Richard W

Forum Admin
  • Content count

    67
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Richard W

  • Rank
    Member

Contact Methods

  • Website URL
    http://
  • ICQ
    0

Profile Information

  • Gender
    Male
  • Location
    Canada

Recent Profile Visitors

493 profile views
  1. I'll file a bug report on the exact matches as those should be munged. I can't say whether the address is being munged in the delivered report or not. In the ones I check in the past, they were munged. This looks to be a different situation though. The only real way of checking is to send yourself a report and see what you get. I can't really make an argument on munging the from address where it is not an exact match with the recipient address though. sameLHS [at]gmail.com is not a match with the address the spam was sent to. If its any consolation, this does look to be gamut spam, so the reports are not going back to the spammer/bot operator. But it is a door we need to get closed again. Richard
  2. There will be a planned outage of the SpamCop forum on Monday April 25 from 6:00 am to 10:00 am PDT. During this time the forum hosting provider will be upgrading the software to its new version. Richard
  3. Lou is correct. When we took over the MX from CESmail in 2014 our concern was we didn't want users losing email addresses they had come to rely on, but it was not feasible to take over the actual mail service. Therefore our promise was to forward received mail to an address provided by the user. No filtering is done. The mail shouldn't be coming to you as an attachment. The mail just passes through as a .fwd rule, adding a hop to the header. There is no actual server at mvx.spamcop.net to accept the mail, store it and forward it. Richard
  4. Word is the bug should be fixed. A patch was pushed out Wednesday night after a couple of days of beta testing. The issue was created when some coding was changed/removed to correct css vulnerabilities. It took a while to get a secure workaround.
  5. I just want to follow up a little bit with what Lou had to say. As many of you have noted, it has been a rough few weeks around SpamCop. Believe me though, it's been tougher on this side of the screen than on your side. With all the security breaches and break ins and data thefts, everyone is concentrating on security. There has been huge increases in spam in recent weeks from exploits in all the major CMS software, including Joomla, WordPress and others. This means anything scripting, such as php, cgi, or whatever is suspect. Our back end teams are pouring through code looking for anything that might be suspect and making changes. Of course with all the inter-dependencies in SpamCop those changes will sometimes unexpectedly break things. That's what is behind things like the not finding links issue, html display issues, etc. It's a time consuming process but it is all being done to maintain the integrity and security of SpamCop. Fixing some of the breaks will always be prioritized along with all projects underway, so sometimes they are going to take longer than normal. They are all being tracked and will be fixed. Cisco remains committed to SpamCop and SpamCop is a very important part of their security operations. This includes SpamCop being part of the Talos group at talosintel.com, where we are part of Cisco's overall security research, response and development team. Richard
  6. As I had stated and shown, reports are going out with the addresses munged. If I suspected there was an issue I would have been the first to make the call to flip the switch on SpamCop until the problem is resolved. There is an issue with the html rendering and display on the SpamCop pages, where mark up language is being shown instead of tag characters causing the display to not show the tags properly, outgoing reports are being interpreted properly and user addresses are munged. I'm working with our development team to get this resolved. Richard
  7. I can assure you reports are going out with the addresses munged. The same bug that is causing html tags to be converted to ascii is causing addresses to be displayed when you look at the message in your browser. However the report that goes out is sent correctly: User-targeted report, see notes, if any. https://www.spamcop.net/w3m?i=z6zzz004zfdd2e5bb2b90188260669f94dbxxx [ Offending message ] Return-Path: <wegwuag[at]pizda.ninka.net> Delivered-To: <x> Received: from vmx5.spamcop.net by prod-sc-queue2.sv4.ironport.com (Dovecot) with LMTP id OomQJealClfyYgAA97r88g for <x>; Sun, 10 Apr 2016 12:14:14 -0700 Received: from pizda.ninka.net (unknown [101.71.197.33]) by vmx5.spamcop.net (Postfix) with ESMTP id 0DBBBED2FE for <x>; Sun, 10 Apr 2016 12:14:06 -0700 (PDT) Received: from axu (unknown [140.165.46.118]) by pizda.ninka.net with SMTP id mwaAOpRAeo7IlIZv.1 for <x>; Mon, 11 Apr 2016 03:14:06 +0800 Message-ID: <2016____________5127[at]pizda.ninka.net> From: =?utf-8?B?54eV5oC7?= <wegwuag[at]pizda.ninka.net> To: <x> Subject: =?utf-8?B?5pyA5paw5Ye65Y+w55qE5paw5Yqz5Yqo5ZCI5ZCM5rOV?= Date: Mon, 11 Apr 2016 03:14:00 +0800 MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="----=_NextPart_000_0E7B_011A47D6.17D6E4E0" X-mailer: Rnnxeyfsyy 3 Richard
  8. Announcement It is with extreme sadness that we announce the passing of long time SpamCop Deputy Don Bennett (aka Don D'minion). Don was the first deputy hired by SpamCop in about 2001 and has been busy in the fight against spam since then. Although Don may have been hard-nosed, he also had the thick skin needed in this job. Underneath, he held a true desire to just make sure things are done right. He was a colleague and a friend, who truly will be missed. Anyone that has been making contact through the service[at] alias can continue to do so as I'll be looking after that mailbox for the time being. If you've been using one of his personal aliases to contact SpamCop, please change to service[at] or deputies[at]. Thank you and may God bless Don and his soul. Richard
  9. Please be patient with us on this one. We have 24 shiny new servers coming online that are running a new version of SpamCop (v4.8.3.028) on CentOS versus FreeBSD and SpamCop v4.8.2.018. Obviously we're working through some bugs so you're seeing us switching back and forth between the servers. Hopefully everything will be worked out and we'll be on the new servers full time by mid-week. Richard
  10. It's been a long time since I've hand parsed it took me a bit to get on top of this :-) The parsing engine does act differently for users that have mailhost records in their account versus those that don't (you don't). It does rely a little more on chain verification, time stamp matches, things like that when there is no mailhost record. Note in the parsing there is a couple of statements: mail.gavle.to and h-214-100.a322.corp.bahnhof.se have close IP addresses - chain verified Possible relay: 85.24.214.100 Received line accepted After that the received lines fail the chain test, so it falls back and takes the most recent accepted line, which is the handoff from 37.9.53.106, which does look like the correct target to me. I looked at a bit of your report history to see how your network handles mail. Some other samples from this same source convinces me the right source was selected. If you had mailhosts in your account the parsing would probably have stopped at 85.24.214.100, but here it went one step further. Certainly not a wrong choice. Richard
  11. Both remain valid. Don was having some mail issues, which have been resolved. R
  12. Important Announcement: The SpamCop Reporting Service is saddened by the news that Corporate Email Services (CESmail) will cease operations on September 30, 2014. As the exclusive provider of email service under the spamcop.net name, we have had a long standing business relationship with CESmail, which enhanced the service we have provided since 1998. SpamCop has worked with CESmail to ensure an orderly shutdown. To minimize impact to SpamCop users, CESmail has provided instructions to their customers to change their account options and provide a forwarding address prior to 5:00 pm EDT September 30, 2014. At that time SpamCop will take over the mail forwarding and CESmail will permanently close their operations. On the transition day, we will do our best to ensure the service migration to be seamless, however please be informed that temporary service disruption may happen. SpamCop will provide this mail forwarding service with no additional or future charge to our users. Our commitment is to provide the forwarding service through 2015 and review the ongoing need for this service annually each fall. Should you wish to discontinue this forwarding or change the address mail is being forwarded to, you will find a new tab on the SpamCop.net Reporting Service page when logged in allowing you to do this. It is important CESmail customers follow the instructions provided to set up forwarding. There will be no rescuing email accounts, files or folders once we take over the forwarding service. Those who have subscribed to the CESmail provided mail service have enjoyed enhanced access to the SpamCop reporting service, including all features of a premium SpamCop reporting account. This includes the ability to have standing addresses receive copies of SpamCop reports, the option to add addresses to receive copies of SpamCop reports, the option to appeal issues to SpamCop staff from directly within the reporting structure, and of course no nag screens when reporting spam. Anyone who has a CESmail account at the time of shutdown on September 30 will continue to enjoy the premium access to the SpamCop reporting service indefinitely without additional or future charge. SpamCop is also pleased to announce that while the user support forums have been hosted by CESmail, we will continue to keep the forums operational as the primary source for user support. Peer to peer support has been an important part of keeping SpamCop as a free service. To accommodate the changeover of the SpamCop Forums to our servers there will be a short outage of the forums on Thursday, October 2 between 9:00 a.m. and 11:00 a.m. PDT. There has been speculation that the end of the SpamCop mail service is a sign of Cisco not supporting SpamCop. Nothing could be further from the truth as Cisco remains completely supportive of SpamCop and further commits to upcoming and ongoing enhancements to the SpamCop reporting service. Again, we must reiterate the importance that you follow the instructions you have received from CESmail to set your mail forwarding options prior to the changeover in service at 5:00 p.m. EDT this Tuesday, September 30, 2014. Richard
  13. Cisco recognizes the performance issues many users of SpamCop.net have been experiencing, and would like to apologize to the community for the service delays. Over the past week our researchers have been actively monitoring increased global spam volumes caused by heightened botnet activity. Our investigations have revealed this as a global event not specific to SpamCop. In the past, the service has successfully processed higher volumes of spam, but our team has identified performance issues within our infrastructure. SpamCop remains an important part of our technology, and Cisco is working diligently to restore SpamCop to its previous service levels. Even as we continue the investigation, the spam and botnet data collected from SpamCop is improving Cisco’s industry-leading anti-spam solution for our customers. To show appreciation to the SpamCop community, Cisco is offering $15 worth of fuel to all registered users of the SpamCop spam reporting service. Registered users will receive an email notification within 3-5 days with further instructions and details on the credit. Cisco remains committed to the community and we acknowledge their contributions are integral in the continuing fight against spam. We remain a committed partner to the cause. Again, we apologize for the intermittent delays, and as our investigation continues, we will provide regular updates to the SpamCop community.
  14. The SpamCop.net Reporting Service is scheduled to be offline and unavailable for up to four (4) hours beginning about 9:00 a.m. PDT on Thursday May 10, 2012. The reason for the outage is to bring you a major update to the SpamCop.net Reporting Service, including the capability for parsing and reporting IPv6 sourced spam and IPv6 address space. The new version will show as SpamCop.net v4.7.0.019 The SpamCop.net website, including spamcop.net, www.spamcop.net, members.spamcop.net and mailsc.spamcop.net will be down during the upgrade. Emailed spam submissions will continue to be accepted but will not be processed during the downtime. Once the service is brought back online you can expect a delay of several hours as the backlog of spam is processed. The SpamCop mail service, newgroups and forums is not affected by this scheduled outage and will continue to be available throughout the upgrade. Thank you in advance for your patience Richard