Jump to content


  • Content Count

  • Joined

  • Last visited

Community Reputation

0 Neutral

About lsadmin

  • Rank
  1. We have been using SpamCop to file received spam reports for a decade or more. Recently, we have received a high volume of spam, to multiple email addresses all from plusserver.de. Netblock: - We have been reporting via SpamCop the spam that we receive from this source for well over 60 days at this point, however NONE of the IPs we've reported, including the one's just reported in the previous 24 hours, are listed in the SpamCop blacklist. Why is this? Here is a list of domains and IP addresses that have been used to send us UCE, specifically over the past 48 hours: smrinfo.com bawift.org refreshhomes.com wallstreetallocate.com emailbootcom.com I'd like to know what's going on with this?
  2. Regarding, "...Because the very same information that can help you, provided in a public forum, can help spammers defeat SpamCop's algorithms. Private communications are much safer, and that is what Don D'Minion suggested." Well of course, but I have also asked this in PM and direct email, and have scowered the extensive FAQs here, but still no dice. I just hate to think that I will have to go through another entire day of this every time we receive SpamCop report, which is very rare thank goodness, but while I am spending hours trying to find the info that SC has, the spammer continues to broadcast, so unless I am incorrect, the whole SC process fails in these somewhat common situations. No?
  3. Sorry, I don't understand your response. Thanks for trying to help though. Apparently this WAS the result of a password compromised email account that sent spam to a spam-trap. But you say, 'any non-spamtrap reports made you will see "report history"'. Okay then, so you seem to be implying that, what? There are just going to be some spamcop reports we receive that will have ZERO detail? If so, then how would receiving such a zero detail report be of much use to any email service provider. That is, other than to become aware that there is an heretofore undetected breached email account on our end, out of possibly thousands..... Sorry, I can't help but to think that there is still something here that I am missing. But perhaps not. At any rate, someone finally sent us the brief header we needed to locate the breached email account in question, that is, after many hours of asking questions and trying to locate the exact info we were finally sent. So we are good for now, but holy-cow, there's just go to be a better way. Don't you agree?
  4. Okay, but the only thing that has worked is that someone from SpamCop finally sent me, via email a reduced header. Then I was finally able to see which email account was being used on this sever to send spam. You ask me not to overlook... What? I have carefully tried to follow all of the advice in this thread, and as far as I know there is absolutely no way to: A - Increase the detail on the email reports we received from SpamCop. B - Log into our account here to see the detail of the reports that have been made against our IP. No complaints, I think SpamCop is one of the best defenses we have for battling this noxious issue. But why on Earth would SpamCop reps, insiders or not, would want to be less than clear with supplying small email service providers like myself with the tools it would take to quickly shut down a spam transmission?????? I mean, sure, I grew up playing adventure games, looking for the slightest of hints that would lead to an answer, but so far as I can tell, this is one heck of a unresolvable problem. And I say this only after many hours of research today, and YEARS of being a reporting SpamCop member.
  5. Senderbase lookup is the one I used. Thanks for the reminder regarding senderscore. Currently at senderscore, I am seeing a score of 81 for the IP in question. The rest of it is all like this: Blacklists - Low Complaints - Low Infrostrcutre - Low Message Filtered - Medium Sender Rejected - Low spam Traps - 1 Unknown Users - Medium All the Sending domains listed are SPF-Pass That's it, no other useful detail, and no detail for the one hit to the spam trap. Again, all I need right now is a little more information from SpamCop, so we can do something about the recent listing, a munged report, a date stamp? Okay, with regard to the rest of your instructions: If you first login to http://www.spamcop.net/ Then click "Site Map" and click SpamCop blocking list put in your IP you want to check by clicking button "Numeric IP address"] COMMENT: Okay I did that, here's the response: [iP HERE] not listed in bl.spamcop.net then click "trace IP" COMMENT: Okay, I did that, but all I get are routing details, only useful if I were making the report against my own IP then click "[report history]" COMMENT: No such link as "report history" anywhere on this page. So again, I am stuck. P.S. If I got to Past Reports, then view Report History: Last week, our IP in question does not show up. I only see the detail of all the spam reports that we have submitted (as a result of spam received here).
  6. Thanks, I wish I could say your response has helped, but so far, no good. Our Senderbase reputation for this particular server IP is (green) Good We have very serious, mulch-layered security implemented throughout. Changing reporting types? I found the page where these preferences are set. Starting here: http://www.spamcop.net/fom-serve/cache/266.html Excerpt, "You can elect to accept or refuse reports depending on their type (source of mail, web hosting, open relays, etc..). " I wish the above were true, but when I go to Change your preferences here --> General settings, we have these selections: Accept munged reports (default) Frequency: Hourly Sort: Most recent first SpamCop format (But I have switched to ARF just in case this will help.) Report Type selection (all set to Accept). So in light of this, I am still wondering why we would receive only the barest of bare bones reports that a complaint has been made involving our server IP with absolutely no other detail? By the way: There was no such link, text or detail presented after using /bl.shtml with this particular IP, while it was listed. It has been de-listed at this point, but I am VERY INTERESTED in determining why our server IP became listed. Where in SpamCop can I find a history of complaints against this server IP, or even just the most recent one, and more importantly, where can I find even the slightest detail about the complaint? I don't care how munged it is. A timestamp? Anything, would help! Thank you. And also by the way, the sample report listed here: http://www.spamcop.net/fom-serve/cache/338.html ... is a world away, no, make that a universe away from what we are apparently able to receive from the SpamCop system. So what am I missing here???
  7. Regarding, "..Do I conclude correctly from the information you provided that you have a SpamCop ISP account?" Yes, and for a very long time. When I log in, I see a Preferences tab, and then Report Handling Options. On the options page I am seeing "Show Technical Details during reporting" however the description seems to imply that these are details going out, rather than reports that may come in, "SpamCop can reveal the logic it uses as it finds the right reporting parties for your spam. This can be helpful for advanced users who want to double-check SpamCop's logic, or for new users who want to learn from SpamCop's example. " Nevertheless, I will switch to "Show technical detail", just in case this helps. Then I will read the new FAQ entry you point out. Thanks for your assistance.
  8. Hi, We have been spamcop members for a very long time. Yesterday, I received this, in total, about one of our servers: ----------------------------------- Subject: [spamCop] Alert IPs reported in past hour: 184.###.###.## ----------------------------------- (I have manually munged most of the IP above.) That's it, nothing more. Today, we were blacklisted at SpamCop. So I logged into my account here, and looked everywhere, all I could find is that the IP address was indeed blacklisted, but nowhere could I locate any detail, not even the barest munged summary with so much as a timestamp that would help us to determine which of our hosted member's account was responsible. There has GOT to be something I am missing here, otherwise, it would be totally fruitless to be on the report receiving list. I've looked through most all of the FAQs but nowhere can I find any reference for email service providers receiving detailed reports from SC. Please if anyone knows how I can get any detail about the report made against our server, please, please let me know. Thanks very much.