Jump to content

anyone8

Members
  • Content Count

    94
  • Joined

  • Last visited

Everything posted by anyone8

  1. Even after refresh: Tracking message source: 191.241.39.98: Routing details for 191.241.39.98 [refresh/show] Cached whois for 191.241.39.98 : tecnet.ce@hotmail.com Using abuse net on tecnet.ce@hotmail.com abuse net hotmail.com = abuse@outlook.com, abuse@messaging.microsoft.com, abuse@live.com Using best contacts abuse@outlook.com abuse@messaging.microsoft.com abuse@live.com abuse@live.com bounces (347 sent : 174 bounces) Using abuse#live.com@devnull.spamcop.net for statistical tracking. and Report spam to: Re: 191.241.39.98 (Administrator of network where email originates) To: abuse#live.com@devnull.spamcop.net (Notes) To: abuse@messaging.microsoft.com (Notes) To: abuse@outlook.com (Notes) Tracking URL: https://www.spamcop.net/sc?id=z6380314779zc01b81eef2d5f7bbd0e47780055306fez Whois (on source IP shown above) shows abuse-c: FCHSO2 When I found a whois that would track this down (http://www.geektools.com/whois.php): nic-hdl-br: FCHSO2 person: francisco crystian horta de souza e-mail: tecnet.ce@hotmail.com country: BR created: 20131104 changed: 20131104 % Security and mail abuse issues should also be addressed to % cert.br, http://www.cert.br/ , respectivelly to cert@cert.br % and mail-abuse@cert.br Although I'm not sure any of those addresses are the greatest place to send spam reports to, I don't see the connection to live.com/microsoft.com/outlook.com.
  2. anyone8

    service unavailable?

    Yes, it seems like it started working as soon as I went to the kitchen to get something to eat. Thanks for mentioning email reporting. I hadn't thought of that, and since Hotmail doesn't seem to have the "forward as attachment" option, set up the email program on my system to retrieve Hotmail. This led me to discover that this program puts all the spam (from my Hotmail, Yahoo, etc.) into one place, kind of like a unified inbox for spam. That will be much more efficient than checking each one.
  3. Is anyone else getting "service unavailable" when trying to load https://www.spamcop.net/? The next line is "The server is temporarily unable to service your request. Please try again later." The line after that gives a reference number. If anyone has posted about this, or scheduled maintenance recently (this month), I missed it.
  4. anyone8

    Have we figured out who this spam gang is?

    Just FYI, at least some of us don't have access to view the reports you linked. If you only want SpamCop admin to be able to see it, that might work. Otherwise, tracking URLs usually look like: https://www.spamcop.net/sc?id=z6266145351z9959f30df739e6d2f4bba28ae4976342z As far as I know, the easiest way to get the tracking URL is at the top of the page where you scroll down and click the button to send reports.
  5. anyone8

    Massive spam increase

    Thanks for your detailed responses. You have a good point about backscatter. I realized, to my horror, that my server could be doing exactly that. Fortunately, it's not, at least when testing using my mail client. Instead of generating a bounce, my server refuses to even accept the message and "rejected RCPT <address>: Unrouteable address" shows up in my /var/log/exim4/rejectlog. I know testing from one mail client may not cover every scenario, but at least I know it's not as wide open as I feared. If anyone knows of other scenarios I should test, I'd love to hear about it. One note for anyone else running exim4 (at least whatever version came with my Debian server): If your server is configured to relay mail for an IP address, connections from that IP address can generate backscatter instead of performing the behavior mentioned in the previous paragraph, but then you shouldn't be relaying mail for an IP address unless you really trust it not to use your server to send inappropriate mail. One final note on backscatter, there's a pretty good article (IMHO) on Wikipedia [Backscatter (email)] if anyone is interested in reading more, and it even links back to our own FAQ. Back to the topic of mailboxes, creating a mailbox with a forward sounds good. In my particular case, it looks like my hosting provider only allows 5 mailboxes, but then it's free so I can't complain. This certainly gives me some options to consider if I need to make changes in the future though, and that's much appreciated, as I'm almost allergic to spam.
  6. anyone8

    Massive spam increase

    That might work. If you delete an address, does mail bounce so the sender knows they didn't reach you?
  7. anyone8

    Massive spam increase

    Glad to know I'm not the only one that does this! However, I do it by manually editing /etc/aliases on a Linux server. I'm guessing you found an easier way. Do you use any particular service provider that makes it easy to create/delete mailboxes? And do you end up having to check each account individually or do they get combined somehow? Thanks!
  8. Thanks for posting this. Last time I needed it, it was still the "view raw message" option, and I hadn't noticed the change yet. I had resorted to using the "Allow apps that use less secure sign in" to allow me to retrieve spam from Yahoo using a POP client, so I'm glad to be able to change that setting back and get the message source an easier way.
  9. This is the one where I got the "temporary system error" https://www.spamcop.net/sc?id=z6239009824z125b86ad1f42f111fc5227edc6e80898z However, even going back to it immediately after getting the error, the message that reports have already been sent is there. It makes me think the system had an error sending, but thinks it sent or at least knows it tried to. What I can't tell from user side is whether or not the report actually got sent. I know the report ID isn't usually helpful, but in case SpamCop staff needs one to look into this, the report ID for this one is 6461057999. I just happened to notice when I pasted this in that the report ID just happens to end in 999. It's in sequence with the others, but wow that number was climbing fast: 6461056716 5/12/2016, 7:26:46 AM 6461057999 5/12/2016, 7:27:03 AM 6461065435 5/12/2016, 7:35:38 AM Note the other two didn't have errors. I just noticed how fast the report IDs were climbing: 1283 reports in 17 seconds? Looks like that was a significant portion of the 8719 over the ~8.5-minute period between the above samples. If we assume the 8719 over ~8.5 minutes is normal, 1283 in 17 seconds seems like a bit of a departure from a norm of approx 1015 per minute; although I got a D in math so what do I know
  10. anyone8

    Reporting via email to "submit...."

    Although I don't remember the exact error message I got, that reminds me of one I got from my server's webmail (SquirrelMail) when it didn't like something a few months ago. I saw something earlier in this thread about webmail, but if you mentioned which one you're using, I missed it. Which webmail are you using? I looked at the headers from your tracking URL, and the only thing that jumped out at me was the note added by SpamCop indicating it had converted it to plain text. Knowing they add that will make me a lot more comfortable just copying the body and not worrying about chasing down the source code, since I keep running into mail clients where it's easy to get the headers but the full source seems to be hiding somewhere. I have to wonder if there's something in the body that was making the webmail choke when you tried to forward the message. If you don't get an answer from the deputies, I'd be curious to see the source code to the message body if possible. I hesitate to post an email address publicly, but we can always use PM for that if email is needed. Back in the newsgroup days, there was a spamcop.spam where samples could be posted, but I don't know if this web forum has anything like that.
  11. anyone8

    Reporting via email to "submit...."

    Thanks. On gmail, I just copy/paste the source as-is, but I hadn't seen that thread and it was good to read. The normal processing time for email submissions might be about a minute. I haven't clocked it. I just know I find another task to do for a moment and it improves the chances that the "report now" link will be there when I check. I assume the good people at SpamCop wouldn't want me to refresh the screen over and over like the over-caffeinated psycho I may or may not be. I'm usually done reporting by the time the autoreply comes. I suppose that could be because it's sent to a spamcop.net address then forwarded to my real address, but I don't know. The reporting system usually works well enough that I don't give it much thought until something unusual happens.
  12. anyone8

    Reporting via email to "submit...."

    My email submission seems to have also gone and hid somewhere. I've forgotten how to get the source, but I'm sure it's been asked and answered before, so I just hope the recent technical difficulties don't include the forum's search function. Update: Processing my email submission simply took about 40 minutes instead of the usual < 5. I guess I should have given it more time before thinking it had gone in a black hole somewhere.
  13. Mine's not red, but looks like this: Bounce error Your email address, x[at]spamcop.net has returned a bounce: Subject: Delivery Status Notification (Failure) Reason: 5.1.0 - Unknown address error 550-"SC-001 (BAY004-MC4F22) Unfortunately, me= Please ensure your email account is reliable, then click below: To whom it may concern, there may be an issue with using an [at]outlook.com address to receive mail forwarded through spamcop.net, as this has been happening periodically. Today, a test message sent from my hotmail account didn't come through either, so I changed my forwarding address before resetting the bounce flag.
  14. The parser seems to be handling this for some IP addresses but not others, as it still gives the "No valid email addresses found, sorry!" error for 104.206.22.85.
  15. I guess it works part of the time, as the one you added last has the button to send spam reports instead of erroring out. Of course, they'd go to devnull.spamcop.net, but at least they'd be counted instead of lost because of some error in the parser.
  16. Thanks for posting the tracking URLs. Unfortunately, they're now showing the "Sorry, this email is too old to file a spam report" message. Maybe I should check back more often! Anyway, I fed the IP address from one of them to the parser, which will usually get it to tell the email address a person could send an abuse report to. Sure enough, it gave the problem you described. Since what I did doesn't produce a tracking URL, I'll quote the parser's output: I also tried another IP address (108.160.150.154) from one of my spam reports that had recently gone to an address at devnull.spamcop.net. I noticed three differences between the parser output for these two IP addresses (not counting the long explanation starting with "There are several possible reasons for this", which I included in the quote in case it would be useful to someone): "No abuse net record for eonix.net". I don't think this is the problem, but I'm not an expert, just an experienced user. "postmaster[at]eonix.net redirects to net-abuse[at]eonix.net" followed by "net-abuse[at]eonix.net bounces (322 sent : 165 bounces)". I suspect this is where the problem is. My suspicion is that the parser doesn't handle the scenario where it follows a redirect and then finds out that it bounces. In other words, my guess is that if that redirect didn't exist, the parser would do somthing like postmaster#eonix[at]devnull.spamcop.net. The IP address I tried still had at least one valid email address after the parser devnull'ed the ones it didn't like. However, I think the parser will handle the case where all addresses are devnull. Although my reply doesn't solve anything, I'm hoping this discussion will lead to an action by someone who can make a difference. Since the previous discussion in this thread indicates that all the contact addresses for the ISP bounce, I think that makes getting the statistics on the IP address even more important. Maybe some time on the SpamCop blocklist will help the situation somehow. For the IP 104.206.22.85, I did notice the whois says and wondered if that meant they want abuse reports directly from the user rather than through spamcop. Of course, that could be because spamcop gives a little anonymity to abuse reports, which would probably make it harder for an ISP to listwash those who complain. Heaven forbid they actually get rid of the spammer(s) on their network. Hope something I've wrote helps somehow.
  17. A tracking URL would probably help folks troubleshoot this. On the page that is missing the button to send the spam reports, there should be a line "Here is your TRACKING URL - it may be saved for future reference:" near the top and a link (the tracking URL) right below the "Here is your TRACKING URL - it may be saved for future reference:" line.
  18. Or tracking URL, for those who want to see it for themselves: http://www.spamcop.net/sc?id=z6007628019z0a553839e8ee127e2cde75b677032013z I have to confess I laughed when I saw this. An email address that makes a statement (twitterdoesntcareaboutspamreports is "twitter doesn't care about spam reports", for anyone who has trouble seeing it) is totally something I would do. Now I don't know whether to be sad or pissed off that twitter has demonstrated such an attitude that someone has gone to the trouble of setting the reporting address like this. If there is any interesting history on what lead up to this, it might make interesting reading.
  19. anyone8

    Spam to Domain Registrant contact address

    Thanks Farelf. Indeed the PM notification was the only email I got. I'm not sure how I guessed that was the only way the system would email me.
  20. anyone8

    Spam to Domain Registrant contact address

    This is why the contact address for my domain is my spamcop.net email address. I had a feeling it would get spammed, and sure enough, I started getting a lot more spam very soon after I registered my domain. I don't think any of mine was from godaddy, but then spammers seem to keep moving around, probably to try and get around spam blockers. Prior to CESmail shutting down, the spam would get caught in "held mail" and could be reported very easily. Since the shutdown, only legitimate email (no spam) has come through. I preferred being able to report spam rather than having it disappear, but at least it's not getting to my inbox. Unfortunately, unless you happened to be a customer of CESmail before they shut down a little over a month ago, none of what I've wrote so far is likely to do you any good. One thing that may help is reporting every spam you get. In my experience, that seemed to slow them down a little, but your mileage may vary. Another idea: on some domains, "domain privacy" is an option to avoid displaying your contact info, although once the spammers have your email address, I'm not sure that helps much unless you get a new email address and domain privacy at the same time. And welcome to the forums. Hmm... I just noticed you replied to a message from a couple years ago in the "new feature request" area. I'm not sure our discussion is really relevant to new features, so we may find that one of the moderators moves it somewhere. Moderators: I depend on the reply notification feature, so if you move this and think there's any chance it will keep the system from sending me such notification, could you please PM me so I can log in and set the notification in the new location? I'm assuming it will email me if someone sends me a PM.
  21. The parser says but one of the lines from doing a whois on that IP is Just posting this in case one of the admins (Don?) would like to enter this data into the system so it knows where to send reports for this IP range. Tracking URL is http://www.spamcop.net/sc?id=z5999379014za6f3bc221367a98c9f0f5cb9d6f13a9ez
  22. anyone8

    Forwards not working

    I'll 2nd that, report and then vaporize sounds preferable. Vaporizing spam sounds so much more fun than just deleting it. Now if only we could vaporize the spammers too. Have a safe trip!
  23. anyone8

    Forwards not working

    Good point, although they finally quit trying to use my mail server as a relay. I guess getting told "no" a couple dozen (estimated because I didn't bother to count) times a day eventually got the point across.
  24. anyone8

    Forwards not working

    It seems like it would be foolish for a spammer to dictionary attack any of us who report spam.
  25. Glad to see I'm not the only one trying to report spam this morning. Now if only it was working LOL
×