Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About anyone8

  • Rank

Profile Information

  • Gender
  • Location
    Eugene, OR

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Even after refresh: Tracking message source: Routing details for [refresh/show] Cached whois for : tecnet.ce@hotmail.com Using abuse net on tecnet.ce@hotmail.com abuse net hotmail.com = abuse@outlook.com, abuse@messaging.microsoft.com, abuse@live.com Using best contacts abuse@outlook.com abuse@messaging.microsoft.com abuse@live.com abuse@live.com bounces (347 sent : 174 bounces) Using abuse#live.com@devnull.spamcop.net for statistical tracking. and Report spam to: Re: (Administrator of network where email originates) To: abuse#live.com@devnull.spamcop.net (Notes) To: abuse@messaging.microsoft.com (Notes) To: abuse@outlook.com (Notes) Tracking URL: https://www.spamcop.net/sc?id=z6380314779zc01b81eef2d5f7bbd0e47780055306fez Whois (on source IP shown above) shows abuse-c: FCHSO2 When I found a whois that would track this down (http://www.geektools.com/whois.php): nic-hdl-br: FCHSO2 person: francisco crystian horta de souza e-mail: tecnet.ce@hotmail.com country: BR created: 20131104 changed: 20131104 % Security and mail abuse issues should also be addressed to % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br % and mail-abuse@cert.br Although I'm not sure any of those addresses are the greatest place to send spam reports to, I don't see the connection to live.com/microsoft.com/outlook.com.
  2. anyone8

    service unavailable?

    Yes, it seems like it started working as soon as I went to the kitchen to get something to eat. Thanks for mentioning email reporting. I hadn't thought of that, and since Hotmail doesn't seem to have the "forward as attachment" option, set up the email program on my system to retrieve Hotmail. This led me to discover that this program puts all the spam (from my Hotmail, Yahoo, etc.) into one place, kind of like a unified inbox for spam. That will be much more efficient than checking each one.
  3. Is anyone else getting "service unavailable" when trying to load https://www.spamcop.net/? The next line is "The server is temporarily unable to service your request. Please try again later." The line after that gives a reference number. If anyone has posted about this, or scheduled maintenance recently (this month), I missed it.
  4. anyone8

    Have we figured out who this spam gang is?

    Just FYI, at least some of us don't have access to view the reports you linked. If you only want SpamCop admin to be able to see it, that might work. Otherwise, tracking URLs usually look like: https://www.spamcop.net/sc?id=z6266145351z9959f30df739e6d2f4bba28ae4976342z As far as I know, the easiest way to get the tracking URL is at the top of the page where you scroll down and click the button to send reports.
  5. anyone8

    Massive spam increase

    Thanks for your detailed responses. You have a good point about backscatter. I realized, to my horror, that my server could be doing exactly that. Fortunately, it's not, at least when testing using my mail client. Instead of generating a bounce, my server refuses to even accept the message and "rejected RCPT <address>: Unrouteable address" shows up in my /var/log/exim4/rejectlog. I know testing from one mail client may not cover every scenario, but at least I know it's not as wide open as I feared. If anyone knows of other scenarios I should test, I'd love to hear about it. One note for anyone else running exim4 (at least whatever version came with my Debian server): If your server is configured to relay mail for an IP address, connections from that IP address can generate backscatter instead of performing the behavior mentioned in the previous paragraph, but then you shouldn't be relaying mail for an IP address unless you really trust it not to use your server to send inappropriate mail. One final note on backscatter, there's a pretty good article (IMHO) on Wikipedia [Backscatter (email)] if anyone is interested in reading more, and it even links back to our own FAQ. Back to the topic of mailboxes, creating a mailbox with a forward sounds good. In my particular case, it looks like my hosting provider only allows 5 mailboxes, but then it's free so I can't complain. This certainly gives me some options to consider if I need to make changes in the future though, and that's much appreciated, as I'm almost allergic to spam.
  6. anyone8

    Massive spam increase

    That might work. If you delete an address, does mail bounce so the sender knows they didn't reach you?
  7. anyone8

    Massive spam increase

    Glad to know I'm not the only one that does this! However, I do it by manually editing /etc/aliases on a Linux server. I'm guessing you found an easier way. Do you use any particular service provider that makes it easy to create/delete mailboxes? And do you end up having to check each account individually or do they get combined somehow? Thanks!
  8. Thanks for posting this. Last time I needed it, it was still the "view raw message" option, and I hadn't noticed the change yet. I had resorted to using the "Allow apps that use less secure sign in" to allow me to retrieve spam from Yahoo using a POP client, so I'm glad to be able to change that setting back and get the message source an easier way.
  9. This is the one where I got the "temporary system error" https://www.spamcop.net/sc?id=z6239009824z125b86ad1f42f111fc5227edc6e80898z However, even going back to it immediately after getting the error, the message that reports have already been sent is there. It makes me think the system had an error sending, but thinks it sent or at least knows it tried to. What I can't tell from user side is whether or not the report actually got sent. I know the report ID isn't usually helpful, but in case SpamCop staff needs one to look into this, the report ID for this one is 6461057999. I just happened to notice when I pasted this in that the report ID just happens to end in 999. It's in sequence with the others, but wow that number was climbing fast: 6461056716 5/12/2016, 7:26:46 AM 6461057999 5/12/2016, 7:27:03 AM 6461065435 5/12/2016, 7:35:38 AM Note the other two didn't have errors. I just noticed how fast the report IDs were climbing: 1283 reports in 17 seconds? Looks like that was a significant portion of the 8719 over the ~8.5-minute period between the above samples. If we assume the 8719 over ~8.5 minutes is normal, 1283 in 17 seconds seems like a bit of a departure from a norm of approx 1015 per minute; although I got a D in math so what do I know
  10. anyone8

    Reporting via email to "submit...."

    Although I don't remember the exact error message I got, that reminds me of one I got from my server's webmail (SquirrelMail) when it didn't like something a few months ago. I saw something earlier in this thread about webmail, but if you mentioned which one you're using, I missed it. Which webmail are you using? I looked at the headers from your tracking URL, and the only thing that jumped out at me was the note added by SpamCop indicating it had converted it to plain text. Knowing they add that will make me a lot more comfortable just copying the body and not worrying about chasing down the source code, since I keep running into mail clients where it's easy to get the headers but the full source seems to be hiding somewhere. I have to wonder if there's something in the body that was making the webmail choke when you tried to forward the message. If you don't get an answer from the deputies, I'd be curious to see the source code to the message body if possible. I hesitate to post an email address publicly, but we can always use PM for that if email is needed. Back in the newsgroup days, there was a spamcop.spam where samples could be posted, but I don't know if this web forum has anything like that.
  11. anyone8

    Reporting via email to "submit...."

    Thanks. On gmail, I just copy/paste the source as-is, but I hadn't seen that thread and it was good to read. The normal processing time for email submissions might be about a minute. I haven't clocked it. I just know I find another task to do for a moment and it improves the chances that the "report now" link will be there when I check. I assume the good people at SpamCop wouldn't want me to refresh the screen over and over like the over-caffeinated psycho I may or may not be. I'm usually done reporting by the time the autoreply comes. I suppose that could be because it's sent to a spamcop.net address then forwarded to my real address, but I don't know. The reporting system usually works well enough that I don't give it much thought until something unusual happens.
  12. anyone8

    Reporting via email to "submit...."

    My email submission seems to have also gone and hid somewhere. I've forgotten how to get the source, but I'm sure it's been asked and answered before, so I just hope the recent technical difficulties don't include the forum's search function. Update: Processing my email submission simply took about 40 minutes instead of the usual < 5. I guess I should have given it more time before thinking it had gone in a black hole somewhere.
  13. Mine's not red, but looks like this: Bounce error Your email address, x[at]spamcop.net has returned a bounce: Subject: Delivery Status Notification (Failure) Reason: 5.1.0 - Unknown address error 550-"SC-001 (BAY004-MC4F22) Unfortunately, me= Please ensure your email account is reliable, then click below: To whom it may concern, there may be an issue with using an [at]outlook.com address to receive mail forwarded through spamcop.net, as this has been happening periodically. Today, a test message sent from my hotmail account didn't come through either, so I changed my forwarding address before resetting the bounce flag.
  14. The parser seems to be handling this for some IP addresses but not others, as it still gives the "No valid email addresses found, sorry!" error for
  15. I guess it works part of the time, as the one you added last has the button to send spam reports instead of erroring out. Of course, they'd go to devnull.spamcop.net, but at least they'd be counted instead of lost because of some error in the parser.