Cutsnake88

Members
  • Content count

    23
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Cutsnake88

  • Rank
    Member

Recent Profile Visitors

132 profile views
  1. Thanks. Obviously, I didn't know that.
  2. The email headers don't look at ALL like a forgery. I've attached a PDF of the top part of the (munged) headers, with the very obvious Sendgrid stuff highlighted. This is the kind of headers (with a bunch of other X- lines below this) that Outlook365 Exchange always has, and up until the past few days, they've all parsed fine. Now, some parse perfectly, others do what this one has done. Spamcop - sendgrid.pdf
  3. I do a few reports a day. My email comes in through Outlook365 Exchange and I generally report messages that hit my quarantine. Just in the past few days, about half of the messages I report to Spamcop come back saying that the report will go to Hotmail, when the sender is clearly someone else. Below is a screenshot. Looking at the header, the email is clearly coming from Sendgrid. I haven't change the way I'm reporting, and report using the full (huge) Outlook365 Exchange headers. What's going on?
  4. Yay! That was the problem. Stupidly didn't even think of it, as I had thought it was my email addresses (not server) that needed to be registered, and those hadn't changed. Thank you very much!
  5. After using Spamcop for years, I've changed my email setup and now can't get it to work. A few months ago, I switched from hosted POP mail on a VPS to Outlook365 Exchange email. I know how to get the full headers - which are HUGE, but the originating IP is easy to find - but when I paste them with the email body into a Spamcop report, I get a message saying that it has identified the spam as having an "internal IP source", and "no source IP found". Screenshot below. The issue appears to be that the first line of the Exchange header does NOT include the originating IP. It's further down. I'm attaching the beginning of the headers for a recent spam, and you can see that the originating IP is 103.246.249.41, but that's found further down. Received: from SY3AUS01FT014.eop-AUS01.prod.protection.outlook.com (10.152.234.52) by SY3AUS01HT005.eop-AUS01.prod.protection.outlook.com (10.152.234.113) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8; Fri, 27 Jan 2017 20:33:38 +0000 Received: from AUS01-ME1-obe.outbound.protection.outlook.com (65.55.88.147) by SY3AUS01FT014.mail.protection.outlook.com (10.152.234.114) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8 via Frontend Transport; Fri, 27 Jan 2017 20:33:37 +0000 Received: from ME1PR01CA0089.ausprd01.prod.outlook.com (10.171.8.22) by ME1PR01MB1860.ausprd01.prod.outlook.com (10.171.12.142) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.12; Fri, 27 Jan 2017 20:33:35 +0000 Received: from ME1AUS01FT011.eop-AUS01.prod.protection.outlook.com (2a01:111:f400:7eb4::204) by ME1PR01CA0089.outlook.office365.com (2603:10c6:200:18::22) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.874.12 via Frontend Transport; Fri, 27 Jan 2017 20:33:35 +0000 Authentication-Results: spf=none (sender IP is 103.246.249.41) smtp.mailfrom=halwaaameat.com; mungeddomain.com; dkim=pass (signature was verified) header.d=halwaaameat.com;mungeddomain.com; dmarc=bestguesspass action=none header.from=halwaaameat.com;mungeddomain.com; dkim=pass (signature was verified) header.d=halwaaameat.com; Received-SPF: None (protection.outlook.com: halwaaameat.com does not designate permitted sender hosts) Received: from halwaaameat.com (103.246.249.41) by ME1AUS01FT011.mail.protection.outlook.com (10.152.232.98) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P384) id 15.1.803.8 via Frontend Transport; Fri, 27 Jan 2017 20:33:34 +0000 SO... I still want to use Spamcop, but how do I do it when the start of my headers look like this^^??
  6. I've given Don my login details and he has removed the "ISP has indicated..." flag. I'm not sure whether to report them directly to him or here, from now on. A bunch more today... licensednhlteamjerseys.com- hosted by Crissic Solutions http://www.spamcop.net/sc?id=z5944469981za...d202ce40a148dbz ISP has indicated spam will cease; ISP resolved this issue sometime after 8/17/2014 11:50:10 AM +1000 uscaralarms.com - hosted by CloudFlare http://www.spamcop.net/sc?id=z5944472954z5...9229728d133a5az ISP has indicated spam will cease; ISP resolved this issue sometime after 8/17/2014 2:05:23 AM +1000 faqirs.eu - hosted by Eonix http://www.spamcop.net/sc?id=z5944473876zf...15554c10210c7dz ISP has indicated spam will cease; ISP resolved this issue sometime after 8/17/2014 1:43:23 AM +1000 qptherapy.com - hosted by CloudFlare http://www.spamcop.net/sc?id=z5944475515z1...0965e377cd91ffz ISP has indicated spam will cease; ISP resolved this issue sometime after 8/17/2014 1:10:57 AM +1000 baggiest.eu - hosted by Eonix http://www.spamcop.net/sc?id=z5944477129za...6e10150e012600z ISP has indicated spam will cease; ISP resolved this issue sometime after 8/16/2014 3:28:42 PM +1000
  7. I'm continuing to report them, but the spam cesspits that are Eonix.net and CloudFlare, just keeps sending them and saying they've fixed the problem. More today: hareems.eu (Eonix) http://www.spamcop.net/sc?id=z5942040827za...cfa126fe28c922z ISP has indicated spam will cease; ISP resolved this issue sometime after 8/14/2014 12:59:32 PM +1000 boatads.net (CloudFlare) http://www.spamcop.net/sc?id=z5942044110z4...724ee645aac8c5z ISP has indicated spam will cease; ISP resolved this issue sometime after 8/14/2014 5:00:57 AM +1000 pandores.eu (Eonix) http://www.spamcop.net/sc?id=z5942057033z4...8412f84c30707fz ISP has indicated spam will cease; ISP resolved this issue sometime after 8/13/2014 5:53:08 PM +1000 pandores.eu (Eonix) http://www.spamcop.net/sc?id=z5942059857z9...afade14427787ez ISP has indicated spam will cease; ISP resolved this issue sometime after 8/13/2014 5:53:08 PM +1000 pandores.eu (Eonix) http://www.spamcop.net/sc?id=z5942061170zd...23510bb69263a4z ISP has indicated spam will cease; ISP resolved this issue sometime after 8/13/2014 5:53:08 PM +1000
  8. They just keep coming in. Another one just now.
  9. Don - I've emailed that through. There were several more this morning. Looks like most of them are originating from Eonix.net. Out of curiosity - and trying to find out their IP range, so I can block them - I went to Spamhaus, and they are showing no reports at all from Eonix. Given that I've received I'm guessing a hundred spams from them in the past couple of weeks - with many, many of those reports not being filed because of the "ISP has indicated..." message, I can't believe they're not getting the web-wide rap they deserve! K
  10. I'm being bombarded by spam - all in the same format, all with the same tracking ID for me - coming from the same ISP. I keep trying to report it, but the message is that no report has been filed because the "ISP has indicated spam will cease". Of course, that appears to be a total lie. This has been going on for at least a couple of weeks. Below are the ones just from the past few days. Note: I'm not 100% sure every one of these fit the pattern, but I know that almost all of them do. (Deleted the original emails and there are NO REPORTS to reference.) Submitted: 8/11/2014 2:58:25 PM +1000: Walk-in tub options you can't say no to No reports filed Submitted: 8/11/2014 2:24:33 PM +1000: Compare popular business phone systems No reports filed Submitted: 8/11/2014 2:21:59 PM +1000: Friday Sale Save Over 80% on 15 Premium Cigars + BONUS Humidor! No reports filed Submitted: 8/11/2014 8:24:03 AM +1000: A Reverse Mortgage Could Help You Become a Happy Homeowner No reports filed Submitted: 8/9/2014 4:57:08 PM +1000: Protect your family's future with term life coverage No reports filed Submitted: 8/9/2014 4:54:30 PM +1000: Important: You score may have been updated No reports filed Submitted: 8/8/2014 9:16:09 AM +1000: Stay connected with satellite Internet services No reports filed What can be done about "ISP indicates spam will cease" messages, when they don't? How do we flag an ISP that continues to let the spammer spam?
  11. Ah, well... I've been wrong before! I've got so I know many of the tracking IDs embedded in the body of my repeated spammers and mung those myself. That's a sad state of affairs, really!
  12. If the spammer is also the server admin, it would be easy to trace the original email using the email ID etc in the header. I have to assume that information - added by the originating server on the way out - wouldn't be munged, allowing reputable ISPs to track spammer activity and complaints. If that's the case, munging the email and other ID stuff included in the original email doesn't help when the spammer is also the server admin.
  13. The reporting address for these people has now been updated on Spamcop to be network[at]brainpulse.com. In other words, spam reports are going to the spammer - confirming all of our email addresses are live. Spamcop is not reporting to CERT-India (incident[at]cert-in.org.in, although I've been adding that to the reports, along with the "spam Crime Gang" wording suggested above. Screenshot: http://screencast.com/t/wjx3aBMZI5 CERT India actually did email me back a few weeks ago and said they were taking action, but nothing has happened and they're still spamming. The nameserver is indianemailmarketers.co.in. Now what?
  14. UPDATE I actually got an email back from CERT India! (Never thought that would happen!) They said they were taking action against Brainpulse, the Noida IN-based owner of the spam server. Lo and behold, the spam has stopped... at least for now.