Jump to content

All Activity

This stream auto-updates     

  1. Yesterday
  2. "smtpauth passwords would show up, correct?" pwned is the term https://monitor.firefox.com/breaches I have a throwaway gmail address for facebook to read newspapers, seems pwned claims it gets breached often? Bit of a pain to change all passwords Facebook, Gmail, cancel the "News account" clickbait I never wanted pwned lists all that show compromised, my passwords are upper/lowercase, alphanumeric with symbols. Put up a FaceBook page with REAL name to see if I could contact "lost friends" before I even used it facebook appears to of sold my info to a Russian spam crime gang, Still get phishing from them but has slowed to so far one a month. Reporting does work
  3. Last week
  4. Thanks for sharing the useful link. Fortunately, so far my domain did not show in the pwned list :-) The relation to spam here is that one of my smtpauth passwords would show up, correct?
  5. Go here to see if your Email address is listed? https://monitor.firefox.com/breaches
  6. Here is the tracking id https://www.spamcop.net/sc?id=z6633595354za3c7f1c70eca174576d1527014496a1dz
  7. I am not doubting that that virus checks are useful in particular if you are running a windows PC (which I do not :-) ). But that is only relevant here, if my systems are the spam source, not the spam destination.
  8. Yes smart TV's, Amazon, google devises, mobile phones, baby monitors, security camera's, are now on the list for hackers Internet of Things (LoT) is the new threat.
  9. Rainer, This appears to be only the URL specified and not coming directly from your server. Running it through google translate, it appears to be the normal whois email address testing. Sounds like they are sending out spam to attempt to send a bill to random domains to try to extort money. Been a while since I got one of those. (I think what petzl is talking about is where I have seen IP cameras and routers get hacked and the spam sent from there, but this does not appear to be coming directly from your server. If it was coming directly from your server, I would check the server and any devices that might be sharing the same IP for possible intrusions.)
  10. gnarlymarley

    Invalid certificate of forum.spamcop.net

    Seems to still be the same. Maybe you can submit something to the new features to get it fixed. http://forum.spamcop.net/forum/10-new-feature-request/
  11. gnarlymarley

    Bad Certificate for SpamCop

    It would appear that the forum only does http. From what I can tell, the hosting is done on cloudflare.net. So as long as that is the SSL cert, then you can login using https. I would advise against sharing this password with other places. I found the following, so I am not sure if there are plans in the works to fix this. Maybe submit a new feature request?
  12. Talking about your PC a virus check is a must. Could be you have been compromised. I even use a VPN this encrypts my communications to and from Computer. Even my Skype calls are encrypted. Win!0 here just use Windows defender which right now seems very good.
  13. Hmm....I think that helped to recover it, I clicked on "Parse" to recover it: https://www.spamcop.net/sc?id=z6633595354za3c7f1c70eca174576d1527014496a1dz
  14. The system obviously does not like your attachment. You can recover the tracking URL by logging into your reporting account and clicking on the <Past Reports> tab This will list "Report Numbers? when you select the correct report the Tracking URL will be part of the next screen.
  15. I submit by email, but after having completet the confirmation mail, I delete it. The data I added are from my report history on spamcop.net. If there is no way to extract it from there, it is gone. What I still have is the spam email itself (attached). spam_mail.mbox
  16. "What we have here is a failure to communicate" An example of a tracking URL is https://www.spamcop.net/sc?id=z6634628358z460dafae0c54205ace1fe027dc2ff311z This can be found near the top of the screen after you submit the spam. If you submit by email the tracing URL is the link sent to you to review and complete/submit your spam. In my example above you will see the tracking URL on the third line. IF we had access to the tracking URL someone could cut and past the body of the spam into google translate and see why your domain is in the body.
  17. Many thanks for your reply, I opened a new feature request as you suggested. For completeness I include here the tracking URLs: Submitted: 14.5.2020, 17:40:25 +0200: =?UTF-8?B?6L+Q6YCB5bu66K6uIDMwLzUvMjAyMA==?= 7058512602 ( http://www.bokomoko.de/ ) To: abuse@netcup.de 7058512598 ( ) To: complain@rootlayer.net Here is the new feature request:
  18. This topic was discussed already on and Lking proposed to open a feature request here. The issue is: I received spam and reported it to spamcop: Submitted: 14.5.2020, 17:40:25 +0200: =?UTF-8?B?6L+Q6YCB5bu66K6uIDMwLzUvMjAyMA==?= 7058512602 ( http://www.bokomoko.de/ ) To: abuse@netcup.de 7058512598 ( ) To: complain@rootlayer.net Apparently, the (Chinese?) spam contained my own domain: www.bokomoko.de Unfortunately, I did not notice this in the generated report and confirmed that. Since I received in the past days multiple of these emails and I deselected my own domain (except on the first spam I received), I suggest that spamcop handles this situation better. As an immediate measure, my wife suggested to stop reporting spam to spamcop, if that has the risk that our email server gets shutdown in the middle of Corona home schooling. Feature request is: Spamcop should support per reporter whitelists for domains which should never be reported to spamcop If the effort for this is too high: Never generate abuse reports for the domains referenced in the body of the spam mail, if the match the spam destination domain If the effort for this is too high: Make the default to not generate abuse reports for domains referenced in the body of the spam email to reduce false positives If there is further information I can provide, please let me know.
  19. If I understand the issue correctly without a Tracking URL another thing to consider is, if your email and domain are on the same host and IP. As you know spamcop looks at IPs not domain names directly. Having your domain listed in a spam is odd. spam I have received, even those requesting to buy one of my domains, don't include the domain in the body. In any case your point is well taken. If the domain in the body of the spam is the same as a domain in your mailhost configuration, the solution should be relative straight forward. I would suggest a post in New Feature Request with a Tracking URL as an example to illustrate your request/suggestion.
  20. That is a good point, my own host might not be the only innocent victim. The longer I think about that the more I come to the conclusion that spamcop should here fix things, since the default is dangerous for the reporter and may trigger false positives. My wifes opinion was please stop reporting spam to spamcop altogether, if the risk is that our email infrastructure gets shutdown over the weekend (in the middle of Corona home schooling). I think spamcop should consider to As default do not report links inside (to reduce false positives altogether) At least protect the reporter and let the reporter configure a whitelist for internal links (or at least support to whitelist the spam recipient domain) I am still puzzled that I have not seen that kind of issue for many years but now very frequent.
  21. The story with the provider is a separate topic, but long story short: The spamcop reports are processed automatically, normally they disable the host immediately (which does not make sense, but this is at least what they communicated). After calling them, they checked the issue and reenabled the server immediately. I do not understand why I should run a virus scan if my server is not the source of the spam. Mailhost and website are the same domain, even the same host. rd@h370-wlan:~$ dig bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43604 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;bokomoko.de. IN A ;; ANSWER SECTION: bokomoko.de. 214 IN A ;; Query time: 0 msec ;; SERVER: ;; WHEN: So Mai 24 09:58:43 CEST 2020 ;; MSG SIZE rcvd: 56 rd@h370-wlan:~$ dig www.bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> www.bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49796 ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;www.bokomoko.de. IN A ;; ANSWER SECTION: www.bokomoko.de. 299 IN CNAME netcup.bokomoko.de. netcup.bokomoko.de. 299 IN A ;; Query time: 39 msec ;; SERVER: ;; WHEN: So Mai 24 09:57:24 CEST 2020 ;; MSG SIZE rcvd: 81 rd@h370-wlan:~$ dig -t MX bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> -t MX bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 34232 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;bokomoko.de. IN MX ;; ANSWER SECTION: bokomoko.de. 299 IN MX 10 mail.bokomoko.de. ;; Query time: 132 msec ;; SERVER: ;; WHEN: So Mai 24 09:57:35 CEST 2020 ;; MSG SIZE rcvd: 61 rd@h370-wlan:~$ dig mail.bokomoko.de ; <<>> DiG 9.11.5-P4-5.1+deb10u1-Debian <<>> mail.bokomoko.de ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36872 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;mail.bokomoko.de. IN A ;; ANSWER SECTION: mail.bokomoko.de. 294 IN A ;; Query time: 17 msec ;; SERVER: ;; WHEN: So Mai 24 09:57:47 CEST 2020 ;; MSG SIZE rcvd: 61 rd@h370-wlan:~$
  22. Lking

    New spammer trick?

    with the double header I think things have gotten confused. @gnarlymarley without knowing @Spamnophobic 's 16 digit code "they" could not have sent to the reporting address. UNLESS they replied to a spam report with the following sequence: @Spamnophobic a spam (email #1) and reported it to spamcop (email #2) spamcop sent a spam report to the the source (email #3) the spammer/his ISP... received email #3 and auto responded (?) with email #4 sent to a coded address at spamcop spamcop received email #4 send to a coded mail box associated with the spam report (email #3) and forwarded the email to @Spamnophobic @Spamnophobic received email #4 which has the spamcop connection hidden and thinking it is spam @Spamnophobic reports email #4 The reporting of email #4 generates the tracking URL above. It has been a really long time sense I have received a reply to an spam report. Looking at the full email in the tracking URL there are spamcop.net ironpost references in both headers (at the top and bottom of the email) to paraphrase Cicero, Mark Twain, Blaise Pascal 'If I had more time this would have been shorter.'
  23. gnarlymarley

    New spammer trick?

    Okay, I am confused with the tracking URL. It seems to be the message you tried to report is one that was sent directly to your submit address. I see the vmx and the app009. Are you trying to report a spam from someone that sent it directly to your submit address? (I am glad your submit address was replaced by an x in here as I don't want to know what it is.) If your submit address is in the wild, I would suggest you contact deputies[at]admin[dot]spamcop[dot]net.
  24. I had a similar situation happen to me about two decades ago with an admin from a well known education institution confusing the internal links of the spam as the source of the spam. This is why I prefer to report just the source instead of the links inside. If I see any on my reports that might be valid (innocents caught in the crossfire), I uncheck those.
  25. Seems strange a provider would shut down a website with one complaint? Make sure it has not been compromised, change password. Run a virus scan on your computer. If you are competing against a similar website you are possibly being attacked, often done for blackmail as well! Your mailhosts are not necessarily the same as a domain. have a look But then SpamCop only stops reporting your email "domain" Contact your provider
  26. Hello, I recently had the problem that I received spam, reported spam to spamcop, spamcop informed the hoster and the hoster deactivated *my* server. Looking into the issue, I found that my domain was mentioned in the spam email, that was pretty much the only text string I could read in the (Asian) email. I did not read "Please make sure this email IS spam:" confirmation page carefully enough, which most likely listed my domain, and the process started. I have not seen that int he past 10+ years I have been reporting to spamcop, but since then many times now. Since the domain which is referenced in the spam email and my mail domain are the same, it should be trivial to catch such false positives by spamcop. I am just wondering if anything changed in the spamcop setup or if I can somewhere configure that spamcop never generates reports against my own domain submitted by me. Many thanks Rainer
  27. Earlier
  28. gnarlymarley

    No Headers

    For me, if I copy the message to notepad first and maximize the window and then copy all again, I don't seem to have a problem. There appears to be a really long line added that has weird line breaks if copied straight across.
  1. Load more activity