  14. no I got it .Spammmer send me spam but empty .This was only on title.Spamcop don't see body.But I select and put title for form at spamcop report .And works . The answerd is you have to split Select outlook/eudora workaround form thanks.
  15. hi I would like ask how to report spam if spam is only on topic.Spamcop don't see it.
  16. The best form of defense is attack! By adding to "submission notes" upgrades your report. Send yourself a copy to see what your sending, spamcop reformats a lot of notes on the last line I put a > symbol. Rhis seems to make your notes better formated.
  17. Good work! Being relentless does work. I know the effort is time consuming, I just spend 1/2 hour to clear the spam out of this forum and will not start on my private accounts. The fight goes on, Thanks.
  18. warned, blocked and post moved from "Email system & accounts"
  19. Supreme Boostr :- Supreme Boostr is another male enhancement supplement that with the careful determination of fixings the outcomes are in a general sense ensured. With each settling being subjected to cross-clinical trials for their adequacy. One of a kind Boostr wires are with everything taken into account incredible, show upheld fixings . In the occasion that you're chasing down broadened sex drive, more prominent and firmer erections, enhanced stamina, a more pleasurable trouble, and a general executioner room execution, you can't turn out gravely with Supreme Boostr. http://www.clicks2buys.com/supreme-boostr/
  20. Thanks Petxl, I followed your advice about adding notes with the IP address as well as other information. This was the basic content: *** This is a CHILD PORN spammer! Pictures of girls under 18, or made to look under 18. NO PROOF OF AGE available on the site! THIS spam WAS SENT TO MINORS! IP Address: Please investigate and stop this disgusting spammer! Thank you! *** For spam from amazonaws.com I manually sent a spam report with the full content of the email via my email application to (I copied everything in: "View full message" into the email): ec2-abuse@amazon.com This was effective as Amazon is very diligent, and within a day or two they'd get back to me and report: ...We've determined that an Amazon EC2 instance was running at the IP address you provided in your abuse report. We have reached out to our customer to determine the nature and cause of this activity or content in your report... etc. After about 10 or 15 of such submits, the spam from Amazon stopped! Regardless, the spam from Google continued unabated. At the beginning, all the spam from this spammer had different subjects and content, but then whoever it was started to send each spam out in duplicate or triplicate. I guess they were pushing me, thinking I would give up reporting, given the amount of spam they were sending... Nevertheless, I was relentless in reporting every single one, sometimes it would take me an hour or more each day! But good news, finally, three of four days ago it all stopped! Who knows what happened, maybe whoever it was took a vacation... but for now there is no more spam from that entity!! It may be a bit early, but thanks to everyone for their advice.
  21. Can someone point me to the nearest wall so I can bang my head against it? You're whoising ARIN for an IP in the APNIC pool (just as Spamcop is doing). Anytime you do that, you will get search-apnic-not-arin@apnic.net . APNIC is NOT an ISP. If you whois APNIC at whois.apnic.net for that IP, you will get current ISP information about 45.248.3.143. role: Manager Admin address: 485-A/15,1st floor,G.T. Road, Dilshad garden,New Delhi,Delhi-110095 country: IN phone: +91 9958033533 e-mail: support@apnainfotech.co.in admin-c: AA1235-AP tech-c: AA1235-AP nic-hdl: MA965-AP mnt-by: MAINT-IN-APNAINFO last-modified: 2016-04-29T09:31:10Z source: APNIC (edit: P.S. The abuse contact for 146.196.52.181 via APNIC is still matthew.wu@globalnetworkhk.com.)
  22. Checking another Whois I find for 45.248.3.143 This IP seems to be part of a large block of IPs in India used for VPN (hiding the location of the source) Going back to tjsynkral's old post on146.196.52.181 the block of IPs has a different abuse contact now. I have no idea what was a valid abuse address for 146.196.52.181 Oct 2017. Those who seem to support spammers do try to change blocks of IPs all the time to avoid being blocked. Both blocks 146.196.52.- 146.196.55.255 and the block 45.248.0.0 - 45.248.3.255 are managed by APNIC. Those who had 146.196.52.181 in October could now have control of 45.248.3.143. There is a considerable body of anecdotal evidence that APNIC does not strongly enforce the rules. If you have more valid information for an IP or block of IPs <Reporting Help> <Reporting Address Issues> would be the correct (sub) forum to post current updated information.
  23. In the case of this IP, they're trying to send mail to a black hole created to trap broken software that searched the wrong IP registry. Perhaps the abuse contact for 45.248.3.143 would like to know about the spam report and take action on it before it gets to SCBL. There's no chance that search-apnic-not-arin is a deliberate thing.
  24. Sometimes Spamcop decides not to bother the abuse contacts for the reasons already given. When reports aren't sent, for whatever reason, the data gleaned from the submitted spam is still useful for helping to build the SCBL. Any reports that are sent and subsequently acted on are a bonus.
  25. Do you not see the problem here? There is a correct abuse contact for 45.248.3.143 and search-apnic-not-arin is not it. Spamcop has a configuration error and it's searching the wrong IP registry to find a reporting address. If it was a scenario you described I expect to see a devnull.spamcop address in the contact field... not this. Does anyone who actually works on Spamcop ever look at this forum or is it just full of users who tell you that yes, Spamcop is broken you should report spam yourself instead of using it.
  26. UPDATE: I decided to give a report to IC3 Division of the FBI, so we'll see what happens from there. Pretty sure that they are email addresses minus the messaging provider, then when a list is purchased a key is provided to unlock the full address. Each site is separated into "blogs", there are anywhere from 5 to 10 "blogs" per page, then at least thirty pages or more per site. The page that contained the "blog" that I found my address in was on page fifty-nine. That site, according to MY IP gets 6500 hits a day. And the three sites combined do not contain thousands of addresses as I said earlier, but millions. One list that I made a full page screen capture PDF of, took 35 minutes to create, and is a one-hundred and seventy megabyte file. Never really thought of fighting spam from this angle, but if the FBI can shut down this list provider it's almost like a major drug bust. Take away the product and the addicts have nothing to use:-)
  1. Load more activity