Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About nei1_j

  • Rank
  • Birthday 01/01/1916

Contact Methods

  • Website URL

Profile Information

  • Location
    Suburb of NYC
  • Interests
    Discovering Classical music streams. Donating unused computer clock-cycles to World Community Grid distributed computing projects.
  1. Hi LKing. You wrote: > I don't know you. Well, we've never been formally introduced. But since my social graces stink, I'd better leave it to someone else. "Administrator." Cool. Thanks for serving. Hi Gnarley. OK about Yahoo servers. But this has been happening, occasionally, with Yahoo for sooooo long. If it's their problem, then I guess they're uninterested in doing anything about it. Personally, I set my clocks almost often enough that I should talk to my shrink about it. Too bad their "wrong time" isn't some time in the future. Then I could get extra-credit for reporting spam that hasn't even been sent yet. Or something like that. -n- https://smokymountains.com/fall-foliage-map/
  2. nei1_j

    OVH.Net spam ?

    I remember when the gmail spam folder stopped being empty all the time. But so far, no non-spams in my spam folder(s). That would be an awful turn of events, as they evolve from doing everything well to not doing anything right.
  3. Received: from (EHLO sequencemarket.pw) by with SMTP; Sat, 3 Oct 2020 21:33:50 +0000 X-Apparently-To: x; Sat, 3 Oct 2020 21:33:51 +0000 Date: Sat, 03 Oct 2020 17:32:47 -0400 (EDT) The header says this email was processed around 1700 Hours my local (Eastern) time, +0400. Other times are given as 2100 +0000. So the times are consistent. I know I checked for fresh spam multiple times last night. I don't know exactly when it showed up, but it didn't show up when it was processed. I just found the spam at 1000 hours, the day after, 17 hours after the spam was apparently processed. My hypothesis is that, for whatever reason, Yahoo held on to the spam for many hours, rending it useless for SpamCop reporting. Am I interpreting the timeline correctly, that Yahoo is delaying delivering spams? Anyone else notice this? Even before their last corporate takeover, I've seen this behavior from some Yahoo spams. Or, is it a trick by the spammer? Thanks, -n-
  4. nei1_j

    OVH.Net spam ?

    Ok. So the whole "Received:" line is a forgery. If anyone's interested: https://www.spamcop.net/sc?id=z6643327190zb33a603c90f8edb039ee9fc7ef49ffd1z
  5. nei1_j

    OVH.Net spam ?

    Hi Gnarly. Thanks for the reply. I think I understand some of that. Are you saying that Newegg was hacked?!? But what you say suggests that it would indeed be beneficial if I can send in those SpamCop reports ASAP. Perhaps if someone can invent a SpamCop Alarm, so that my computer would beep when stuff shows up in my spam folder. That would certainly cut down on my reporting delays.
  6. nei1_j

    OVH.Net spam ?

    > ovh.net Me too. If you wanna hear a nightmare: I went to Googlemaps to find a doctor near me. I found a nearby listing, but the address was a private residence, but they provided a cellphone number. So I sent a text message with damn near my life's story in it, including my ever-clean [google] email address that I use for friends and family. One clue that the listing was fake was that the Dr.'s name was Dibbledydibble, or something like that. But, y'know, I needed a doctor, and who ever heard of people using Googlemaps to harvest information like that? That fake "doctor's" listing disappeared. Within a couple of days, I started getting ovh.net and some other spams to my "clean" email address. Anyway, google does a good job of keeping spam out of the Inbox. I haven't anti-spammed in a long time, but this guy forced me back into it with a vengeance. I'm even setting my alarm clock for 2:30 AM to catch his 1:30 AM spams, so I can report them Fresh. Based on this thread, I wouldn't expect this unstoppable behavior to come out of a civilized country as France. It's disappointing that there's no authority there to affect ovh.net. I just noticed, an interesting line from my most recent report: Received: from p1-002133.promo.newegg.com (214.ip-51-79-145.net. []) by mx.google.com with ESMTPS id l3si5139590plb.379.2020. for <x> According to ipinfo.io, is ovh.net. They report a Canadian flag. The report was not copied to Newegg. I'll have to send a copy on my own. "Dear Newegg, I found your name in the header of a spam-email, if you might be interested..." I don't understand how the spammer got Newegg tied up with his shenanigans. Thanks for anti-spamming.
  7. Lancer, Yes sir. Let's give it a chance to see where this goes before we give up. -neil-
  8. I have an opinion. Isn't that intriguing? Most of the spam I submit is from Yahoo. My first Yahoo email address has declined into being useful as an exceptional spam-honeypot -- I think I clicked on an "Unsubscribe" link in it back in 1999. My other Yahoo addresses, including one from which I never sent ANYTHING, are also useful sources of spam. The combination of having Yahoo accounts and having signed up to make Spamcop-submissions is hopefully doing some good, somehow. If not in this dimension, then maybe the next. I think I submit Yahoo-spam differently. The Spamcop parser requires something from the "body" to be added after the header, with an empty line inbetween. The header is easy. Don't tell anybody I said so, but I just copy and paste the subject into my submission, after an empty line after the header, and I call that macarroni "Body." If the parser won't accept a submission without something like a body, then that's what I give it. Of course, the spambodies are where the spamdresses are, and now I'm not sending in any of them. There goes my moral credibility. But I like to think I got to that point honestly. I also used to pull out my hair because the parser frequently couldn't find obvious URLs in the bodies I submitted. When I ran out [of hair], I realized that the real value is to report the spam-source IP addresses. Hey, we're lucky if an ISP stops the account of a spammer, but even that isn't hardly a given, these days. I don't believe that any great detective resources are being devoted to turn spamdresses into arrests, fines, and jail-terms, so I stopped worrying about 'em. So when I'm done submitting the header (and the subject, twice), I haven't even opened the spam to see what they claimed to be selling. I don't care anymore. Happy just to disconnect computers sending the spam, then it won't matter what the spamvertisement addresses were. Today, I think that leaves us wanting ISPs to be more accountable for their users sending spam, pirate ISPs to be raided and put into cells with nothing more than childrens blocks to play with, and more SpamCop participation. https://0.s3.envato.com/files/135029.jpg The thing that brought me to the Forums today is that for the past couple of weeks, almost all of my spam have been from IP addresses that SpamCop can't determine their ISPs, so all the submissions go into the round-devnull-file. Network-tools.com, Robtex.com, and NirSoft.net's "IPNetInfo" utility have "no records" for the elusive IP addresses. What's being done about that? How are people getting connected to the Internet without any records, thereof? So, I'm looking around to see if anyone else has noticed the same increase in devnull reports, spams that aren't really submitted beyond SpamCop. As far as I can tell, each one represents a spam that someone is getting away with. best luck, -neil-
  9. Ugh. Link-in-the-body, it said "verizon.com." The parser couldn't see it. Pitiful.
  10. I can match that for absurdness. I got a plain-text link-in-body that was ".net." Even after reloading the parser a few times, I couldn't get the parser to notice it was a URL. I have trouble following directions, such as FarelF suggesting IPNetInfo as a DNS lookup tool. Instead, I've had http://network-tools.com/ bookmarked for a few decades. I select "Express," then fill in the URL, and click Go. Usually, it provides an "Abuse" email address (towards the bottom of the page), otherwise, there'll be another email address, which I'm happy to use in those cases. I've been using network-tools.com a lot, lately, and they haven't kicked me off, yet. It is, however, an extra step -- that takes extra time -- in the reporting of spam that wouldn't be necessary if the parser were working properly. --- I might have missed something... What was the general consensus about why Cisco refuses to properly maintain SpamCop, like a good netizen in their position would be expected to do? (E.g., can't handle URLs with "www" or .net...) Did they purchase it to kill it?
  11. Hey, thanks for looking me up. Wow, either you guys were up antispamming pretty early, or pretty late. Good; we need people to report the 3 AM spams "freshly." If I were a computer programmer and were required to provide a Russian version, I'd probably switch to flower arrangement. My spamcop account must have been given a higher priority in the parser after I bitched-&-moaned, because since then, I have not had a single link-in-body that the parser did not recognize as a URL. That's not to say that the links were all valid URLs. Most were not (according to the parser, "Can't be resolved"). But at least the parser recognized they were links and tried 'em all. Sometimes I wonder why a spammer would provide a non-working link. I'll have to email one of them and ask why; just kidding. Well, I guess the other possibility is that the links are "good," but the parser is a slacker at resolving them. I'm Reading Farelf's thread about the parser proclaiming that "links cannot be resolved": http://forum.spamcop.net/forums/index.php?showtopic=13285 So, we're looking at two potential problems with the parser. 1) The parser may have trouble recognizing a link-in-body, even if it's plain-as-day, which I was complaining about. 2) The parser may successfully recognize a link-in-body, but then pronounce "It cannot be resolved," even though it can. If we wanted to confirm if a link-in-body is good, the obvious thing to do would be try to browse to the spam-URL. If you can browse there, but the almighty Parser says the link "Cannot Be Resolved," then we have a problem, Houston. I think it would be best to use a honeypot computer to browse to spam-links, because you could find yourself in a dark, dirty, lonely, infectious corner of the Internet, and you don't want to risk, for instance, your primary computer. But if you browse there and get out alive, please tell us all what you saw there, if your anti-virus software went off like a pin-ball machine, and if you purchased any Viagra. As for the koi-8 problem, I haven't had any Russian URLs lately, but Karlisma has been getting his share, lately, and he sees that the parser is having severe problems processing KOI8-R links, even though the latest word is that it's supposed to be capable. So Karlisma, if you think it's a significant problem, I might recommend starting a new thread focusing on your observation, and send a PM (Private [or Provocative] Message) to "SpamCopAdmin", alerting him of the new thread. It's been years, but I recall SpamCopAdmin is a decent chap. We'll see what he can do. Best luck, -neil-
  12. nei1_j

    URI "discarded as fake"

    Hi Farelf. How do you know the parser is incorrect when it says the URLs don't "resolve?" Are you thinking that it would be illogical for the spam to include a URL that doesn't resolve? Or perhaps, you're plugging the "un-resolvable" URLs into your browser, and you're raising an active website without any problem? You work too hard. Thanks, -neil-
  13. Hi petzl. Thanks for the IPNetInfo. It sounds like a more powerful parser than the one in SpamCop? Best luck, -neil- -------------------------------------------------------- Hi dbiel. Like neil, but different. SpamCop Wiki! That's news to me. Are you sure you don't want to rename it "SpamCop FAQ, The Next Generation?" I'll be reading you. But now, it's after midnight. Tomorrow. Best luck, -neil-
  14. Hi Farelf, Good to see you, in an alphanumeric sort of way. When I described my links-in-bodies not being found by the parser, I missed a relevant part of my spams' description. I "don't display images" in any of my email accounts by default, so I don't ever include miles of Base64 in my submissions. So, any links-in-bodies that I submit come from linked text, or if the URL was displayed in the body. Either as part of an html term, or just the URL without html complications. Either way, it's pretty plain text. So, what I submit for "bodies" is usually a very small bit of data. At least, a little plain text because SpamCop won't accept a submission unless there's something in the body. Even better, the URL of the phish or whatever, also in plain text. I don't know if those long miles of Base64 have URLs encoded in them, which might be a challenge for the parser to decode. But the URLs I submit are in plain text, frequently the only thing I'm submitting for a "body," and even a caveman could recognize they're URLs. And half the time, the parser doesn't report them. At the moment, I'm leaning towards the problem being a glitch at SpamCop. I need some experience to see if hitting my Refresh button will deliver those missing URLs to the parser output. Hope springs eternal. What started as an inquiry is losing its sheen; the important thing is to notify the ISP from whence comes the spam. Not so important is the URL that is unfortunate enough to be written into the [body of the] spam. And therefore, not so important if the parser has a challenge seeing it, for whatever reason / lack of reason. CU, -neil-