ZapZombie
-
Content Count
62 -
Joined
-
Last visited
Posts posted by ZapZombie
-
-
Issue solved.
In the meantime I noticed, my address following "X-Sieve-Redirected-From:" is automatically obscured.
Thanks.
-
-
https://www.spamcop.net/mcgi?action=gettrack&reportid=6804862617
At my ISP I have an alias address that forwards to the well obscured address at "Delivered-To:"
The spam was sent to that alias. In the above example I replaced it.
-
Hi
With preference "obscure identifying info" on,
reporting spam via webinterface, after clicking "report spam" button,
I noticed:
"Delivered-To: x"..
"X-Sieve-Redirected-From: mynot_obscured@mailaddress.com"..
Regards
-
Today, I noticed 2 reports that landed a spamfolder where they weren't supposed to land. I will spare you the details. I think a bug crept in the way the spamfilter works.
-
Sofar, the reception of the reports is still not happening and does not seem to be administered as "bounced" by spamcop or blocked or filtered by my isp. Other kinds of email from spamcop is normally received. Is this forum the way to report this issue to spamcop or is there another way to report this?
-
I have a preference set that recognized spam is marked with the word "spam" in the subject line, so I can paste it at spamcop. Works fine.
-
I do not remember that bounce error message with "click below", neither on the changed address.
-
Since april 30 2017 I no more receive spam reports at the user defined recipient address.
Trying to fix that, I changed that address in preferences, for which I received and answered a confirmation request. Didn't help to receive spam reports.
The old and new recipient addresses are receiving email from others.
Last tracking url https://www.spamcop.net/sc?id=z6377849055ze1a992e61325f997db8211ee975888acz
Has something changed regarding spam report mailing to user defined recipient address?
I want reception of the reports back.
-
Hi,
I noticed spamcop parser did not find contact address for 95.153.176.109, but using win32whois.exe I saw an address was found at abuse.net, and browsing to ripe.net and searching with B flag on I saw another address.
Why weren't they found by the parser, even after refreshing cache?
I thought the parser looks up at ripe.net with -B flag, and when necessary at abuse.net.
(I filled in the found contact addresses at the parse form)
Regards,
ZZ
-
-------- Original Message --------Subject: Re: [spamCop (95.173.182.24) id:5929750459]<x>
Date: Fri, 29 Mar 2013 10:23:58 +0200
From: Önder BARUTCU <onder[at]aktifbilisim.net>
To: ZenZero <5929750459[at]reports.spamcop.net>
CC: abuse[at]aktifbilisim.net, abuse[at]ni.net.tr, Osman Makal <osman[at]ni.net.tr>
Hi,
Thank you for contact us for this abuse.
95.173.182.24 is not publish our network.
Please contact to abuse[at]ni.net.tr
win32whois:
Checking IP: 95.173.182.24...Name: 24fgzj9a.ni.net.tr
IP: 95.173.182.24
Domain: ni.net.tr
Querying root.rwhois.net:4321 for ni.net.tr...
Can not resolve host 'root.rwhois.net'
Querying whois.nic.tr for ni.net.tr...
** Registrant:
Netinternet Bilgisayar Telekominükasyon San. ve Tic. Ltd. Þti.
Muratdede Mh. 356 Sk. No:10 Merkez/Denizli
Denizli,
Türkiye
mailto:osman[at]netinternet.com.tr
+ 90-258-2422472-
+ 90-258-2422473
** Administrative Contact:
NIC Handle : nbt32-metu
Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ
Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13
Merkez Denizli
Denizli,20125
Türkiye
Phone : + 90-258-2646544-
Fax : + 90-258-2646548
** Technical Contact:
NIC Handle : nbt32-metu
Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ
Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13
Merkez Denizli
Denizli,20125
Türkiye
Phone : + 90-258-2646544-
Fax : + 90-258-2646548
** Billing Contact:
NIC Handle : nbt32-metu
Organization Name : NETÃNTERNET BÃLGÃSAYAR TELEKOMÃNÃœKASYON SANAYà VE TÃCARET LÃMTED ÞÃRKETÃ
Address : Merkezefendi Mah. Eski Karcýyolu Üzeri No:13
Merkez Denizli
Denizli,20125
Türkiye
Phone : + 90-258-2646544-
Fax : + 90-258-2646548
** Domain Servers:
nitel-1.ni.net.tr 94.102.0.3
nitel-2.ni.net.tr 95.173.191.3
** Additional Info:
Created on..............: 2006-Sep-22.
Expires on..............: 2013-Sep-21.
Querying whois.arin.net for 95.173.182.24...
#
# Query terms are ambiguous. The query is assumed to be:
# "n 95.173.182.24"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http://whois.arin.net/rest/nets;q=95.173.1...amp;ext=netref2
#
NetRange: 95.0.0.0 - 95.255.255.255
CIDR: 95.0.0.0/8
OriginAS:
NetName: 95-RIPE
<...>
Querying whois.ripe.net:43 for 95.173.182.24...
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See http://www.ripe.net/db/support/db-terms-conditions.pdf
% Note: this output has been filtered.
% To receive output for a database update, use the "-B" flag.
% Information related to '95.173.182.0 - 95.173.182.255'
inetnum: 95.173.182.0 - 95.173.182.255
netname: NETINTERNET
remarks: INFRA-AW
descr: Netinternet Bilgisayar ve Telekomunikasyon San. ve Tic. Ltd. Sti.
country: TR
admin-c: NLA5-RIPE
tech-c: NLA5-RIPE
status: ASSIGNED PA
mnt-by: MNT-NETINTERNET
source: RIPE # Filtered
role: Netinternet LIR Admin
address: Netinternet Bilgisayar Telekomunikasyon San. ve Tic. Ltd. Sti.
address: Pamukkale University
address: Technology Development Zone D Block
address: 20070 DENIZLI TURKEY
admin-c: VO160-RIPE
admin-c: OM575-RIPE
tech-c: VO160-RIPE
nic-hdl: NLA5-RIPE
mnt-by: MNT-NETINTERNET
source: RIPE # Filtered
% Information related to '95.173.160.0/19AS51559'
route: 95.173.160.0/19
descr: Netinternet Datacenter
origin: AS51559
mnt-by: MNT-NETINTERNET
source: RIPE # Filtered
% This query was served by the RIPE Database Query Service version 1.58.1 (WHOIS2)
Querying whois.abuse.net for ni.net.tr...
mailto:abuse[at]ni.net.tr (for ni.net.tr)
mailto:abuse[at]aktifbilisim.net (for ni.net.tr)
-
Today I saw in a spamcop parse report, the prefix part of my email address, my name, in the subject line and the first line of the body of a reported spam message.
Any suggestions how I can report that spam and still stay anonymous?
This one time I replaced my name with "<x>" in the email in my inbox file.
Doesn't feel right. Also takes quite an effort to edit, the inbox file is huge for instance, email program needs closing, password .. etc ..
-
parser output:
Tracking message source: 196.32.76.117:Display data:
"whois 196.32.76.117[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)
Organisation contact e-mail = contact[at]afrinic.net
Organisation contact e-mail = cto[at]afrinic.net
team-afrinic = sysadmin[at]afrinic.net
Lookup ng1-afrinic[at]whois.afrinic.net
Display data:
"whois ng1-afrinic[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)
ng1-afrinic = nishal[at]afrinic.net
Lookup aa1-afrinic[at]whois.afrinic.net
Display data:
"whois aa1-afrinic[at]whois.afrinic.net" (Getting contact from whois.afrinic.net)
aa1-afrinic = ceo[at]afrinic.net
whois.afrinic.net 196.32.76.117 = sysadmin[at]afrinic.net, nishal[at]afrinic.net, ceo[at]afrinic.net
whois: 196.0.0.0 - 196.255.255.255 = sysadmin[at]afrinic.net, nishal[at]afrinic.net, ceo[at]afrinic.net
Routing details for 196.32.76.117
Using abuse net on sysadmin[at]afrinic.net
abuse net afrinic.net = abuse[at]afrinic.net
Using best contacts abuse[at]afrinic.net
abuse[at]afrinic.net redirects to abuse#afrinic.net[at]devnull.spamcop.net
Message is 7 hours old
Routing details for 196.32.76.117
De-referencing diveo.net.ar[at]abuse.net
abuse net diveo.net.ar = postmaster[at]diveo.net.ar, abuse[at]diveo.net
postmaster[at]diveo.net.ar has expressed an interest in 196.32.76.117
abuse[at]diveo.net has expressed an interest in 196.32.76.117
196.32.76.117 not listed in dnsbl.njabl.org ( 127.0.0.8 )
196.32.76.117 not listed in dnsbl.njabl.org ( 127.0.0.9 )
196.32.76.117 listed in cbl.abuseat.org ( 1 )
196.32.76.117 is an open proxy
196.32.76.117 not listed in accredit.habeas.com
196.32.76.117 not listed in plus.bondedsender.org
196.32.76.117 not listed in iadb.isipp.com
from win32whois, note:
African Network Information Center NET196 (NET-196-0-0-0-0) 196.0.0.0 - 196.255.255.255Latin American and Caribbean IP address Regional Registry LACNIC-ERX-196-32-32-0 (NET-196-32-32-0-1) 196.32.32.0 - 196.32.95.255
more complete output from win32whois:
Checking IP: 196.32.76.117...Name: 117.76.32.196.skyonline.net
IP: 196.32.76.117
Domain: skyonline.net
Querying root.rwhois.net:4321 for skyonline.net...
Can not resolve host 'root.rwhois.net'
Querying whois.crsnic.net for skyonline.net...
Whois Server Version 2.0
Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http:/ /www.internic.net
for detailed information.
Domain Name: SKYONLINE.NET
Registrar: NETWORK SOLUTIONS, LLC.
Whois Server: whois.networksolutions.com
Referral URL: http:/ /www.networksolutions.com/en_US/
Name Server: NS1.NETIZEN.COM.AR
Name Server: NS2.NETIZEN.COM.AR
Status: clientTransferProhibited
Updated Date: 18-oct-2011
Creation Date: 20-may-1999
Expiration Date: 20-may-2017
>>> Last update of whois database: Mon, 18 Feb 2013 23:04:29 UTC <<<
NOTICE: The expiration date displayed <.. deleted lines
..>
The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.
Querying whois.networksolutions.com for skyonline.net...
NOTICE AND TERMS OF USE: <.. deleted lines
..>
http:/ /www.networksolutions.com
Visit AboutUs.org for more information about SKYONLINE.NET
<a href="http:/ /www.aboutus.org/SKYONLINE.NET">AboutUs: SKYONLINE.NET </a>
Registrant:
SkyOnline, Inc.
8270 Greensboro Drive, Suite 950
McLean, VA 22102
US
Domain Name: SKYONLINE .NET
------------------------------------------------------------------------
Promote your business <.. deleted lines
..>
Administrative Contact, Technical Contact:
Hevia, Hernan Ricardo mailto:hhevia[at]skyonline.net.ar
Netizen
Balcarce 479
Buenos Aires
AR
54-11-5093-5400 fax: 54-11-5093-5470
Record expires on 20-May-2017.
Record created on 20-May-1999.
Database last updated on 18-Feb-2013 17:30:48 EST.
Domain servers in listed order:
NS1.NETIZEN.COM.AR
NS2.NETIZEN.COM.AR
Querying whois.arin.net for 196.32.76.117...
#
# Query terms are ambiguous. The query is assumed to be:
# "n 196.32.76.117"
#
# Use "?" to get help.
#
#
# The following results may also be obtained via:
# http:/ /whois.arin.net/rest/nets;q=196.32.76.117?showDetails=true&showARIN=false&ext=netref2
#
African Network Information Center NET196 (NET-196-0-0-0-0) 196.0.0.0 - 196.255.255.255
Latin American and Caribbean IP address Regional Registry LACNIC-ERX-196-32-32-0 (NET-196-32-32-0-1) 196.32.32.0 - 196.32.95.255
#
# ARIN WHOIS data and services are subject to the Terms of Use
# available at: https:/ /www.arin.net/whois_tou.html
#
Querying whois.abuse.net for skyonline.net...
mailto:abuse[at]skyonline.net.ar (for skyonline.net)
mailto:networking[at]skyonline.net.ar (for skyonline.net)
mailto:monitoreo[at]skyonline.net (for skyonline.net)
mailto:abuse[at]skyonline.net (for skyonline.net)
-
In that case, I recommend gena01.com/win32whois to windows users, for finding contact addresses when the spamcop parser doesn't find one. For me, it found most of them.
I pasted the found addresses, separated by a space, in the "User Notification" address field in the "Report spam to:" section of the spamcop parse report.
-
..
There is no abuse address available
..
I get confused here. Are you telling me that the two emailadresses that Win32Whois found at abuse.net, support[at]teentelecom.net and viorel[at]teentelecom.net are wrong?
-
For instance, "No reporting addresses found for 89.47.3.126", while Win32Whois queried abuse.net and found support[at]teentelecom.net and viorel[at]teentelecom.net.
I do remember some parse reports where abuse.net was succesfully queried.
Why is abuse.net not à llways queried, when a ripe etc whois fails?
-
How do I safely report missing abuse address in RIPE database?
From
http://www.ripe.net/report-form
I have the impression, that I have to mail to the maintainer, and when the mnt doesn't comply, I can report to RIPE.
With netname AM-ORANGE-ARMENIA I hesitate to mail the mnt with my own e-mailaddress. Is my fear realistic? What is the safest and best way to report to the mnt address?
In this case it is about "No reporting addresses found for 46.241.172.8".
I guess noc[at]orangearmenia.am would be the address to report missing contact address to, and after 3? months no compliance, report to RIPE?
extsearch.ripe.net/fcgi-bin/whois?searchtext=46.241.172.8&filter_mail=ON
apps.db.ripe.net/whois/lookup/ripe/mntner/OAR-MNT.html
say
inetnum: 46.241.128.0 - 46.241.191.255netname: AM-ORANGE-ARMENIA
descr: Dynamic Pool for 3G Internet subscribers
country: AM
admin-c: ALEX101-RIPE
tech-c: ALEX101-RIPE
status: ASSIGNED PA
mnt-by: OAR-MNT
changed: alexandr.saroyan[at]orange-ftgroup.am 20101224
source: RIPE
person: Aleksandr Saroyan
address: RA, Yerevan, V. Sargsyan str., 7th floor.
phone: +374
nic-hdl: ALEX101-RIPE
mnt-by: OAR-MNT
changed: alexandr.saroyan[at]orange-ftgroup.am 20091207
source: RIPE
mntner: OAR-MNTdescr: Orange Armenia objects maintainer
admin-c: ALEX101-RIPE
upd-to: noc[at]orangearmenia.am
mnt-nfy: noc[at]orangearmenia.am
notify: noc[at]orangearmenia.am
auth: MD5-PW #Filtered
mnt-by: OAR-MNT
referral-by: OAR-MNT
changed: alexandr.saroyan[at]orange-ftgroup.am 20090522
source: RIPE #Filtered
-
Point taken.
Frustration here, having caused frustration, feeling overworked, causing overwork.
Frustration having to look up the ip#s by hand.
I hope the spamvertised websites will be taken down.
Ehm ... Is reporting "Cannot resolve <unclickable link>" appreciated?
I only will post more of those if those áre appreciated.
-
today same for
http:/ /wwwq.ubestgreatneteurodice.com/
http:/ /wwwu.ugreatcasheurodice.com/
http:/ /wwwb.ugreattopeudice.com/
http:/ /www.webgreatgoldensp.com/
[edit to break links, title amended to minimise internet search engine indexing]
-
win32whois http:/ /www.weblinegreatsp.com
& also for http:/ /www.webgreatgoldensp.com/
& http:/ /www.weblifegreatsp.com/
IP: 78.80.111.20..
Querying whois.ripe.net:43 for 78.80.111.20...
..
% Information related to '78.80.96.0 - 78.80.127.255'
inetnum: 78.80.96.0 - 78.80.127.255
netname: TMOBILE-CZECH-ADSL
descr: xDSL customer network
country: CZ
admin-c: HR6606-RIPE
tech-c: HR6606-RIPE
status: ASSIGNED PA
mnt-by: AS13036-MNT
source: RIPE # Filtered
role: Hostmaster Radiomobil
address: T-Mobile Czech Republic a.s.
address: Tomickova 2144/1
address: Praha 4
address: 149 00
address: Czech Republic
admin-c: TM2924-RIPE
tech-c: TM2924-RIPE
tech-c: TN898-RIPE
tech-c: JK5069-RIPE
remarks: --------------------------------------------------
remarks: In any case of abuse, security or copyright issues
remarks: please contact:
abuse-mailbox: mailto:abuse[at]t-mobile.cz
remarks: --------------------------------------------------
nic-hdl: HR6606-RIPE
mnt-by: AS13036-MNT
source: RIPE # Filtered
Edit by SteveT (turetzsr) to intentionally break the URL links to avoid accidental navigation to the spamvertized sites.
-
"No reporting addresses found for 119.226.253.227"
win32whois 119.226.253.227
Checking IP: 119.226.253.227...Name: segment-119-226.sify.net
IP: 119.226.253.227
Domain: sify.net
found abuse[at]satyam.net.in
at
http://abuse.net/lookup.phtml?domain=sify.net
abuse[at]satyam.net.in (for sify.net)customercare[at]satyam.net.in (for sify.net)
customercare[at]sify.com (for sify.net)
-
Now that there was a rollback as mentioned in the announcement of aug 10
http://forum.spamcop.net/forums/index.php?showforum=39
when report address is not found by spamcop system, and I find them myself with -B flag or otherwise, I now put them in the user notification field.
What has spamcop planned to do concerning the -B flag? Is spamcop going to use the -B flag?
Is it still usefull to post the self with -B flag found report address in this subforum?
-
found noc[at]kmtn.ru at
http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON
inetnum: 46.228.104.0 - 46.228.111.255netname: KGTS_DIALUP_LEASE
descr: ADSL OAO KGTS
country: RU
admin-c: KN1067-RIPE
tech-c: KN1067-RIPE
status: ASSIGNED PA
mnt-by: kmtn2-mnt
changed: quicksour[at]gmail.com 20110224
source: RIPE
role: Kmtn NOC
address: 6, Gagarina street
address: Kostroma city
address: Russia
e-mail: noc[at]kmtn.ru
admin-c: SOUR3-ripe
tech-c: sour3-ripe
nic-hdl: KN1067-RIPE
mnt-by: kmtn2-mnt
changed: quicksour[at]gmail.com 20100811
source: RIPE
-
found admin[at]kerch.com.ua; kodis[at]kerch.com.ua
at
http://extsearch.ripe.net/fcgi-bin/whois?s...;filter_mail=ON
inetnum: 217.175.4.0 - 217.175.7.255netname: KERCHNET-PLUS-4
descr: KerchNET-PLUS-4 Network
country: UA
admin-c: SVD29-RIPE
tech-c: VYP5-RIPE
remarks: INFRA-AW
status: ASSIGNED PA
mnt-by: MNT-MSNET
mnt-lower: MNT-MSNET
mnt-routes: MNT-MSNET
changed: serge.dudin[at]gmail.com 20090114
source: RIPE
person: Serge V Dudin
address: Dubinina, 20
address: Kerch
address: Ukraine
e-mail: admin[at]kerch.com.ua
phone: +380 65 6161509
fax-no: +380 65 6161420
nic-hdl: SVD29-RIPE
changed: s.dudin[at]kerch.net 20080530
source: RIPE
mnt-by: MNT-MSNET
person: Valery Y Pismennyi
address: Dubinina, 20
address: Kerch
address: Ukraine
e-mail: kodis[at]kerch.com.ua
phone: +380 65 6161509
fax-no: +380 65 6161421
nic-hdl: VYP5-RIPE
changed: admin[at]kerch.com.ua 20080529
source: RIPE
mnt-by: MNT-MSNET
obscure address in coded content
in New Feature Request
Posted
I noticed that my mailaddress is obscured in the header, but not in base64 coded content.
I figured out how to manually decode via a website the two coded pieces, obscure and recode.
Takes some effort though.
I Would surely appreciate automation of that.